In August 2024 [3] [4], Microsoft released its Patch Tuesday update to address a total of 90 security vulnerabilities [3], including fixes for six zero-day flaws actively exploited across various products and services [3].
Description
These vulnerabilities included memory corruption in the scripting engine of Microsoft Edge [1] [6], a privilege escalation flaw in the Windows Ancillary Function Driver for WinSock [6], a bypass in Windows Mark of the Web [6], a race condition in the Windows Kernel [6], a use-after-free vulnerability in the Windows Power Dependency Coordinator [6], and remote code execution issues in Microsoft Project [1] [6] [7]. Additionally, Microsoft addressed three other publicly disclosed vulnerabilities and is still working on a fix for a tenth publicly known zero-day [3]. These vulnerabilities affected a wide range of Microsoft products such as Office, NET, Visual Studio [7], Azure [7], Co-Pilot [7], Microsoft Dynamics [3] [4] [7], Teams [7], Secure Boot [7], and Windows [1] [2] [3] [6] [7] [8] [9]. Half of the zero-day flaws were local privilege escalation vulnerabilities [7], with some allowing attackers to gain SYSTEM level privileges. Notably, there are no SharePoint or Exchange vulnerabilities this month [5]. The update also includes fixes for several critical vulnerabilities [3], such as flaws in the Windows Reliable Multicast Transport Driver and Windows TCP/IP [3], both of which could lead to remote code execution [3]. Adobe also released security updates for various products [7], emphasizing the importance for Windows users to stay current with security updates and back up data before applying updates [7].
Conclusion
It is crucial to address these vulnerabilities promptly to enhance security posture and mitigate the risk of exploitation. Windows users should ensure they are up to date with security updates to protect their systems and data.
References
[1] https://www.csoonline.com/article/3486418/microsoft-patches-six-actively-exploited-vulnerabilities.html
[2] https://www.infosecurity-magazine.com/news/microsoft-fixes-nine-zerodays/
[3] https://cybersecuritynews.com/microsoft-patches-6-zero-days/
[4] https://thehackernews.com/2024/08/microsoft-issues-patches-for-90-flaws.html
[5] https://www.computerweekly.com/news/366603064/August-Patch-Tuesday-proves-busy-with-six-zero-days-to-fix
[6] https://winbuzzer.com/2024/08/14/microsoft-patches-89-vulnerabilities-including-nine-zero-days-xcxwbn/
[7] https://krebsonsecurity.com/2024/08/six-0-days-lead-microsofts-august-2024-patch-push/
[8] https://www.helpnetsecurity.com/2024/08/13/microsoft-zero-days-under-attack/
[9] https://www.techtarget.com/searchWindowsServer/news/366603155/Microsoft-corrects-six-zero-days-for-August-Patch-Tuesday