⚡ TL;DR | Go Straight to the August 2024 Patch Tuesday Audit Report
Patch Tuesday is once again upon us. As always, our team has put together the monthly Patch Tuesday Report to help you manage your update progress. The audit report gives you a quick and clear overview of your Windows machines and their patching status. The August 2024 edition of Patch Tuesday brings us 86 new fixes, with 7 rated as critical and 6 exploited. We’ve listed the most important changes below.
Microsoft Project Remote Code Execution Vulnerability
The first exploited vulnerability is one in Microsoft Project, CVE-2024-38189 has a CVSS base score of 8.8.
As per usual, Microsoft doesn’t give too much information about these exploits as they want people to be protected. But there is info on how exploitation is done and also some mitigating factors.
To start with, this vulnerability can only be exploited if the „Block macros from running in Office files from the Internet“ policy and the VBA Macro Notification Settings has been disabled. Should these conditions be met, Microsoft lists the following regarding exploitation:
Exploitation requires the victim to open a malicious Microsoft Office Project file on a system where the Block macros from running in Office files from the Internet policy is disabled and VBA Macro Notification Settings are not enabled allowing the attacker to perform remote code execution.
- In an email attack scenario, an attacker could send the malicious file to the victim and convince them to open the file.
- In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) containing a malicious file designed to exploit the vulnerability.
An attacker would have no way to force the victim to visit the website. Instead, an attacker would have to convince the victim to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the malicious file.
Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
The second exploited vulnerability is more broad. CVE-2024-38193 has a CVSS base score of 7.8. If exploited, an attacker can gain system privileges.
The Windows Ancillary Function Driver for WinSock (AFD) is a kernel-mode driver that facilitates the handling of network socket operations, including data transmission, connection management, and error handling, for applications using the Windows Sockets API. It serves as a critical interface between user-mode applications and the underlying network protocols in the Windows operating system.
Microsoft did not share any specifics regarding how exploitation occurs.
Windows Power Dependency Coordinator Elevation of Privilege Vulnerability
The third exploited vulnerability is more broad. CVE-2024-38107 has a CVSS base score of 7.8. If exploited, an attacker can gain system privileges.
The Windows Power Dependency Coordinator is a kernel-mode driver that manages power dependencies between devices and ensures that critical hardware components stay powered when needed, even during system power transitions. It helps maintain system stability and performance by coordinating power states and dependencies across different devices.
Again, Microsoft did not reveal any specifics on how exploitation is done.
Run the Patch Tuesday August 2024 Audit
To help manage your update progress, we’ve created the Patch Tuesday Audit that checks if the assets in your network are on the latest patch updates. The report has been color-coded to see which machines are up-to-date and which ones still need to be updated. As always, system administrators are urged to update their environment as soon as possible to ensure all endpoints are secured.
The Lansweeper Patch Tuesday report is automatically added to your Lansweeper Site. Lansweeper Sites is included in all our licenses without any additional cost and allows you to federate all your installations into one single view so all you need to do is look at one report, automatically added every patch Tuesday!
Patch Tuesday August 2024 CVE Codes & Titles
| CVE Number | CVE Title |
| CVE-2024-38168 | .NET and Visual Studio Denial of Service Vulnerability |
| CVE-2024-38167 | .NET and Visual Studio Information Disclosure Vulnerability |
| CVE-2024-38162 | Azure Connected Machine Agent Elevation of Privilege Vulnerability |
| CVE-2024-38098 | Azure Connected Machine Agent Elevation of Privilege Vulnerability |
| CVE-2024-38195 | Azure CycleCloud Remote Code Execution Vulnerability |
| CVE-2024-38109 | Azure Health Bot Elevation of Privilege Vulnerability |
| CVE-2024-38158 | Azure IoT SDK Remote Code Execution Vulnerability |
| CVE-2024-38157 | Azure IoT SDK Remote Code Execution Vulnerability |
| CVE-2024-38201 | Azure Stack Hub Elevation of Privilege Vulnerability |
| CVE-2024-38108 | Azure Stack Hub Spoofing Vulnerability |
| CVE-2024-38199 | Windows Line Printer Daemon (LPD) Service Remote Code Execution Vulnerability |
| CVE-2024-38123 | Windows Bluetooth Driver Information Disclosure Vulnerability |
| CVE-2024-38211 | Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability |
| CVE-2024-38222 | Microsoft Edge (Chromium-based) Information Disclosure Vulnerability |
| CVE-2024-38122 | Microsoft Local Security Authority (LSA) Server Information Disclosure Vulnerability |
| CVE-2024-38118 | Microsoft Local Security Authority (LSA) Server Information Disclosure Vulnerability |
| CVE-2024-38084 | Microsoft OfficePlus Elevation of Privilege Vulnerability |
| CVE-2024-38172 | Microsoft Excel Remote Code Execution Vulnerability |
| CVE-2024-38170 | Microsoft Excel Remote Code Execution Vulnerability |
| CVE-2024-38173 | Microsoft Outlook Remote Code Execution Vulnerability |
