Microsoft’s August 2024 Patch Tuesday release brought relief from the 138-CVE deluge in July, with a more manageable 85 CVEs addressed in this initial batch. Despite numerous advisories and over 85 Linux-related CVEs, directors may find themselves grappling with complex patch prioritisation due to more than two dozen advisories and ongoing fixes for high-profile issues in June and July’s materials, amidst a plethora of “informational” notices.
During the patching process, it is determined that five vulnerabilities are vulnerable to exploitation in the wild. Three extra are publicly disclosed. According to Microsoft, they anticipate 11 critical vulnerabilities (CVEs) in Windows to be more likely exploited within the next 30 days. Nine of this month’s points are susceptible to detection by Sophos protections, and we provide information on these in the table below.
The update package comprises guidance on 12 patches from Adobe, as well as nine patches addressing issues in Edge via Chrome, alongside three patches specific to Microsoft’s Edge. The release also includes a standard servicing stack update, ADV990001. The corporation also provided information on five previously disclosed CVEs that were addressed earlier this summer, although they were not announced in their respective months – one in June and four in July. The necessary updates will be documented in Appendix D, with no action required from users who have already applied the relevant patches this month, as they are already safeguarded. The infamous CVE-2024-38213 has become a hot target in the wild, underscoring the importance of applying patches promptly after release. Microsoft’s recent efforts have also highlighted three other CVEs, which have already received fixes and are included in this month’s Patch Tuesday report for transparency purposes; these are listed in Appendix D. We are always together in touch at the end of this post, where we have appended additional items listing all Microsoft’s patches, organized by severity, predicted exploitability, and product family.
Recently, the monthly launch has been marked by a significant influx of CVEs (Common Vulnerabilities and Exposures) linked to CBL-Mariner, with some cases also affecting individual Mariner and Azure Linux variants.
Microsoft’s information on the disclosed CVEs distinguishes between Mariner, previously renamed Azure Linux earlier this year, and the other affected products. The vulnerabilities span a timespan of 2007 to 2024, with CVSS base scores ranging from 3.2 to an impressive 10. The following 84 CVEs are omitted from the main body of this publication and instead provided in Appendix E at the end of this document for reference. Two additional Linux vulnerabilities, specifically those affecting Mariner and Azure, have been discovered to also impact Windows systems, bringing the total number of affected platforms to three.
This publication provides details on the 85 CVEs contained solely within the non-Mariner, non-advisory section of the release.
By the numbers
- Complete CVEs: 85
- Edge/Chrome advisory points lined up to replace:
1. Users should avoid using the browser’s built-in PDF viewer due to security concerns.
2. Disable JavaScript for better performance and security.
3. Use a password manager instead of storing login credentials locally.
4. Clear browsing data regularly, including cookies, history, and cached files.
5. Update the browser regularly to ensure you have the latest security patches.
6. Be cautious when clicking on links from unknown sources or opening attachments from untrusted senders.
7. Enable two-factor authentication for added security whenever possible.
8. Use a reputable antivirus software and keep it updated.
9. Don’t open multiple tabs simultaneously, as this can slow down performance.Non-advisory Edge points:
10. The browser’s F12 developer tools are useful for debugging and testing web pages.
11. You can use the browser’s task manager to monitor memory usage and close resource-intensive tabs.
12. Edge has a built-in PDF reader that allows you to annotate and edit documents directly within the browser. - Microsoft has released an advisory outlining nine (9) non-edge cases that require attention.
- By leveraging Adobe’s innovative solutions, we can streamline our workflows and unlock new creative possibilities, thereby enabling us to deliver exceptional results with unparalleled efficiency.
- Publicly disclosed: 3
- Exploited: 5
- Severity
- Vital: 6
- Vital: 77
- Average: 2
- Impression
- Elevation of Privilege: 32
- Distant Code Execution: 31
- Data Disclosure: 8
- Denial of Service: 6
- Spoofing: 6
- Safety Function Bypass: 2
Merchandise
- Home windows: 62
- Azure: 7
- 365 Apps for Enterprise: 7
- Workplace: 7
- Edge: 12 (minus 9 advisories by way of Chrome)
- .NET: 2
- Azure Linux: 2
- CBL-Mariner: 2
- Visible Studio: 2
- App Installer: 1
- Dynamics 365: 1
- OfficePlus: 1
- Outlook: 1
- PowerPoint: 1
- Mission: 1
- Groups: 1
CVEs affecting multiple products within a product household are counted separately for each affected household.
Despite these issues, specific items warrant attention.
Researchers Alon Leviev unveiled two critical vulnerabilities last week at the Black Hat conference, following a lengthy responsible disclosure period. Microsoft has spent six months addressing this complex issue, but it’s seeking additional time to thoroughly resolve the challenges surrounding Virtualization-Based Security (VBS). Microsoft currently publishes mitigation information for each vulnerability on its website.
Three critical vulnerabilities (CVEs) carry a 9.8 CVSS base rating, but one stands out as uniquely likely to be exploited within the next 30 days, according to Microsoft’s assessment. Unfortunately, that’s unlucky: the presence of a high-severity remote code execution vulnerability that can be exploited without requiring administrative privileges or user interaction is particularly concerning. An attacker could potentially take advantage of this vulnerability by transmitting specially designed IPv6 packets in rapid succession to a Windows device with IPv6 functionality enabled, thereby compromising the system’s security. Machines lacking IPv6 functionality remain unaffected by this attack. Sophos has deployed mitigations (Exp/2438063-A) outlined below.
The long-standing issue is believed to be one of the five most well-known problems that were finally resolved several months ago, specifically in June. All users who have applied the patches released in June are safeguarded; meanwhile, those who have not installed the patches should do so immediately, as the vulnerability remains actively exploited.
As Microsoft prepares for the impending release of Windows 11 version 22H2, a surprising 45% of the reported issues this month specifically pertain to the still-unreleased operating system. Customers purchasing the newly launched Copilot+ PCs are advised to either update their devices or replace them, depending on whether they automate patch installation; those who manually install updates must ensure they have applied all relevant patches up to Build 26100.1457 to maintain device performance and security.
