Microsoft’s August 2024 Patch Tuesday Addresses 88 CVEs
2024-8-14 03:5:26 Author: www.tenable.com(查看原文) 阅读量:11 收藏

Tenable Security Response Team

Tenable Research Patch Tuesday Header Image Zero-Day Vulnerabilities Exploited

  1. 7Critical
  2. 80Important
  3. 1Moderate
  4. 0Low

Microsoft addresses 88 CVEs with seven critical vulnerabilities and 10 zero-day vulnerabilities, six of which were exploited in the wild.

Microsoft patched 88 CVEs in its August 2024 Patch Tuesday release, with seven rated critical, 80 rated as important, and one rated as moderate.

This month’s update includes patches for:

  • .NET and Visual Studio
  • Azure Connected Machine Agent
  • Azure CycleCloud
  • Azure Health Bot
  • Azure IoT SDK
  • Azure Stack
  • Line Printer Daemon Service (LPD)
  • Microsoft Bluetooth Driver
  • Microsoft Copilot Studio
  • Microsoft Dynamics
  • Microsoft Edge (Chromium-based)
  • Microsoft Local Security Authority Server (lsasrv)
  • Microsoft Office
  • Microsoft Office Excel
  • Microsoft Office Outlook
  • Microsoft Office PowerPoint
  • Microsoft Office Project
  • Microsoft Office Visio
  • Microsoft Streaming Service
  • Microsoft Teams
  • Microsoft WDAC OLE DB provider for SQL
  • Microsoft Windows DNS
  • Reliable Multicast Transport Driver (RMCAST)
  • Windows Ancillary Function Driver for WinSock
  • Windows App Installer
  • Windows Clipboard Virtual Channel Extension
  • Windows Cloud Files Mini Filter Driver
  • Windows Common Log File System Driver
  • Windows Compressed Folder
  • Windows Deployment Services
  • Windows DWM Core Library
  • Windows Initial Machine Configuration
  • Windows IP Routing Management Snapin
  • Windows Kerberos
  • Windows Kernel
  • Windows Kernel-Mode Drivers
  • Windows Layer-2 Bridge Network Driver
  • Windows Mark of the Web (MOTW)
  • Windows Mobile Broadband
  • Windows Network Address Translation (NAT)
  • Windows Network Virtualization
  • Windows NT OS Kernel
  • Windows NTFS
  • Windows Power Dependency Coordinator
  • Windows Print Spooler Components
  • Windows Resource Manager
  • Windows Routing and Remote Access Service (RRAS)
  • Windows Scripting
  • Windows Secure Kernel Mode
  • Windows Security Center
  • Windows SmartScreen
  • Windows TCP/IP
  • Windows Transport Security Layer (TLS)
  • Windows Update Stack
  • Windows WLAN Auto Config Service

Elevation of Privilege (EoP) vulnerabilities accounted for 41% of the vulnerabilities patched this month, followed by Remote Code Execution (RCE) at 33%.

CVE-2024-38206 | Microsoft Copilot Studio Information Disclosure Vulnerability

CVE-2024-38206 is a critical severity information disclosure vulnerability affecting Microsoft’s Copilot Studio, an AI-powered chatbot. This vulnerability received a CVSSv3 score of 8.5 and could be abused by an authenticated attacker to bypass server-side request forgery (SSRF) protections in order to leak potentially sensitive information. The vulnerability was released by Microsoft on August 6, with the advisory noting that no user action is required as the issue has been patched by Microsoft. This vulnerability was discovered and reported to Microsoft by Tenable researcher Evan Grant.

CVE-2024-38109 | Azure Health Bot Elevation of Privilege Vulnerability

CVE-2024-38109 is a critical severity EoP vulnerability affecting Azure Health Bot. This vulnerability received a CVSSv3 score of 9.1 and is the result of a SSRF vulnerability in Azure Health Bot that can be abused to escalate privileges. This vulnerability was discovered by Tenable researcher Jimi Sebree and responsibly disclosed to Microsoft. The issue has been patched by Microsoft and no action is required for users of the Health Bot service. For more information on this vulnerability, please refer to Tenable Research Advisories TRA-2024-27 and TRA-2024-28, as well as our blog post.

CVE-2024-38106, CVE-2024-38133 and CVE-2024-38153 | Windows Kernel Elevation of Privilege Vulnerability

CVE-2024-38106, CVE-2024-38133 and CVE-2024-38153 are EoP vulnerabilities affecting the Windows Kernel. CVE-2024-38133 and CVE-2024-38153 received CVSSv3 scores of 7.8, while CVE-2024-38106 was scored as a 7. Despite the lower severity and the exploitability requirements of the attacker needing to win a race condition for successful exploitation, CVE-2024-38106 was reportedly exploited in the wild as a zero-day. CVE-2024-38133 and CVE-2024-38153 were not listed as being exploited, however CVE-2024-38133 was rated as “Exploitation More Likely” according to the Microsoft Exploitability Index. Successful exploitation of these vulnerabilities could allow the attacker to elevate privileges to SYSTEM.

CVE-2024-38107 | Windows Power Dependency Coordinator Elevation of Privilege Vulnerability

CVE-2024-38107 is an EoP Vulnerability affecting Windows Power Dependency Coordinator (pdc.sys), a driver responsible for power management on a Windows system. This vulnerability was exploited in the wild as a zero-day, though no specific details about exploitation were available at the time this blog was published. Microsoft provided a CVSSv3 score of 7.8 for this vulnerability and patches are available for all supported versions of Windows and Windows Server.

CVE-2024-38178 | Scripting Engine Memory Corruption Vulnerability

CVE-2024-38178 is a Scripting Engine memory corruption vulnerability in Windows Scripting. This vulnerability was assigned a CVSSv3 score of 7.5 and Microsoft notes that exploitation has been observed. According to Microsoft, an authenticated victim must have Edge in Internet Explorer Mode as a prerequisite for exploitation prior to an unauthenticated attacker convincing the victim to click a specially crafted URL to obtain RCE.

CVE-2024-38189 | Microsoft Project Remote Code Execution Vulnerability

CVE-2024-38189 is a RCE vulnerability affecting Microsoft Project, a project management tool. This vulnerability received a CVSSv3 score of 8.8 and was exploited in the wild. According to the advisory, exploitation requires an unsuspecting victim to open a crafted Microsoft Office Project file. Additionally, the system must be configured to have the “Block macros from running in Office files from the Internet policy” disabled as well as have the VBA Macro Notification Settings disabled in order for a successful attack. Micsoft’s advisory does clarify that the Preview Pane is not an attack vector for this vulnerability and offers mitigation options to protect systems if immediate patching cannot be immediately performed.

CVE-2024-38141 and CVE-2024-38193 | Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability

CVE-2024-38141 and CVE-2024-38193 are EoP vulnerabilities affecting the Windows Ancillary Function Driver for Winsock (afd.sys). Both of these vulnerabilities were given CVSSv3 scores of 7.8 and can allow an attacker to escalate privileges to SYSTEM. CVE-2024-38141 is rated as “Exploitation More Likely” and CVE-2024-38193 was reported to have been exploited in the wild as a zero-day vulnerability.

CVE-2024-38213 | Windows Mark of the Web Security Feature Bypass Vulnerability

CVE-2024-38213 is a security feature bypass vulnerability with an assigned CVSSv3 score of 6.5. Exploitation of this vulnerability requires a user to open a specially crafted file, which could be hosted on a file server, website or sent via a phishing email. If the attacker is successful in convincing a victim to open this file, they could bypass the Windows SmartScreen user experience. Microsoft has flagged this as “Exploitation Detected” as they are aware of an instance of this vulnerability being exploited.

CVE-2024-38163 and CVE-2024-38202 | Windows Update Stack Elevation of Privilege Vulnerability

CVE-2024-38163 and CVE-2024-38202 are both EoP vulnerabilities in Windows Update Stack and were assigned CVSSv3 scores of 7.8 and 7.3 respectively. CVE-2024-38163, if successfully exploited could result in gaining SYSTEM privileges. Microsoft has noted that users don’t need to take any action for this vulnerability as it is only exploitable at run time and the impacted version of WinRE has been superseded by a new version.

CVE-2024-38202 was disclosed and presented at BlackHat USA 2024 and DEF CON 32 by SafeBreach Labs researcher Alon Leviev prior to the August 2024 Patch Tuesday release. The vulnerability which exists in Windows Backup, allows a user with basic privileges to “reintroduce previously mitigated vulnerabilities or circumvent some features of Virtualization Based Security (VBS)”. Leviev identified the vulnerability in the Windows Update mechanism that could allow unauthorized elevation of privileges by enforcing the downgrade of system components. This vulnerability exposes systems to previously patched exploits, making them susceptible to attacks that could leverage these old vulnerabilities. Microsoft has noted that “an attacker attempting to exploit this vulnerability requires additional interaction by a privileged user to be successful.” Microsoft issued an advisory in coordination with this disclosure at Black Hat.

Source: Leviev's SafeBreach Blog

CVE-2024-21302 and CVE-2024-38142 | Windows Secure Kernel Mode Elevation of Privilege Vulnerability

CVE-2024-21302 and CVE-2024-38142 are both elevation of privilege vulnerabilities in Windows Secure Kernel with an exploitability assessment by Microsoft as “Exploitation Less Likely”. CVE-2024-21302 carries a CVSSv3 score of 6.7 and CVE-2024-38142 a score of 7.8 with successful exploitation of either of these vulnerabilities resulting in an attacker gaining SYSTEM privileges.

CVE-2024-21302 was disclosed at Black Hat USA 2024 by the previously mentioned security researcher, Alon Leviev. Leviev demonstrated that CVE-2024-21302 could be chained with CVE-2024-38202 to downgrade or roll back software versions without the need for interaction from a victim with elevated privileges. The result of this chained attack is the target device could be made susceptible to previously patched vulnerabilities, increasing the attack surface of the device. CVE-2024-21302 was also included in the previously mentioned Microsoft advisory released in coordination with the disclosure at Black Hat.

CVE-2024-38199 | Windows Line Printer Daemon (LPD) Service Remote Code Execution Vulnerability

CVE-2024-38199 is a RCE vulnerability in Windows Line Printer Daemon (LPD) Service. The flaw was assigned a CVSSv3 score of 9.8 and rated “Exploitation Less Likely” by Microsoft. A remote attacker could exploit this across a network by dispatching a specially crafted print task to Windows LPD Service, if successful it would result in RCE on the server. Microsoft has also noted that it was publicly disclosed prior to a patch being available.

CVE-2024-38200 | Microsoft Office Spoofing Vulnerability

CVE-2024-38200 is a spoofing vulnerability affecting Microsoft Office with a CVSSv3 score of 6.5 and rated by Microsoft as “Exploitation Less Likely”. An attacker could leverage this vulnerability with a specially crafted file that a victim would need to interact with. This could be achieved by hosting it on a file server or website and convincing the victim to click on the file or similarly it could be included in a phishing email. Successful exploitation of the vulnerability could result in the victim exposing NTLM (New Technology Lan Manager) hashes to a remote attacker.

CVE-2024-38200 was publicly disclosed on August 8 at DEF CON 32 by Jim Rush and Tomais Williamson, both Senior Security Consultants at PrivSec Consulting. Patches for this vulnerability were released today as part of the August 2024 Patch Tuesday released, however on August 10, Microsoft provided mitigations in coordination with this disclosure prior to the patch being released.

CVE-2024-38063 | Windows TCP/IP Remote Code Execution Vulnerability

CVE-2024-38063 is a critical RCE vulnerability affecting Windows TCP/IP. It received a CVSSv3 score of 9.8 and is rated as “Exploitation More Likely.” An attacker could remotely exploit this vulnerability by sending specially crafted IPv6 packets to a host. Microsoft’s mitigation suggestions suggest disabling IPv6 as only IPv6 packets can be abused to exploit this vulnerability. Microsoft has released patches for all supported versions of Windows and Windows Server, including Server Core installations.

Tenable Solutions

A list of all the plugins released for Microsoft’s August 2024 Patch Tuesday update can be found here. As always, we recommend patching systems as soon as possible and regularly scanning your environment to identify those systems yet to be patched.

For more specific guidance on best practices for vulnerability assessments, please refer to our blog post on How to Perform Efficient Vulnerability Assessments with Tenable.

Get more information

Join Tenable's Security Response Team on the Tenable Community.