| CVE-2024-38171 | Microsoft PowerPoint Remote Code Execution Vulnerability |
| CVE-2024-38189 | Microsoft Project Remote Code Execution Vulnerability |
| CVE-2024-38169 | Microsoft Office Visio Remote Code Execution Vulnerability |
| CVE-2024-38144 | Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability |
| CVE-2024-38134 | Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability |
| CVE-2024-38125 | Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability |
| CVE-2024-38197 | Microsoft Teams for iOS Spoofing Vulnerability |
| CVE-2024-38152 | Windows OLE Remote Code Execution Vulnerability |
| CVE-2024-37968 | Windows DNS Spoofing Vulnerability |
| CVE-2024-38140 | Windows Reliable Multicast Transport Driver (RMCAST) Remote Code Execution Vulnerability |
| CVE-2024-38193 | Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability |
| CVE-2024-38141 | Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability |
| CVE-2024-38177 | Windows App Installer Spoofing Vulnerability |
| CVE-2024-38131 | Clipboard Virtual Channel Extension Remote Code Execution Vulnerability |
| CVE-2024-38215 | Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability |
| CVE-2024-38196 | Windows Common Log File System Driver Elevation of Privilege Vulnerability |
| CVE-2024-38165 | Windows Compressed Folder Tampering Vulnerability |
| CVE-2024-38138 | Windows Deployment Services Remote Code Execution Vulnerability |
| CVE-2024-38150 | Windows DWM Core Library Elevation of Privilege Vulnerability |
| CVE-2024-38147 | Microsoft DWM Core Library Elevation of Privilege Vulnerability |
| CVE-2024-38223 | Windows Initial Machine Configuration Elevation of Privilege Vulnerability |
| CVE-2024-38116 | Windows IP Routing Management Snapin Remote Code Execution Vulnerability |
| CVE-2024-38115 | Windows IP Routing Management Snapin Remote Code Execution Vulnerability |
| CVE-2024-38114 | Windows IP Routing Management Snapin Remote Code Execution Vulnerability |
| CVE-2024-29995 | Windows Kerberos Elevation of Privilege Vulnerability |
| CVE-2024-38153 | Windows Kernel Elevation of Privilege Vulnerability |
| CVE-2024-38151 | Windows Kernel Information Disclosure Vulnerability |
| CVE-2024-38133 | Windows Kernel Elevation of Privilege Vulnerability |
| CVE-2024-38127 | Windows Hyper-V Elevation of Privilege Vulnerability |
| CVE-2024-38106 | Windows Kernel Elevation of Privilege Vulnerability |
| CVE-2024-38191 | Kernel Streaming Service Driver Elevation of Privilege Vulnerability |
| CVE-2024-38187 | Windows Kernel-Mode Driver Elevation of Privilege Vulnerability |
| CVE-2024-38186 | Windows Kernel-Mode Driver Elevation of Privilege Vulnerability |
| CVE-2024-38185 | Windows Kernel-Mode Driver Elevation of Privilege Vulnerability |
| CVE-2024-38184 | Windows Kernel-Mode Driver Elevation of Privilege Vulnerability |
| CVE-2024-38146 | Windows Layer-2 Bridge Network Driver Denial of Service Vulnerability |
| CVE-2024-38145 | Windows Layer-2 Bridge Network Driver Denial of Service Vulnerability |
| CVE-2024-38213 | Windows Mark of the Web Security Feature Bypass Vulnerability |
| CVE-2024-38161 | Windows Mobile Broadband Driver Remote Code Execution Vulnerability |
| CVE-2024-38132 | Windows Network Address Translation (NAT) Denial of Service Vulnerability |
| CVE-2024-38126 | Windows Network Address Translation (NAT) Denial of Service Vulnerability |
| CVE-2024-38160 | Windows Network Virtualization Remote Code Execution Vulnerability |
| CVE-2024-38159 | Windows Network Virtualization Remote Code Execution Vulnerability |
| CVE-2024-38135 | Windows Resilient File System (ReFS) Elevation of Privilege Vulnerability |
| CVE-2024-38117 | NTFS Elevation of Privilege Vulnerability |
| CVE-2024-38107 | Windows Power Dependency Coordinator Elevation of Privilege Vulnerability |
| CVE-2024-38198 | Windows Print Spooler Elevation of Privilege Vulnerability |
| CVE-2024-38137 | Windows Resource Manager PSM Service Extension Elevation of Privilege Vulnerability |
| CVE-2024-38136 | Windows Resource Manager PSM Service Extension Elevation of Privilege Vulnerability |
| CVE-2024-38214 | Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability |
| CVE-2024-38154 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability |
| CVE-2024-38130 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability |
| CVE-2024-38128 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability |
| CVE-2024-38121 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability |
| CVE-2024-38120 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability |
| CVE-2024-38178 | Scripting Engine Memory Corruption Vulnerability |
| CVE-2023-40547 | Redhat: CVE-2023-40547 Shim – RCE in HTTP boot support may lead to secure boot bypass |
| CVE-2022-3775 | Redhat: CVE-2022-3775 grub2 – Heap based out-of-bounds write when rendering certain Unicode sequences |
| CVE-2022-2601 | Redhat: CVE-2022-2601 grub2 – Buffer overflow in grub_font_construct_glyph() can lead to out-of-bound write and possible secure boot bypass |
| CVE-2024-38142 | Windows Secure Kernel Mode Elevation of Privilege Vulnerability |
| CVE-2024-38155 | Security Center Broker Information Disclosure Vulnerability |
| CVE-2024-38180 | Windows SmartScreen Security Feature Bypass Vulnerability |
| CVE-2024-38063 | Windows TCP/IP Remote Code Execution Vulnerability |
| CVE-2024-38148 | Windows Secure Channel Denial of Service Vulnerability |
| CVE-2024-38163 | Windows Update Stack Elevation of Privilege Vulnerability |
| CVE-2024-38143 | Windows WLAN AutoConfig Service Elevation of Privilege Vulnerability |