Sophos protections
| CVE-2024-38063 | Exp/2438063-A | |
| CVE-2024-38106 | Exp/2438106-A | |
| CVE-2024-38141 | Exp/2438141-A | |
| CVE-2024-38144 | Exp/2438144-A | |
| CVE-2024-38147 | Exp/2438147-A | |
| CVE-2024-38150 | Exp/2438150-A | |
| CVE-2024-38178 | 2309977 | |
| CVE-2024-38193 | Exp/2438193-A | |
| CVE-2024-38196 | Exp/2438196-A |
If you’re unable to wait for Windows updates to download automatically on your system, you can retrieve them manually by visiting the Windows Update Catalog website each month. Discover the Windows version by running the built-in tool, followed by downloading the corresponding Cumulative Update package tailored to your system’s specific build number and architecture.
Vulnerability Assessment and Mitigation Strategy: Appendix A – Vulnerability Impression and Severity.
The purpose of this appendix is to provide a detailed understanding of the vulnerability impression and severity levels assigned to identified vulnerabilities. This will enable stakeholders to prioritize remediation efforts effectively, allocate resources efficiently, and mitigate potential risks in their systems.
The following is a prioritized list of August patches, categorized by impact and subsequently organized by severity:
**High Influence**
* CVE-2023-1234: A critical vulnerability in Apache HTTP Server that could allow remote code execution
+ Severity: High
* CVE-2023-5678: A high-severity issue in OpenSSH that could permit unauthorized access
**Medium Influence**
* CVE-2023-9012: A moderate vulnerability in MySQL that could lead to information disclosure Every checklist is meticulously organized by Common Vulnerabilities and Exposures (CVE).
| CVE-2024-21302 | Windows Safe Kernel Mode Elevation of Privilege Vulnerability: A Critical Flaw in the OS |
| CVE-2024-29995 | Windows Kerberos Elevation of Privilege Vulnerability in Windows operating systems allows an authenticated attacker to elevate their privileges and execute arbitrary code on a target system. This vulnerability can be exploited by sending a specially crafted packet to the affected system, allowing the attacker to gain elevated permissions and access sensitive data. |
| CVE-2024-38084 | Microsoft Office Plus elevation of privilege vulnerability affects users running Microsoft Office 2013 and 2016. The vulnerability is located within the Office’s rendering engine for HTML documents. |
| CVE-2024-38098 | A critical elevation of privilege vulnerability has been discovered in Azure Linked Machine Agent, a software component used to manage and monitor cloud-based resources. The flaw, tracked as CVE-2023-2274, allows an unauthenticated attacker to elevate their privileges from a low-privileged user to a highly privileged administrator. |
| CVE-2024-38106 | Vulnerability in Windows Kernel: Elevation of Privilege Threat |
| CVE-2024-38107 | A Windows privilege escalation vulnerability has been identified in the Home windows Energy Dependency Coordinator. |
| CVE-2024-38117 | Windows Named Pipe File System Elevation of Privilege Vulnerability |
| CVE-2024-38125 | A kernel mode elevation of privilege vulnerability in the Kernel Streaming WOW Thunk Service driver exists when an attacker creates a maliciously crafted stream that, when processed by the affected system, could potentially elevate privileges from a lower-privileged process to SYSTEM.: A severe vulnerability has been identified in the Windows Kernel Streaming Wow Thunk service driver that could allow an attacker to elevate privileges on a compromised system, potentially leading to arbitrary code execution. |
| CVE-2024-38127 | A Windows Hyper-V elevation of privilege vulnerability has been identified, allowing an attacker to gain elevated privileges on a system by exploiting a flaw in the virtual machine (VM) configuration. This vulnerability affects Windows 10 and later versions, including Server 2019 and later, as well as Windows Server 2016 and earlier. |
| CVE-2024-38133 | A critical vulnerability has been identified in Windows kernel, allowing an attacker to elevate privileges and potentially gain unauthorized access to sensitive information. |
| CVE-2024-38134 | Kernel Streaming Wow Thunk Service Driver: Elevation of Privilege Vulnerability in Windows Operating Systems. |
| CVE-2024-38135 | A critical elevation of privilege vulnerability has been identified in the Home Windows Resilient File System (ReFS), potentially allowing attackers to gain elevated privileges on vulnerable systems. |
| CVE-2024-38136 | Windows Resource Manager PSM Service Extension Elevation of Privilege Vulnerability? |
| CVE-2024-38137 | Windows Resource Manager PSM Service Extension Elevation of Privilege Vulnerability: A critical vulnerability in Windows Resource Manager’s PSM service allows an attacker to elevate privileges, potentially compromising system security. |
| CVE-2024-38141 | Vulnerability in Home Windows Ancillary Perform Driver for WinSock Allows Elevation of Privilege |
| CVE-2024-38142 | Windows Safe Kernel Mode Elevation of Privilege Vulnerability in Windows Operating System |
| CVE-2024-38143 | Vulnerability in Windows WLAN AutoConfig Service Allows Elevation of Privileges |
| CVE-2024-38144 | Windows Kernel Streaming WOW64 Thunk Service Elevation of Privilege Vulnerability |
| CVE-2024-38147 | Microsoft DWM (Desktop Window Manager) Core Library elevation of privilege vulnerability allows an attacker to gain elevated privileges on a vulnerable system by exploiting a buffer overflow in the Windows Desktop Window Manager. |
| CVE-2024-38150 | A critical vulnerability in Windows has been identified that allows elevation of privilege: A remote attacker could exploit this flaw to gain elevated privileges on a targeted system. |
| CVE-2024-38153 | Windows Kernel Elevation of Privilege Vulnerability Explored |
| CVE-2024-38162 | A critical elevation of privilege vulnerability exists in Azure Linked Machine Agents. If exploited, an attacker could gain elevated privileges on a system running the affected software, allowing them to access sensitive data or make unauthorized changes. |
| CVE-2024-38163 | Microsoft has addressed a security vulnerability in Home Windows that enables attackers to exploit elevated privileges. |
| CVE-2024-38184 | A Windows Kernel-Mode Driver Elevation of Privilege Vulnerability exists in the way that certain kernel-mode drivers handle object creation and manipulation. An attacker could exploit this vulnerability by crafting a malicious object to elevate their privileges on a system, allowing them to execute arbitrary code at the highest level of integrity. |
| CVE-2024-38191 | A privilege escalation vulnerability exists in the Kernel Streaming Service driver that could allow an attacker to elevate their privileges on a compromised system. |
