PRUEBA AHORA
Patch Tuesday

Microsoft Patch Tuesday – August 2024

8 min. read
13/08/2024
By Esben Dochy
Microsoft Patch Tuesday

⚡ TL;DR | Go Straight to the August 202Patch Tuesday Audit Report

Patch Tuesday is once again upon us. As always, our team has put together the monthly Patch Tuesday Report to help you manage your update progress. The audit report gives you a quick and clear overview of your Windows machines and their patching status. The August 2024 edition of Patch Tuesday brings us 86 new fixes, with 7 rated as critical and 6 exploited. We’ve listed the most important changes below.

Microsoft Project Remote Code Execution Vulnerability

The first exploited vulnerability is one in Microsoft Project, CVE-2024-38189 has a CVSS base score of 8.8.

As per usual, Microsoft doesn’t give too much information about these exploits as they want people to be protected. But there is info on how exploitation is done and also some mitigating factors.

To start with, this vulnerability can only be exploited if the «Block macros from running in Office files from the Internet» policy and the VBA Macro Notification Settings has been disabled. Should these conditions be met, Microsoft lists the following regarding exploitation:

Exploitation requires the victim to open a malicious Microsoft Office Project file on a system where the Block macros from running in Office files from the Internet policy is disabled and VBA Macro Notification Settings are not enabled allowing the attacker to perform remote code execution.

  • In an email attack scenario, an attacker could send the malicious file to the victim and convince them to open the file.
  • In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) containing a malicious file designed to exploit the vulnerability.

An attacker would have no way to force the victim to visit the website. Instead, an attacker would have to convince the victim to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the malicious file.

Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability

The second exploited vulnerability is more broad. CVE-2024-38193 has a CVSS base score of 7.8. If exploited, an attacker can gain system privileges.

The Windows Ancillary Function Driver for WinSock (AFD) is a kernel-mode driver that facilitates the handling of network socket operations, including data transmission, connection management, and error handling, for applications using the Windows Sockets API. It serves as a critical interface between user-mode applications and the underlying network protocols in the Windows operating system.

Microsoft did not share any specifics regarding how exploitation occurs.

Windows Power Dependency Coordinator Elevation of Privilege Vulnerability

The third exploited vulnerability is more broad. CVE-2024-38107 has a CVSS base score of 7.8. If exploited, an attacker can gain system privileges.

The Windows Power Dependency Coordinator is a kernel-mode driver that manages power dependencies between devices and ensures that critical hardware components stay powered when needed, even during system power transitions. It helps maintain system stability and performance by coordinating power states and dependencies across different devices.

Again, Microsoft did not reveal any specifics on how exploitation is done.

Run the Patch Tuesday August 2024 Audit

To help manage your update progress, we’ve created the Patch Tuesday Audit that checks if the assets in your network are on the latest patch updates. The report has been color-coded to see which machines are up-to-date and which ones still need to be updated. As always, system administrators are urged to update their environment as soon as possible to ensure all endpoints are secured.

The Lansweeper Patch Tuesday report is automatically added to your Lansweeper Site. Lansweeper Sites is included in all our licenses without any additional cost and allows you to federate all your installations into one single view so all you need to do is look at one report, automatically added every patch Tuesday!