Learn more about https://www.tenable.com/products/tenable-one">Tenable One, the Exposure Management Platform for the modern attack surface.

Tenable Security Response Team

Tenable Security Response Team

The Tenable Security Response Team (SRT) tracks threat and vulnerability intelligence feeds to ensure our research teams can deliver sensor coverage to our products as quickly as possible. The SRT also works to analyze and assess technical details and writes white papers, blogs and additional communications to ensure stakeholders are fully informed of the latest risks and threats. The SRT provides breakdowns for the latest vulnerabilities on the Tenable blog.

Related Articles

  • Exposure Management

Cybersecurity News You Can Use

Enter your email and never miss timely alerts and security guidance from the experts at Tenable.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Tenable Vulnerability Management trials created everywhere except UAE will also include Tenable Lumin and Tenable Web App Scanning.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose your subscription option:

Thank You

Thank you for your interest in Tenable Vulnerability Management. A representative will be in touch soon.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Tenable Vulnerability Management trials created everywhere except UAE will also include Tenable Lumin and Tenable Web App Scanning.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose your subscription option:

Thank you

Thank you for your interest in Tenable.io. A representative will be in touch soon.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Tenable Vulnerability Management trials created everywhere except UAE will also include Tenable Lumin and Tenable Web App Scanning.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose your subscription option:

Thank you

Thank you for your interest in Tenable Vulnerability Management. A representative will be in touch soon.

Try Tenable Web App Scanning

Enjoy full access to our latest web application scanning offering designed for modern applications as part of the Tenable One Exposure Management platform. Safely scan your entire online portfolio for vulnerabilities with a high degree of accuracy without heavy manual effort or disruption to critical web applications. Sign up now.

Your Tenable Web App Scanning trial also includes Tenable Vulnerability Management and Tenable Lumin.

Buy Tenable Web App Scanning

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

Try Tenable Lumin

Visualize and explore your exposure management, track risk reduction over time and benchmark against your peers with Tenable Lumin.

Your Tenable Lumin trial also includes Tenable Vulnerability Management and Tenable Web App Scanning.

Buy Tenable Lumin

Contact a sales representative to see how Tenable Lumin can help you gain insight across your entire organization and manage cyber risk.

Thank you

Thank you for your interest in Tenable Lumin. A representative will be in touch soon.

Request a demo of Tenable Security Center

Please fill out this form with your contact information.

A sales representative will contact you shortly to schedule a demo.

* Field is required

Request a demo of Tenable OT Security

Get the Operational Technology security you need.

Reduce the risk you don’t.

Request a demo of Tenable Identity Exposure

Continuously detect and respond to Active Directory attacks. No agents. No privileges.

On-prem and in the cloud.

Request a demo of Tenable Cloud Security

Exceptional unified cloud security awaits you!

We’ll show you exactly how Tenable Cloud Security helps you deliver multi-cloud asset discovery, prioritized risk assessments and automated compliance/audit reports.

See
Tenable One
in action

Exposure management for the modern attack surface.

See Tenable Attack Surface Management in action

Know the exposure of every asset on any platform.

Try Tenable Nessus Professional free

Free for 7 days

Tenable Nessus is the most comprehensive vulnerability scanner on the market today.

NEW - Tenable Nessus Expert
now available

Nessus Expert adds even more features, including external attack surface scanning, and the ability to add domains and scan cloud infrastructure. Click here to Try Nessus Expert.

Fill out the form below to continue with a Nessus Pro trial.

Buy Tenable Nessus Professional

Tenable Nessus is the most comprehensive vulnerability scanner on the market today. Tenable Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy a multi-year license and save. Add Advanced Support for access to phone, community and chat support 24 hours a day, 365 days a year.

Try Tenable Nessus Expert free

Free for 7 days.

Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.

Already have Tenable Nessus Professional?
Upgrade to Nessus Expert free for 7 days.

Buy Tenable Nessus Expert

Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.

Learn How Tenable Helps Achieve SLCGP Cybersecurity Plan Requirements

Tenable solutions help fulfill all SLCGP requirements. Connect with a Tenable representative to learn more.


文章来源: https://www.tenable.com/blog/microsofts-august-2024-patch-tuesday-addresses-88-cves
如有侵权请联系:admin#unsafe.sh