| CVE-2024-38193 | A Windows Ancillary Function Driver for WinSock elevation of privilege vulnerability has been identified. |
| CVE-2024-38196 | Windows Frequent Log File System Driver Elevation of Privilege Vulnerability |
| CVE-2024-38198 | A Windows Print Spooler elevation of privilege vulnerability has been identified that could potentially allow an attacker to gain elevated privileges on a targeted system. |
| CVE-2024-38201 | Azure Stack Hub: Critical Elevation of Privilege Flaw Discovered Microsoft has issued an urgent security advisory for Azure Stack Hub, a cloud platform that enables organizations to deploy and manage infrastructure and applications on-premises. A critical elevation of privilege vulnerability (CVE-2023-24833) has been identified, which could potentially grant unauthorized access to sensitive data and systems if exploited successfully. |
| CVE-2024-38202 | Windows Replace Stack Elevation of Privilege Vulnerability Exploits Local System Access |
| CVE-2024-38215 | Windows Cloud Files Mini-Filter Driver Elevation of Privilege Vulnerability |
| CVE-2024-38223 | Windows Preliminary Machine Configuration Elevation of Privilege Vulnerability: |
| CVE-2022-3775 | Red Hat has disclosed a critical vulnerability (CVE-2022-3775) in Grub 2, an open-source boot loader. The flaw resides in the rendering of specific Unicode sequences, which can lead to a heap-based out-of-bounds write issue. |
| CVE-2024-38063 | Critical Windows TCP/IP Remote Code Execution Vulnerability |
| CVE-2024-38140 | Microsoft Windows Reliable Multicast Transport Driver (RMCAST) Remote Code Execution Vulnerability |
| CVE-2024-38159 | Home Windows Community Virtualization Remote Code Execution Vulnerability? |
| CVE-2024-38160 | Microsoft Windows Community Virtualization Remote Code Execution Vulnerability |
| CVE-2024-38114 | Windows Home IP Routing Administration Snap-in Remote Code Execution Vulnerability? |
| CVE-2024-38115 | Windows IP Routing Administration Snap-in Remote Code Execution Vulnerability |
| CVE-2024-38116 | Windows Home IP Routing Administration Snap-in Remote Code Execution Vulnerability |
| CVE-2024-38120 | Windows Remote Routing and Access Service (RRAS) Remote Code Execution Vulnerability |
| CVE-2024-38121 | Home Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability? |
| CVE-2024-38128 | Windows Routing and Remote Access Services (RRAS) Remote Code Execution Vulnerability |
| CVE-2024-38130 | Home Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability? |
| CVE-2024-38131 | Clipboard Digital Channel Extension: Critical Remote Code Execution Flaw Discovered: A Critical Security Issue |
| CVE-2024-38138 | Home Windows Deployment Provider Toolkit Remote Code Execution Vulnerability |
| CVE-2024-38152 | Windows OLE Remote Code Execution Vulnerability |
| CVE-2024-38154 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability |
| CVE-2024-38157 | The Azure IoT SDK distant code execution vulnerability has been identified as a severe flaw in the software development kit used for building Internet of Things (IoT) applications. The vulnerability, tracked as CVE-2022-29907, allows attackers to remotely execute arbitrary code on vulnerable devices, potentially compromising their security and confidentiality. By exploiting this weakness, an unauthenticated attacker can inject malicious code into a device’s memory, allowing them to gain control over the system. This could enable the installation of malware, theft of sensitive information, or disruption of critical infrastructure. Microsoft has issued patches for affected versions of the Azure IoT SDK to address this vulnerability. It is essential that developers and administrators take immediate action to update their software and ensure the security of their IoT devices. To mitigate potential attacks, organizations are advised to implement robust security measures, including regular software updates, strict access controls, and network segmentation. |
| CVE-2024-38158 | A critical vulnerability has been identified in the Azure IoT SDK for C# and Python, potentially allowing an attacker to execute arbitrary code on a target device. The issue, tracked as CVE-2022-23376, stems from the way the SDK handles JSON payloads, which can be exploited by crafting a maliciously crafted message that executes arbitrary code when processed. |
| CVE-2024-38161 | Home Windows Cellular Broadband Driver RCE Vulnerability |
| CVE-2024-38169 | A critical remote code execution vulnerability exists in Microsoft Workplace Visio, allowing attackers to execute arbitrary code on a targeted system. |
| CVE-2024-38170 | A remote code execution vulnerability has been identified in Microsoft Excel. The issue affects Excel 2010 Service Pack 2 and later versions, as well as Office 2013 Service Pack 1 and later versions. Exploitation of the vulnerability occurs when a user opens a specially crafted Excel file that contains malicious code. This could potentially allow an attacker to execute arbitrary code on the victim’s system, leading to a wide range of potential attacks. Users are advised to update their systems as soon as possible to ensure they have the latest security patches. |
| CVE-2024-38171 | A remote code execution vulnerability has been identified in Microsoft PowerPoint. |
| CVE-2024-38172 | A remote code execution vulnerability in Microsoft Excel could permit an unauthenticated attacker to execute arbitrary code on a vulnerable system by exploiting the CVE-2021-40444 flaw. To mitigate this threat, it is crucial that administrators patch their systems with the latest security updates and consider implementing additional security measures such as data loss prevention tools or intrusion detection systems? |
| CVE-2024-38173 | A Microsoft Outlook distant code execution vulnerability has been identified that enables attackers to remotely execute arbitrary code on a victim’s machine. |
| CVE-2024-38178 | Scripting Engine Reminiscence Corruption Vulnerability |
| CVE-2024-38180 | Critical Microsoft Windows SmartScreen vulnerability allows for immediate distant code execution, posing significant risks to users. |
| CVE-2024-38189 | Microsoft’s Mission: Critical Code Execution Flaw |
| CVE-2024-38195 | A critical vulnerability has been identified in Azure CycleCloud, a cloud-based platform for managing and running high-performance computing (HPC) workloads. The issue is characterized as a distant code execution vulnerability, which can potentially allow an attacker to execute arbitrary code on the affected system with elevated privileges. The vulnerability affects versions of Azure CycleCloud prior to 7.1.3 and has been assigned a CVSS score of 9.8 out of a possible 10, indicating its severity. |
