Microsoft Patches 6 Zero-Days That Threat Actors Actively Exploiting


Microsoft has released its August 2024 Patch Tuesday update to address 90 security vulnerabilities. The update includes fixes for six zero-day flaws actively exploited across various products and services, such as Windows, Office, Azure, Dynamics, and Edge.

The high number of zero-day vulnerabilities, especially those already being actively exploited, makes this a particularly critical Patch Tuesday. Organizations are strongly advised to apply these patches as soon as possible to mitigate the risk of exploitation.

EHA

The August Patch Tuesday update also includes fixes for several critical vulnerabilities, including flaws in the Windows Reliable Multicast Transport Driver and Windows TCP/IP, both of which could lead to remote code execution.

Free Webinar on Detecting & Blocking Supply Chain Attack -> Book your Spot

Six Actively Exploited Zero-Days

CVE-2024-38178: Scripting Engine Memory Corruption Vulnerability
This vulnerability allows remote code execution if an authenticated user is tricked into clicking a specially crafted URL while using Microsoft Edge in Internet Explorer Mode. The flaw was reported by AhnLab and South Korea’s National Cyber Security Center, suggesting its use in nation-state APT attacks.

CVE-2024-38193: Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
This bug enables attackers to gain SYSTEM privileges on Windows systems. It was discovered by researchers from Gen Digital (formerly Symantec) and is considered a prime target for potential inclusion in ransomware attacks.

CVE-2024-38213: Windows Mark of the Web Security Feature Bypass Vulnerability
This vulnerability allows attackers to bypass the SmartScreen security feature, potentially enabling malicious files to evade detection. A researcher from Trend Micro’s Zero Day Initiative identified it.

CVE-2024-38106: Windows Kernel Elevation of Privilege Vulnerability
This flaw in the Windows Kernel can be exploited to gain SYSTEM privileges. Successful exploitation requires the attacker to win a race condition, which, despite being classified as “high complexity,” has proven to be readily exploitable in the wild.

CVE-2024-38107: Windows Power Dependency Coordinator Elevation of Privilege Vulnerability
Another privilege escalation vulnerability is that this bug affects the Windows Power Dependency Coordinator, a component of Modern Standby. Exploitation can lead to SYSTEM-level access.

CVE-2024-38189: Microsoft Project Remote Code Execution Vulnerability
This unusual remote code execution flaw in Microsoft Project can be exploited through maliciously crafted files. It requires certain security features to be disabled but has nonetheless been observed in active attacks.

    Organizations and individuals are strongly advised to apply the latest security updates as soon as possible to mitigate the risk of exploitation.

    Microsoft has not provided detailed information about the extent of these exploits in the wild, but security experts warn that some of these vulnerabilities could quickly become targets for ransomware operations if they aren’t already.

    In addition to the six actively exploited zero-days, Microsoft also patched three other publicly disclosed vulnerabilities and is working on a fix for a tenth publicly known zero-day.

    As always, users and system administrators are encouraged to review the full list of patched vulnerabilities and prioritize updates based on their specific risk profiles and system configurations.

    Are you from SOC and DFIR Teams? Analyse Malware Incidents & get live Access with ANY.RUN -> Get 14 Days Free Acces



Source link