August 15, 2024
By Research and Developement

Security Advisory: August 2024 Microsoft Patch Tuesday

On this month's Patch Tuesday, Microsoft has released critical security updates addressing 90 vulnerabilities, including six actively exploited and four publicly disclosed zero-days. Notably, one publicly disclosed zero-day remains unfixed, with Microsoft actively working on a solution.

Key Highlights:

Zero-Day Exploits: 6 zero-day vulnerabilities have been patched, all of which were actively exploited in the wild. These include flaws affecting the Scripting Engine,Windows Kernel, and Microsoft Project, among others. Exploits vary incomplexity, from requiring user interaction (e.g., clicking a malicious link) to system-level privilege escalations.

Critical Vulnerabilities: 8 vulnerabilities have been classified as critical, with impacts ranging fromelevation of privileges and remote code execution to information disclosure.These critical flaws are spread across various Windows components, demanding immediate attention from IT administrators.

Publicly Disclosed Flaws: 4 publicly disclosed vulnerabilities have been addressed, with another still awaiting afix. Among these, a significant elevation of privilege vulnerability in the Windows Secure Kernel Mode, revealed at Black Hat 2024, stands out due to its potential for system compromise through downgrade attacks.

Breakdown ofVulnerabilities:

·      36 Elevation of Privilege

·      28 Remote Code Execution

·      8 Information Disclosure

·      7 Spoofing

·      6 Denial of Service

·      4 Security Feature Bypass

Notable Exploits:

1.     CVE-2024-38178- Scripting Engine Memory Corruption

Microsoft says that the attack requires an authenticated client to click a link for an unauthenticated attacker to initiate remote code execution. The link must be clicked in Microsoft Edge in Internet Explorer mode, making it a tricky flaw to exploit. However, even with these pre-requisites, the South Korean National CyberSecurity Center (NCSC) and AhnLab disclosed the flaw as being exploited in attacks.

2.     CVE-2024-38106- Windows Kernel Elevation of Privilege Vulnerability

Microsoft has fixed a flawin the Windows Kernel that allowed attackers to gain SYSTEM privileges. Exploiting the vulnerability required winning a race condition. However, Microsoft has not disclosed the details of the exploit or the discoverer.

3.     CVE-2024-38213- Windows Mark of the Web Security Feature Bypass Vulnerability

This vulnerability allows attackers to create files that bypass Windows Mark of the Web security alerts. This security feature has been subject to numerous bypasses over the year as it is an attractive target for threat actors who conduct phishing campaigns.

Unresolved Threat:

CVE-2024-38202 - Windows Update Stack Elevation of Privilege

Currently without a patch, this flaw was publicly disclosed at Black Hat 2024. It allows attackers toexploit the Windows Update process for privilege escalation. Microsoft is expected to release a fix soon.

Recommendation

·      Immediate Patch Deployment: Prioritize the deployment of the August 2024 updates, especially focusing on systems vulnerable to the highlighted zero-days.

·      Monitor for Active Exploitation: Increase monitoring for signs of exploitation related to these vulnerabilities, particularly in environments using legacy Windows features like LPD or Internet Explorer mode.

·      Review Downgrade Protection: Ensure that security policies are in place to prevent unauthorized system downgrades, mitigating the risk from the Windows Downdate vulnerabilities.

For more details onspecific updates, consult Microsoft'sofficial Patch Tuesday release notes.