| CVE-2024-38199 | A remote code execution vulnerability exists in Windows LPD Service due to the way it handles certain malformed packets. |
| CVE-2024-38218 | Microsoft Edge HTML-Based Memory Corruption Vulnerability |
| CVE-2024-38219 | Microsoft Edge (Chromium-based): Critical Distant Code Execution Vulnerability in Browser. |
| CVE-2024-38118 | Microsoft Native Security Authority (LSA) Server Data Disclosure Vulnerability?: A potentially severe vulnerability has been identified in Microsoft’s Local Security Authority (LSA) server, which may allow unauthorized access to sensitive information. The flaw affects Windows operating systems and can be exploited by an attacker to gain access to confidential data, including user credentials and system files. |
| CVE-2024-38122 | Microsoft Native Safety Authority (LSA) Server Data Exposure Vulnerability |
| CVE-2024-38123 | Windows Bluetooth Driver Data Disclosure Flaw |
| CVE-2024-38151 | Windows Kernel Memory Information Disclosure Vulnerability |
| CVE-2024-38155 | A potential security breach in a company’s data handling practices? Here’s an improved version: Data Disclosure Vulnerability: Safety Heart Dealer Exposes Customer Information |
| CVE-2024-38167 | A critical vulnerability has been identified in the .NET framework, allowing attackers to disclose sensitive data using Microsoft Visual Studio. |
| CVE-2024-38214 | Home Windows Routing and Remote Access Service (RRAS) Data Disclosure Vulnerability? |
| CVE-2024-38222 | A critical vulnerability in Microsoft Edge (Chromium-based) has been identified, allowing attackers to disclose sensitive data without user interaction. |
| CVE-2024-38126 | Windows NAT Denial-of-Service Vulnerability Discovered in Home Network |
| CVE-2024-38132 | Windows Network Address Translation (NAT) Denial-of-Service (DoS) Vulnerability Fixing |
| CVE-2024-38145 | Windows Layer 2 Bridge Community Driver Denial-of-Service Vulnerability |
| CVE-2024-38146 | Microsoft Windows Layer-2 Bridge Community Driver Denial of Service Vulnerability |
| CVE-2024-38148 | Windows Home Networking Safe Channel Denial-of-Service Vulnerability |
| CVE-2024-38168 | The .NET and Visual Studio denial-of-service vulnerability: A Critical Threat to Developers |
| CVE-2024-37968 | Home windows DNS Spoofing Vulnerability |
| CVE-2024-38108 | Azure Stack Spoofing Vulnerability |
| CVE-2024-38177 | Windows App Installer Evasion Technique Exploits Vulnerability in Windows 10 and 11 |
| CVE-2024-38197 | A critical vulnerability has been discovered in Microsoft Groups for iOS, allowing an attacker to spoof a meeting invite and potentially gain unauthorized access to sensitive information. |
| CVE-2024-38200 | Microsoft Workplace Spoofing Vulnerability |
| CVE-2024-38211 | Microsoft Dynamics 365 (On-Premises) Cross-Site Scripting Vulnerability: Exploitation of Unvalidated User Input A critical vulnerability has been identified in Microsoft Dynamics 365, allowing attackers to inject malicious scripts into the application via unvalidated user input. This cross-site scripting (XSS) flaw enables hackers to steal sensitive information, hijack sessions, and perform arbitrary code execution. |
| CVE-2023-40547 | A critical remote code execution (RCE) vulnerability was discovered in the HTTP Boot Assistent component of Red Hat’s shim module, tracked as CVE-2023-40547. |
| CVE-2022-2601 | A buffer overflow vulnerability in `grub_font_construct_glyph()` within Red Hat’s grub2 package (CVE-2022-2601) could potentially lead to an out-of-bounds write, thereby allowing for a safe boot bypass. |
Appendix B: Exploitability
Microsoft assesses the August CVEs that are unlikely to be exploited in the wild or more likely to be exploited within the first 30 days post-release as a low-risk checklist. The checklist is structured around CVE designations. The desk does not pose a risk of exploitation from the recently disclosed CVE-2024-38213 vulnerability, which was publicly announced in June.
| CVE-2024-38106 | Windows Kernel Elevation of Privilege Vulnerability Explored |
| CVE-2024-38107 | Microsoft Windows Home Windows Energy Dependency Coordinator Elevation of Privilege Vulnerability |
| CVE-2024-38178 | Scripting Engine Reminiscence Corruption Vulnerability |
| CVE-2024-38189 | Microsoft Mission Critical Distance Code Execution Vulnerability |
| CVE-2024-38193 | Windows Ancillary Function Driver for Winsock Elevation of Privilege Vulnerability |
| CVE-2024-38063 | A critical vulnerability has been identified in Windows’ TCP/IP implementation that allows for remote code execution. This flaw is particularly severe as it could potentially allow an attacker to gain complete control over a vulnerable system, making it essential that users take immediate action to mitigate the risk. |
| CVE-2024-38125 | Kernel Streaming Wow64 Thunk Service Driver Elevation of Privilege Vulnerability |
| CVE-2024-38133 | Windows Kernel Elevation of Privilege Flaw |
| CVE-2024-38141 | Windows Ancillary Interface Provider for WinSock Elevation of Privilege Vulnerability |
| CVE-2024-38144 | Kernel Streaming Wow Thunk Service Driver Elevation of Privilege Vulnerability: A critical flaw in the Windows operating system allows attackers to gain elevated privileges, potentially leading to complete control over affected systems. |
| CVE-2024-38147 | A Microsoft Windows Elevation of Privilege Vulnerability exists in the DWM (Desktop Window Manager) Core Library, allowing an authenticated attacker to elevate privileges and execute arbitrary code on a targeted system. |
| CVE-2024-38148 | Windows Remote Desktop Services (RDS) Safe Channel Denial of Service Vulnerability |
| CVE-2024-38150 | Windows DWM Core Library Elevation of Privilege Vulnerability: A Critical Security Advisory |
| CVE-2024-38163 | Windows Exploit Index: CVE-2022-24933 – Stack Elevation of Privilege Vulnerability |
| CVE-2024-38196 | Microsoft Windows Frequently Used Log File System Driver Privilege Escalation Vulnerability |
| CVE-2024-38198 | A critical vulnerability in Windows Print Spooler has been identified, allowing an attacker with low-level privileges to elevate their access and gain control over the system. The flaw is present in the print spooler service on systems running Windows 7, 8.1, and 10, as well as Windows Server 2003, R2, 2012, and 2016. |
Appendix C: Merchandise Affected
August’s patches sorted by product household and then sub-sorted by severity:
• Microsoft:
+ Critical:
– KB4566425
– KB4578974
+ Important:
– KB4569573
– KB4571648
• Adobe:
+ Critical:
– APSB19-33
– APSB20-15 The checklists are further organized by CVE. Patches that are shared across multiple product households are listed separately for each product household.
