Microsoft Discloses Critical Vulnerabilities in August Patch
Attackers are actively exploiting six out of 90 disclosed vulnerabilities that Microsoft announced in its August security update. This makes them a top priority for system administrators. Among the disclosed vulnerabilities, four were publicly known before Microsoft's August 13 announcement but had not yet been exploited by attackers. These are still considered "zero-day" flaws.
Unpatched Threats and Elevation of Privilege
A noteworthy zero-day bug, CVE-2024-38202, involves the Windows Update Stack. This vulnerability allows attackers with basic user privileges to reintroduce previously fixed vulnerabilities or bypass some security features like Virtualization Based Security (VBS). Microsoft has rated this as moderately severe due to the necessity of deceiving a user or administrator into performing a system restore.
If this bug is combined with CVE-2024-21302, another elevation of privilege flaw that affects the Windows Secure Kernel, it escalates the risk. Together, these vulnerabilities allow attackers to reverse software updates without needing any privileged user interaction.
Critical and Important Vulnerabilities
In addition to the zero-days, Microsoft rated seven vulnerabilities as critical. Seventy-nine vulnerabilities were classified as important or medium severity, often requiring some user interaction for exploitation.
Remote Code Execution Vulnerabilities
Two actively exploited vulnerabilities enable remote code execution (RCE). The first, CVE-2024-38189, affects Microsoft Project Remote Code. This vulnerability is particularly concerning for organizations with disabled VBA Macro Notification Settings. Attackers could remotely execute arbitrary code by tricking a user to open a malicious Microsoft Office Project file.
The second, CVE-2024-38178, involves a memory corruption issue in the Windows Scripting Engine. