{"id":57187,"date":"2024-08-15T15:11:48","date_gmt":"2024-08-15T14:11:48","guid":{"rendered":"https:\/\/www.n-able.com\/?p=57187"},"modified":"2024-10-29T11:46:45","modified_gmt":"2024-10-29T11:46:45","slug":"microsoft-patch-tuesday-august-2024","status":"publish","type":"post","link":"https:\/\/www.n-able.com\/de\/blog\/microsoft-patch-tuesday-august-2024","title":{"rendered":"Patch Tuesday August 2024: 6 Zero-Day Vulnerabilities Under Active Exploitation, and Windows Downgrade Attacks"},"content":{"rendered":"

Downgrade Attacks, a bundle of zero-days, and multiple vulnerabilities under Active Exploitation will add to the sense of urgency for Patch Tuesday this August. There\u2019s lots to read-up on, so expect lots of links to extra reading. On top of Microsoft releasing fixes for an unusually high number of zero-days and vulnerabilities that are under Active Exploitation, there was also a demonstration of a new Downgrade Attack against Windows that was demonstrated at Black Hat 2024<\/span><\/a> and Def Con 32<\/span><\/a>\u2014where an NTLM hash attack was also demonstrated.<\/span><\/p>\n

Microsoft Vulnerabilities<\/span><\/h2>\n

There are six zero-day vulnerabilities that are under Active Exploitation and three that have been publicly disclosed but are not under active exploitation in the wild as of publication. There is also a fourth publicly disclosed vulnerability, CVE-2024-38202<\/span><\/a> that while announced on August 7 has not yet received a published fix. The total number of vulnerabilities addressed this month is 89; this includes 9 rated as critical. If your teams prioritize based only on severity this month is a great a reminder that prioritizing which vulnerabilities to address based only on severity rating can leave an environment more exposed than you realize, the vulnerabilities under Active Exploitation are only rated as Important and Moderate.<\/span><\/p>\n

CVE-2024-38178<\/a><\/span> Scripting Engine Memory Corruption is a vulnerability of note for the fact it dredges up Internet Explorer, or rather Internet Explorer mode for Microsoft Edge. Only requiring a user to click a link makes this trivial to exploit if Microsoft Edge is in Internet Explorer mode. While most environments have moved beyond a need for Internet Explorer there are many line of business applications and tools in use by SMBs that still require the use of this compatibility mode. As this was reported by the National Cyber Security Center (NCSC), Republic of Korea<\/span><\/a> and AhnLab<\/span><\/a>, it\u2019s likely this is under Active Exploitation by nation state backed threat actors. Count this as one more piece of evidence as to why clients need to update business processes that rely on outdated and vulnerable legacy technologies.<\/span><\/p>\n

CVE-2024-38199<\/a><\/span> Windows Line Printer Daemon (LPD) Service Remote Code Execution allows for an unauthenticated attacker to send a print task to a Windows Line Printer Daemon service and allow for remote code execution against the target system running the service. This publicly reported zero-day has not been detected in the wild as of publication. While LPD has been deprecated since Windows 2012 and is not enabled or installed by default, the chances of this being in your environment is low but you won\u2019t know unless you check.<\/span><\/p>\n

CVE-2024-38200<\/a><\/span> Microsoft Office Spoofing vulnerability is another in a long line of NTLM hash attacks that have surfaced this year. This vulnerability allows for exploitation via a link to an attacker-controlled website, upon clicking the attacker can record the NTLM hashes used during the authentication process. A Feature Flighting from July 30 this provided an alternative fix for this vulnerability in addition to KB5002625<\/span><\/a> and KB5002570<\/span><\/a> for Office 2016, as well as click-to-run updates for modern versions of Microsoft Office. If you would like to force an update of Microsoft Office products that support click-to-run update you can leverage items available in the Automation Cookbook<\/span><\/a>:<\/span><\/p>\n