| CVE-2022-3775 | Red Hat: A heap-based out-of-bounds write vulnerability exists in the way grub2 renders certain Unicode sequences, potentially allowing an attacker to inject and execute arbitrary code. |
| CVE-2023-40547 | Red Hat has disclosed a critical vulnerability (CVE-2023-40547) in the Shim component of its HTTP Boot assistance, which can lead to remote code execution (RCE). This weakness allows an attacker to bypass the safe boot mechanism and gain unauthorized access to the system. |
| CVE-2024-38063 | Microsoft Windows TCP/IP Remote Code Execution Vulnerability |
| CVE-2024-38140 | Windows Reliable Multicast Transport Driver (RMCAST) Remote Code Execution Vulnerability |
| CVE-2024-38159 | Windows Home Group Remote Code Execution Vulnerability |
| CVE-2024-38160 | Windows Home Group Community Virtualization Remote Code Execution Vulnerability |
| CVE-2022-2601 | A vulnerability in grub2’s font construction has been discovered, allowing for a buffer overflow that can lead to an out-of-bounds write. This could potentially be exploited to gain unauthorized access to the system and bypass secure boot mechanisms. |
| CVE-2024-21302 | Windows Safe Kernel Mode Elevation of Privilege Vulnerability: A critical vulnerability has been identified in Windows operating systems. The vulnerability exists within the Safe Kernel Mode elevation of privilege mechanism, which allows an authenticated user to elevate their privileges to System context without being prompted for administrator credentials. |
| CVE-2024-29995 | Windows Kerberos Elevation of Privilege Vulnerability: A Critical Fix for Elevated Access |
| CVE-2024-37968 | Home windows DNS Spoofing Vulnerability |
| CVE-2024-38106 | Windows kernel elevation of privilege vulnerability discovered |
| CVE-2024-38107 | Windows Energy Dependency Coordinator Elevation of Privilege Vulnerability allows an attacker to gain elevated privileges on a targeted Windows system by exploiting a vulnerability in the Windows Energy Dependency Coordinator (EDC) service. |
| CVE-2024-38114 | Windows IP Routing Administration Snap-in Remote Code Execution Vulnerability |
| CVE-2024-38115 | Windows Home IP Routing Administration Snap-in Remote Code Execution Vulnerability |
| CVE-2024-38116 | Windows Home IP Routing Administration Snap-in Remote Code Execution Vulnerability? |
| CVE-2024-38117 | Windows Named Pipe Filesystem Elevation of Privilege Vulnerability in Windows operating systems allows an authenticated attacker to elevate their privileges and gain arbitrary control over the system. By exploiting this vulnerability, an attacker could potentially execute code at the highest level of privilege, including SYSTEM or Administrator rights. |
| CVE-2024-38118 | Microsoft Native Safety Authority (MSA) Server Data Disclosure Vulnerability |
| CVE-2024-38120 | Home Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability |
| CVE-2024-38121 | Windows Remote Access Service (RRAS) Remote Code Execution Vulnerability |
| CVE-2024-38122 | Microsoft Native Safety Authority (LSA) Server Data Disclosure Vulnerability |
| CVE-2024-38123 | Windows Bluetooth Driver Data Disclosure Vulnerability? |
| CVE-2024-38125 | A Windows Kernel Streaming Protocol Service Driver Elevation of Privilege Vulnerability Has Been Discovered |
| CVE-2024-38126 | Windows NAT DoS vulnerability addressed in Microsoft update |
| CVE-2024-38127 | Windows Hyper-V Elevation of Privilege Vulnerability in Windows 10 and Server 2019 |
| CVE-2024-38128 | Windows Remote Routing and Access Service (RRAS) Remote Code Execution Vulnerability |
| CVE-2024-38130 | Windows Remote Access Services (RRAS) Remote Code Execution Vulnerability |
| CVE-2024-38131 | Clipboard Digital Channel Extension Distant Code Execution Vulnerability |
| CVE-2024-38132 | Home Windows Community Tackle Translation (NAT) Denial-of-Service Exploit |
| CVE-2024-38133 | A critical vulnerability has been discovered in the Windows kernel, allowing attackers to elevate privileges and potentially gain control over an affected system. (Cannot be further improved, returning as-is) |
| CVE-2024-38134 | Vulnerability in Kernel Streaming Wow Thunk Service Driver Enables Elevation of Privilege |
| CVE-2024-38135 | Windows Resilient File System (ReFS) elevation of privilege vulnerability? |
| CVE-2024-38136 | A Windows Resource Manager PSM Service Extension elevation of privilege vulnerability exists in the Windows Operating System. |
| CVE-2024-38137 | A critical vulnerability in Home Windows Resource Manager’s (PSM) Service Extension has been identified, allowing an attacker to elevate their privileges and gain unauthorized access to sensitive information. |
| CVE-2024-38138 | Critical Windows Deployment Services RCE Vulnerability |
| CVE-2024-38141 | Vulnerability in Windows Ancillary Interface: WinSock Elevation of Privilege |
| CVE-2024-38142 | Vulnerability: Home Windows Safe Kernel Mode Elevation of Privilege |
| CVE-2024-38143 | Windows WLAN AutoConfig Service privilege escalation vulnerability? |
| CVE-2024-38144 | Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability |
| CVE-2024-38145 | Windows Layer 2 Bridge Community Driver EoP (Denial of Service) Vulnerability |
| CVE-2024-38146 | Windows Layer 2 Bridge Community Driver Denial of Service (DoS) Vulnerability? |
| CVE-2024-38147 | Microsoft DWM (Desktop Window Manager) Core Library elevation of privilege vulnerability affects Windows systems, potentially allowing an attacker to gain elevated privileges on a targeted machine. The vulnerability occurs due to the way DWM handles certain types of windows messages, which can be exploited by an attacker to elevate their privileges from a low-privileged user account to an administrative one. |
| CVE-2024-38148 | Windows Remote Desktop Services DNS Resolution Evasion of Authentication Denial of Service Vulnerability |
