Microsoft Monthly Security Update (August 2024)

Microsoft has released monthly security update for their products:

 

Vulnerable ProductRisk LevelImpactsNotes
MarinerMedium Risk Medium RiskSecurity Restriction Bypass
Remote Code Execution
 
WindowsExtremely High Risk Extremely High RiskSecurity Restriction Bypass
Information Disclosure
Remote Code Execution
Elevation of Privilege
Denial of Service
Data Manipulation
Spoofing

CVE-2024-38107 is being exploited in the wild. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

 

CVE-2024-38213 is being exploited in the wild.  This vulnerability can be exploited to bypass the SmartScreen user experience.

 

CVE 2024 38193 is being exploited in the wild. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

 

CVE-2024-38106 is being exploited in the wild. An attacker who successfully exploits this vulnerability could gain SYSTEM privileges if they win a race condition.

 

CVE-2024-38178 is being exploited in the wild. An attacker who successfully exploits this vulnerability can initiate remote code execution if the target uses Edge in Internet Explorer Mode.

Extended Security Updates (ESU)Extremely High Risk Extremely High RiskSecurity Restriction Bypass
Remote Code Execution
Elevation of Privilege
Information Disclosure
Denial of Service
Spoofing

CVE-2024-38107 is being exploited in the wild. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

 

CVE-2024-38213 is being exploited in the wild.  This vulnerability can be exploited to bypass the SmartScreen user experience.

 

CVE 2024 38193 is being exploited in the wild. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

 

CVE-2024-38178 is being exploited in the wild. An attacker who successfully exploits this vulnerability can initiate remote code execution if the target uses Edge in Internet Explorer Mode.

AzureMedium Risk Medium RiskSpoofing
Elevation of Privilege
Remote Code Execution
 
Developer ToolsMedium Risk Medium RiskInformation Disclosure
Denial of Service
Remote Code Execution
 
Microsoft OfficeHigh Risk High RiskRemote Code Execution
Spoofing
Elevation of Privilege
Information Disclosure
CVE-2024-38189 is being exploited in the wild. An attacker who successfully exploits this vulnerability could perform remote code execution on a system where the policy to block macros from running in Office files from the Internet is disabled, and VBA Macro Notification Settings are not enabled.
BrowserMedium Risk Medium RiskRemote Code Execution 
AppsLow Risk Low RiskSpoofing 
Microsoft DynamicsLow Risk Low RiskSpoofing 

 

Number of ‘Extremely High Risk’ product(s): 2

Number of ‘High Risk’ product(s): 1

Number of ‘Medium Risk’ product(s): 4

Number of ‘Low Risk’ product(s): 2

Evaluation of overall ‘Risk Level’: Extremely High Risk

RISK: Extremely High Risk

TYPE: Operating Systems – Windows OS

TYPE: Windows OS

Impact

  • Information Disclosure
  • Elevation of Privilege
  • Security Restriction Bypass
  • Spoofing
  • Denial of Service
  • Remote Code Execution
  • Data Manipulation

System / Technologies affected

  • Mariner
  • Windows
  • Extended Security Updates (ESU)
  • Azure
  • Developer Tools
  • Microsoft Office
  • Browser
  • Apps
  • Microsoft Dynamics

Solutions

Before installation of the software, please visit the vendor web-site for more details.

  •  Apply fixes issued by the vendor.

Vulnerability Identifier


Source


Related Link

A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.

If you like the site, please support us on “Patreon” or “Buy Me A Coffee” using the buttons below

To keep up to date follow us on the below channels.