Patch Tuesday August 2024 CVE Codes & Titles

CVE NumberCVE Title
CVE-2024-38168.NET and Visual Studio Denial of Service Vulnerability
CVE-2024-38167.NET and Visual Studio Information Disclosure Vulnerability
CVE-2024-38162Azure Connected Machine Agent Elevation of Privilege Vulnerability
CVE-2024-38098Azure Connected Machine Agent Elevation of Privilege Vulnerability
CVE-2024-38195Azure CycleCloud Remote Code Execution Vulnerability
CVE-2024-38109Azure Health Bot Elevation of Privilege Vulnerability
CVE-2024-38158Azure IoT SDK Remote Code Execution Vulnerability
CVE-2024-38157Azure IoT SDK Remote Code Execution Vulnerability
CVE-2024-38201Azure Stack Hub Elevation of Privilege Vulnerability
CVE-2024-38108Azure Stack Hub Spoofing Vulnerability
CVE-2024-38199Windows Line Printer Daemon (LPD) Service Remote Code Execution Vulnerability
CVE-2024-38123Windows Bluetooth Driver Information Disclosure Vulnerability
CVE-2024-38211Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability
CVE-2024-38222Microsoft Edge (Chromium-based) Information Disclosure Vulnerability
CVE-2024-38122Microsoft Local Security Authority (LSA) Server Information Disclosure Vulnerability
CVE-2024-38118Microsoft Local Security Authority (LSA) Server Information Disclosure Vulnerability
CVE-2024-38084Microsoft OfficePlus Elevation of Privilege Vulnerability
CVE-2024-38172Microsoft Excel Remote Code Execution Vulnerability
CVE-2024-38170Microsoft Excel Remote Code Execution Vulnerability
CVE-2024-38173Microsoft Outlook Remote Code Execution Vulnerability
CVE-2024-38171Microsoft PowerPoint Remote Code Execution Vulnerability
CVE-2024-38189Microsoft Project Remote Code Execution Vulnerability
CVE-2024-38169Microsoft Office Visio Remote Code Execution Vulnerability
CVE-2024-38144Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability
CVE-2024-38134Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability
CVE-2024-38125Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability
CVE-2024-38197Microsoft Teams for iOS Spoofing Vulnerability
CVE-2024-38152Windows OLE Remote Code Execution Vulnerability
CVE-2024-37968Windows DNS Spoofing Vulnerability
CVE-2024-38140Windows Reliable Multicast Transport Driver (RMCAST) Remote Code Execution Vulnerability
CVE-2024-38193Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
CVE-2024-38141Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
CVE-2024-38177Windows App Installer Spoofing Vulnerability
CVE-2024-38131Clipboard Virtual Channel Extension Remote Code Execution Vulnerability
CVE-2024-38215Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
CVE-2024-38196Windows Common Log File System Driver Elevation of Privilege Vulnerability
CVE-2024-38165Windows Compressed Folder Tampering Vulnerability
CVE-2024-38138Windows Deployment Services Remote Code Execution Vulnerability
CVE-2024-38150Windows DWM Core Library Elevation of Privilege Vulnerability
CVE-2024-38147Microsoft DWM Core Library Elevation of Privilege Vulnerability
CVE-2024-38223Windows Initial Machine Configuration Elevation of Privilege Vulnerability
CVE-2024-38116Windows IP Routing Management Snapin Remote Code Execution Vulnerability
CVE-2024-38115Windows IP Routing Management Snapin Remote Code Execution Vulnerability
CVE-2024-38114Windows IP Routing Management Snapin Remote Code Execution Vulnerability
CVE-2024-29995Windows Kerberos Elevation of Privilege Vulnerability
CVE-2024-38153Windows Kernel Elevation of Privilege Vulnerability
CVE-2024-38151Windows Kernel Information Disclosure Vulnerability
CVE-2024-38133Windows Kernel Elevation of Privilege Vulnerability
CVE-2024-38127Windows Hyper-V Elevation of Privilege Vulnerability
CVE-2024-38106Windows Kernel Elevation of Privilege Vulnerability
CVE-2024-38191Kernel Streaming Service Driver Elevation of Privilege Vulnerability
CVE-2024-38187Windows Kernel-Mode Driver Elevation of Privilege Vulnerability
CVE-2024-38186Windows Kernel-Mode Driver Elevation of Privilege Vulnerability
CVE-2024-38185Windows Kernel-Mode Driver Elevation of Privilege Vulnerability
CVE-2024-38184Windows Kernel-Mode Driver Elevation of Privilege Vulnerability
CVE-2024-38146Windows Layer-2 Bridge Network Driver Denial of Service Vulnerability
CVE-2024-38145Windows Layer-2 Bridge Network Driver Denial of Service Vulnerability
CVE-2024-38213Windows Mark of the Web Security Feature Bypass Vulnerability
CVE-2024-38161Windows Mobile Broadband Driver Remote Code Execution Vulnerability
CVE-2024-38132Windows Network Address Translation (NAT) Denial of Service Vulnerability
CVE-2024-38126Windows Network Address Translation (NAT) Denial of Service Vulnerability
CVE-2024-38160Windows Network Virtualization Remote Code Execution Vulnerability
CVE-2024-38159Windows Network Virtualization Remote Code Execution Vulnerability
CVE-2024-38135Windows Resilient File System (ReFS) Elevation of Privilege Vulnerability
CVE-2024-38117NTFS Elevation of Privilege Vulnerability
CVE-2024-38107Windows Power Dependency Coordinator Elevation of Privilege Vulnerability
CVE-2024-38198Windows Print Spooler Elevation of Privilege Vulnerability
CVE-2024-38137Windows Resource Manager PSM Service Extension Elevation of Privilege Vulnerability
CVE-2024-38136Windows Resource Manager PSM Service Extension Elevation of Privilege Vulnerability
CVE-2024-38214Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability
CVE-2024-38154Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
CVE-2024-38130Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
CVE-2024-38128Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
CVE-2024-38121Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
CVE-2024-38120Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
CVE-2024-38178Scripting Engine Memory Corruption Vulnerability
CVE-2023-40547Redhat: CVE-2023-40547 Shim – RCE in HTTP boot support may lead to secure boot bypass
CVE-2022-3775Redhat: CVE-2022-3775 grub2 – Heap based out-of-bounds write when rendering certain Unicode sequences
CVE-2022-2601Redhat: CVE-2022-2601 grub2 – Buffer overflow in grub_font_construct_glyph() can lead to out-of-bound write and possible secure boot bypass
CVE-2024-38142Windows Secure Kernel Mode Elevation of Privilege Vulnerability
CVE-2024-38155Security Center Broker Information Disclosure Vulnerability
CVE-2024-38180Windows SmartScreen Security Feature Bypass Vulnerability
CVE-2024-38063Windows TCP/IP Remote Code Execution Vulnerability
CVE-2024-38148Windows Secure Channel Denial of Service Vulnerability
CVE-2024-38163Windows Update Stack Elevation of Privilege Vulnerability
CVE-2024-38143Windows WLAN AutoConfig Service Elevation of Privilege Vulnerability