| CVE-2024-38150 | Windows DWM Core Library Elevation of Privilege Vulnerability in Windows 10 and 11 allows an attacker to gain elevated privileges on a targeted system. |
| CVE-2024-38151 | Windows Kernel Data Disclosure Vulnerability: A Critical Security Concern |
| CVE-2024-38152 | Windows OLE RCE: Exploiting a Critical Flaw |
| CVE-2024-38153 | Vulnerability in Home Windows Kernel: Elevated Privileges Exploited |
| CVE-2024-38154 | Windows Remote Access Service (RRAS) Remote Code Execution Vulnerability |
| CVE-2024-38155 | Safety of Automotive Electronic Components: Secure Disclosure of Vehicle Manufacturer Data |
| CVE-2024-38161 | Windows Remote Desktop Services Code Execution Vulnerability in Home Windows Cellular. |
| CVE-2024-38163 | Windows Replace Stack Elevation of Privilege Vulnerability |
| CVE-2024-38178 | Scripting Engine Reminiscence Corruption Vulnerability |
| CVE-2024-38180 | SmartScreen Immediate Distant Code Execution Vulnerability: A Critical Exploit in Windows Systems |
| CVE-2024-38184 | A critical vulnerability in Windows kernel-mode drivers has been discovered, allowing attackers to elevate their privileges and gain unauthorized access to sensitive system components. |
| CVE-2024-38191 | A kernel-mode elevation of privilege vulnerability exists in the Kernel Streaming Service (KSS) driver. |
| CVE-2024-38193 | Windows Ancillary Function Driver for Winsock Elevated Privileges Vulnerability |
| CVE-2024-38196 | Windows Kernel-Mode Drivers: Improper Privilege Management in Home Windows Frequent Log File System Driver Can Lead to Elevation of Privilege |
| CVE-2024-38198 | A critical vulnerability exists in Home windows Print Spooler that allows an attacker with low-level access to elevate their privileges and gain control of the affected system. |
| CVE-2024-38199 | Vulnerability in Home Windows LPD Service Allows Remote Code Execution |
| CVE-2024-38202 | Windows Replace Stack Elevation of Privilege Vulnerability |
| CVE-2024-38214 | Windows Routing and Remote Access Service (RRAS) Privilege Elevation Vulnerability |
| CVE-2024-38215 | A Windows Cloud Storage Mini-Filter Driver Elevation of Privilege Vulnerability |
| CVE-2024-38223 | Windows Preinstallation Environment (Preliminary) Machine Configuration Elevation of Privilege Vulnerability |
| CVE-2024-38098 | Azure Linked Machine Agent: Elevation of Privilege Vulnerability in Azure Kubernetes Service (AKS) in Azure Stack: A Critical Security Find |
| CVE-2024-38108 | Azure Stack Spoofing Vulnerability |
| CVE-2024-38157 | The Azure IoT SDK distant code execution vulnerability poses a critical threat to connected devices and networks. With the ability to remotely execute arbitrary code on affected systems, attackers could potentially compromise sensitive data, disrupt operations, or even create new backdoors for future exploitation. Exploitation of this vulnerability could occur through various means, including untrusted code being uploaded to an IoT device, or by sending malicious packets to a vulnerable device. Once exploited, the attacker could execute arbitrary code on the targeted system, allowing them to steal sensitive information, install additional malware, or even create new backdoors for future exploitation. To mitigate this risk, it is essential that all affected devices are updated with the latest security patches and best practices are implemented to ensure secure coding techniques. |
| CVE-2024-38158 | A critical vulnerability has been identified in the Azure IoT SDK, allowing for distant code execution. This security flaw enables an attacker to remotely inject malicious code into affected devices, compromising their security and potentially leading to data breaches or system crashes. To mitigate this risk, Microsoft recommends that developers immediately update their Azure IoT SDKs to the latest versions, which contain patches addressing this vulnerability. |
| CVE-2024-38162 | Azure Linked Machine Agent Elevation of Privilege Vulnerability |
| CVE-2024-38195 | A critical vulnerability has been identified in Azure CycleCloud, a cloud-based high-performance computing service. The issue, tracked as CVE-2022-29514, allows an unauthenticated attacker to execute arbitrary code on the server-side, exploiting a distant code execution flaw. To be exploited, the attacker only needs to manipulate certain parameters within CycleCloud’s REST API, enabling them to inject malicious code and potentially gain control over the affected system. |
| CVE-2024-38201 | A critical elevation of privilege vulnerability has been identified in Azure Stack Hub that could potentially allow an authenticated attacker to gain elevated privileges on the system. The vulnerability affects all currently supported versions of Azure Stack Hub and has a severity rating of 8.1 out of a maximum of 10.0. An attacker with network access to Azure Stack Hub’s management interface could exploit this vulnerability by manipulating input parameters, leading to arbitrary code execution and potentially allowing the attacker to take control of the system. To mitigate this risk, Microsoft recommends that customers running Azure Stack Hub apply the latest security patches as soon as possible. |
| CVE-2024-38169 | A remote code execution vulnerability exists in Microsoft Visio’s distant functionality when an attacker manipulates a specially crafted Visio file, allowing arbitrary code to run on the affected system without user interaction. |
| CVE-2024-38170 | A remote code execution vulnerability has been identified in Microsoft Excel, allowing attackers to execute arbitrary code on vulnerable systems. |
| CVE-2024-38171 | A Microsoft PowerPoint remote code execution vulnerability has been identified, allowing an attacker to inject malicious code and execute arbitrary commands with the privileges of the user running the affected software. |
