CISA & Microsoft Warn of 6 Actively Exploited Zero-Day Vulnerabilities
Microsoft’s August 2024 Patch Tuesday release addresses 88 vulnerabilities, including seven critical flaws and 10 zero-day vulnerabilities. Among these, six are currently being actively exploited in the wild, raising the stakes for organizations to implement patches swiftly.
The comprehensive update encompasses a broad spectrum of Microsoft products, including Microsoft Office and Components, Microsoft Windows DNS, Windows TCP/IP, Microsoft Teams, Windows Secure Boot, Windows Secure Kernel Mode, Windows Security Center, Windows SmartScreen, Windows App Installer, Windows Scripting, and more. The vulnerabilities addressed include Spoofing, Denial of Service (DoS), Elevation of Privilege (EoP), Cross-site Scripting (XSS), Information Disclosure, Security Feature Bypass, and the particularly severe Remote Code Execution (RCE).
Zero-Day Vulnerabilities Demand Immediate Attention
The six actively exploited zero-day vulnerabilities, alongside three additional publicly disclosed zero-days (CVE-2024-21302, CVE-2024-38202, and CVE-2024-38199), present a heightened risk to organizations and individuals. Further compounding the concern is a tenth publicly disclosed zero-day vulnerability (CVE-2024-38200) for which Microsoft has yet to release a patch.
Key Zero-Day Vulnerabilities
The following actively exploited zero-day vulnerabilities were addressed in this Patch Tuesday release:
- CVE-2024-38178: Scripting Engine Memory Corruption Vulnerability
- This vulnerability can be exploited if an attacker convinces an authenticated user to visit a specially crafted URL. The result is memory corruption within the scripting engine, which can lead to arbitrary code execution.
- CVE-2024-38193: Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
- This flaw in the Windows Ancillary Function Driver (AFD) for WinSock can allow attackers to gain SYSTEM privileges by exploiting the vulnerability. The exploit targets a kernel entry point, making it especially dangerous given the potential for deep system access.
- CVE-2024-38213: Windows SmartScreen Security Feature Bypass Vulnerability
- Windows SmartScreen is designed to protect users from malicious websites and downloads, but this vulnerability allows attackers to bypass these protections. By tricking users into opening a malicious file, the attacker can bypass SmartScreen’s defenses, exposing the user to further attacks.
- CVE-2024-38106: Windows Kernel Elevation of Privilege Vulnerability
- The Windows kernel, being the core of the OS, is a critical component. This vulnerability involves a race condition that attackers can exploit to gain SYSTEM privileges. The risk is significant given the potential for system-wide impact if the exploit is successful.
- CVE-2024-38189: Microsoft Project Remote Code Execution Vulnerability
- Microsoft Project, a key tool for project management, has a vulnerability that can be exploited via email or web-based attacks. In both scenarios, the attacker can gain control by tricking users into opening a malicious file, leading to remote code execution.
- CVE-2024-38107: Windows Power Dependency Coordinator Elevation of Privilege Vulnerability
- This vulnerability within the Power Dependency Coordinator component of Modern Standby could allow attackers to gain SYSTEM privileges, posing a significant risk to affected systems.
The Cybersecurity and Infrastructure Security Agency (CISA) has responded by adding the actively exploited vulnerabilities to its Known Exploited Vulnerabilities Catalog, mandating that federal agencies patch these vulnerabilities by September 3, 2024. It is strongly recommended that all users prioritize patching these vulnerabilities as soon as possible.