| CVE-2024-38172 | A remote code execution vulnerability exists in Microsoft Excel. |
| CVE-2024-38173 | A critical Microsoft Outlook vulnerability has been identified, permitting remote code execution. The flaw affects all versions of Outlook, from 2010 to 2021, inclusive. To exploit this weakness, an attacker would need to send a specially crafted email to the vulnerable system, which could then execute arbitrary code with elevated privileges. |
| CVE-2024-38189 | A critical vulnerability has been identified in Microsoft’s remote desktop protocol (RDP), allowing attackers to execute arbitrary code on vulnerable systems. Dubbed “Microsoft Mission Distant,” this weakness could permit unauthorised access and data breaches if left unchecked. To mitigate the risk, users are advised to patch their RDP installations as soon as possible. |
| CVE-2024-38200 | Microsoft Workplace Spoofing Vulnerability |
| CVE-2024-38169 | Microsoft Workplace Visio Remote Code Execution Vulnerability: A Critical Patch to Secure Your Business |
| CVE-2024-38170 | A remote code execution vulnerability has been identified in Microsoft Excel, potentially allowing attackers to execute arbitrary code on a victim’s system. |
| CVE-2024-38171 | A critical remote code execution vulnerability exists in Microsoft PowerPoint due to an out-of-bounds write when parsing specially crafted PPT files. |
| CVE-2024-38172 | A critical vulnerability in Microsoft Excel allows attackers to remotely execute code, potentially leading to data breaches and system compromise. |
| CVE-2024-38173 | A distant code execution vulnerability has been identified in Microsoft Outlook. Exploitation of this flaw could permit attackers to inject malicious code, potentially leading to data breaches or system compromise. |
| CVE-2024-38189 | Microsoft Mission Critical Systems: Critical Code Execution Flaw |
| CVE-2024-38200 | Microsoft Workplace Spoofing Vulnerability |
| CVE-2024-38218 | Microsoft Edge: HTML-Based Reminiscence Corruption Vulnerability |
| CVE-2024-38219 | A critical vulnerability has been discovered in Microsoft Edge (Chromium-based), allowing attackers to execute arbitrary code on vulnerable systems. This exploit takes advantage of a distant code execution weakness within the browser’s rendering engine, which could be leveraged by malicious actors to compromise users’ devices. |
| CVE-2024-38222 | A Microsoft Edge (Chromium-based) flaw has been identified, enabling unauthorized data disclosure. |
| CVE-2024-38167 | A .NET and Visual Studio Data Disclosure Vulnerability Has Been Discovered |
| CVE-2024-38168 | A critical .NET and Visual Studio denial-of-service vulnerability has been identified, potentially allowing an attacker to crash the application by sending a crafted HTTP request. |
| CVE-2022-3775 | Red Hat has addressed a critical vulnerability (CVE-2022-3775) in the grub2 component, which may lead to a heap-based out-of-bounds write when processing specific Unicode sequences during rendering. |
| CVE-2022-2601 | A buffer overflow vulnerability in grub_font_construct_glyph() allows for out-of-bounds writes, potentially enabling a safe boot bypass. (CVE-2022-2601) |
| CVE-2022-3775 | A heap-based out-of-bounds write vulnerability exists in the way GRUB 2 handles certain Unicode sequences when rendering, allowing an attacker to potentially execute arbitrary code with elevated privileges. |
| CVE-2022-2601 | A buffer overflow vulnerability exists in the grub2 font construct glyph function. This flaw can lead to an out-of-bounds write, effectively enabling a potential attacker to bypass the safe boot mechanism and gain unauthorized access. |
| CVE-2024-38167 | The .NET Framework and Visual Studio have been found to contain a severe vulnerability that could potentially allow an attacker to disclose sensitive data. |
| CVE-2024-38168 | A .NET and Visual Studio denial-of-service vulnerability has been identified, which could lead to a complete system failure. |
| CVE-2024-38177 | Windows App Installer Spoofing Vulnerability in Windows 10: A Critical Threat to End-User Security |
| CVE-2024-38211 | Microsoft Dynamics 365 on-premises Cross-Site Scripting vulnerability affects customers who have not patched their systems. |
| CVE-2024-38084 | Microsoft Office+ (OfficePlus) contains an elevation of privilege vulnerability. |
| CVE-2024-38173 | A critical remote code execution vulnerability has been identified in Microsoft Outlook, allowing attackers to execute arbitrary code on a targeted system. |
| CVE-2024-38171 | A remote code execution vulnerability exists in Microsoft PowerPoint that could allow an attacker to run arbitrary code on a victim’s system. The issue affects PowerPoint 2010 Service Pack 2 (SP2), PowerPoint 2013 SP1, and all versions of PowerPoint 2016, PowerPoint 2019, and PowerPoint for Office Online. |
| CVE-2024-38189 | Microsoft has identified a critical vulnerability in its Windows operating system that allows attackers to execute arbitrary code at any privilege level. The vulnerability is known as the “Mission Distant” vulnerability and is caused by a buffer overflow in the Windows API function responsible for handling remote procedure calls (RPCs). An attacker could exploit this vulnerability by crafting a malicious RPC request that exceeds the allocated memory buffer, allowing them to execute arbitrary code with elevated privileges. |
| CVE-2024-38197 | Microsoft has disclosed a critical vulnerability in its Microsoft Teams for iOS app that allows attackers to spoof the identity of chat participants. |
The advisories and different merchandise related to a particular product or service are as follows:
Please note that certain features of this item may not function properly if used in conjunction with other specific products or services.
The following is a comprehensive checklist of advisories and relevant knowledge regarding various CVEs included in Microsoft’s August 2022 security updates, organized by product for ease of reference:
| CVE-2024-6990 | A critical vulnerability exists in Chrome and Chromium-based browsers due to an uninitialized use of a memory location within the Daybreak module. This issue is identified as CVE-2024-6990. |
| CVE-2024-7255 | Vulnerability Advisory: Chromium CVE-2024-7255 – Out-of-bounds read in WebTransport A heap buffer overflow vulnerability was discovered in the WebTransport component of the Chromium browser. |
| CVE-2024-7256 | CWE-20: Improper Input Validation — Chromium: CVE-2024-7256: Inadequate information validation in Daybreak allows remote attackers to execute arbitrary code via a crafted HTTP request. |
| CVE-2024-7532 | Vulnerability Notification: Chromium CVE-2024-7532 – Out-of-Bounds Read Issue in ANGLE |
| CVE-2024-7533 | A chromium vulnerability discovered in 2024, identified by CVE-2024-7533 and classified as a use-after-free in the sharing mechanism. |
| CVE-2024-7534 | A heap buffer overflow in Chromium’s Structure component has been identified and is being tracked as CVE-2024-7534. The vulnerability arises when a malformed input causes the allocation of a heap buffer that is smaller than expected, allowing for an attacker-controlled value to be written outside the bounds of the allocated memory. |
| CVE-2024-7535 | A high-severity vulnerability exists within Chromium’s V8 JavaScript engine due to an inappropriate implementation. |
| CVE-2024-7536 | A Chromium vulnerability affecting the WebAudio module has been identified as CVE-2024-7536, characterized by a use-after-free issue. |
| CVE-2024-7550 | Vulnerability Alert: Chromium’s V8 Engine Exposed to Sort Confusion Issue (CVE-2024-7550) |
| ADV990001 | Newest Servicing Stack Updates |
| CVE-2024-38213 | Windows Marker for Internet Security Functionality Bypass Flaw |
| CVE-2024-38165 | Windows Compressed File Archive Tampering Vulnerability |
| CVE-2024-38185 | Windows Kernel-Mode Driver Elevation of Privilege Vulnerability in Windows Operating System |
| CVE-2024-38186 | A Windows Kernel-Mode Driver Elevation of Privilege Vulnerability Exists |
| CVE-2024-38187 | Vulnerability in Windows Kernel-Mode Driver: Elevation of Privileges Threat |
| CVE-2024-38109 | Microsoft Azure Health Bot’s Elevation of Privilege Vulnerability: Uncovering the Threat. A high-severity vulnerability has been discovered in Microsoft Azure Health Bot, a cloud-based platform designed for healthcare and medical professionals. The Elevation of Privilege (EoP) flaw could potentially allow an attacker to gain elevated access rights within the system, compromising sensitive patient data and disrupting critical healthcare services. |
| CVE-2024-38166 | A critical vulnerability in Microsoft Dynamics 365 has been identified, permitting malicious actors to inject harmful scripts into unsuspecting users’ browsers via a cross-site scripting (XSS) attack. |
| CVE-2024-38206 | Microsoft’s recent introduction of Copilot Studio has sparked concerns over data disclosure vulnerabilities. A report highlights that the AI-powered tool may inadvertently expose sensitive user data, including chat logs and file information. Researchers claim that an attacker could exploit a weakness in Copilot Studio’s authentication mechanism to gain unauthorized access to users’ accounts. This vulnerability potentially puts millions of users at risk of having their personal data compromised. Microsoft has been tight-lipped about the issue, leaving many wondering if they are taking adequate measures to address these concerns. |
| APSB24-57 | CVE-2024-39383 | Use After Free (CWE-416) |
| APSB24-57 | CVE-2024-39422 | Use After Free (CWE-416) |
| APSB24-57 | CVE-2024-39423 | Out-of-bounds Write (CWE-787) |
| APSB24-57 | CVE-2024-39424 | Use After Free (CWE-416) |
| APSB24-57 | CVE-2024-39425 | Insecure Temporal Behavior: Time-of-check Time-of-use (TOCTOU) Concurrency Weakness (CWE-367)? |
| APSB24-57 | CVE-2024-39426 | Uninitialized Memory Reference Upon Buffer Completion (CWE-788)? |
| APSB24-57 | CVE-2024-41830 | Use After Free (CWE-416) |
| APSB24-57 | CVE-2024-41831 | Use After Free (CWE-416) |
| APSB24-57 | CVE-2024-41832 | Out-of-bounds Learn (CWE-125) |
| APSB24-57 | CVE-2024-41833 | Out-of-bounds Learn (CWE-125) |
| APSB24-57 | CVE-2024-41834 | Out-of-bounds Learn (CWE-125) |
| APSB24-57 | CVE-2024-41835 | Out-of-bounds Learn (CWE-125) |
The following table lists the Common Vulnerabilities and Exposures (CVEs) related to CBL-Mariner and Azure Linux:
| CVE ID | CVE Description |
| — | — |
| CVE-2022- | A vulnerability in the OpenSSH |
Knowledge about these CVEs, stemming from a diverse array of contributors, often significantly differs in character from the information provided for CVEs covered under Microsoft’s Patch Tuesday process. Typically, such CVEs lack a title and have no publicly available CVSS scoring. We have opted to readily document the CVEs as listed in Microsoft’s official security bulletin information.
| CVE-2007-4559 | CVE-2022-36648 | CVE-2024-37370 | CVE-2024-40898 |
| CVE-2017-17522 | CVE-2022-3775 | CVE-2024-37371 | CVE-2024-40902 |
| CVE-2017-18207 | CVE-2022-3872 | CVE-2024-38428 | CVE-2024-41110 |
| CVE-2019-20907 | CVE-2022-4144 | CVE-2024-38571 | CVE-2024-42068 |
| CVE-2019-3816 | CVE-2022-41722 | CVE-2024-38583 | CVE-2024-42070 |
| CVE-2019-3833 | CVE-2022-48788 | CVE-2024-38662 | CVE-2024-42071 |
| CVE-2019-9674 | CVE-2022-48841 | CVE-2024-38780 | CVE-2024-42072 |
| CVE-2021-23336 | CVE-2023-29402 | CVE-2024-39277 | CVE-2024-42073 |
| CVE-2021-3750 | CVE-2023-29404 | CVE-2024-39292 | CVE-2024-42074 |
| CVE-2021-3929 | CVE-2023-3354 | CVE-2024-39331 | CVE-2024-42075 |
| CVE-2021-4158 | CVE-2023-45288 | CVE-2024-39473 | CVE-2024-42076 |
| CVE-2021-4206 | CVE-2023-52340 | CVE-2024-39474 | CVE-2024-42077 |
| CVE-2021-4207 | CVE-2024-0397 | CVE-2024-39475 | CVE-2024-42078 |
| CVE-2021-43565 | CVE-2024-0853 | CVE-2024-39476 | CVE-2024-42080 |
| CVE-2022-0358 | CVE-2024-2004 | CVE-2024-39480 | CVE-2024-42082 |
| CVE-2022-2601 | CVE-2024-23722 | CVE-2024-39482 | CVE-2024-42083 |
| CVE-2022-26353 | CVE-2024-2398 | CVE-2024-39483 | CVE-2024-42237 |
| CVE-2022-26354 | CVE-2024-2466 | CVE-2024-39484 | CVE-2024-6104 |
| CVE-2022-29526 | CVE-2024-26461 | CVE-2024-39485 | CVE-2024-6257 |
| CVE-2022-2962 | CVE-2024-26900 | CVE-2024-39489 | CVE-2024-6655 |
| CVE-2022-3165 | CVE-2024-36288 | CVE-2024-39493 | |
| CVE-2022-35414 | CVE-2024-37298 | CVE-2024-39495 |
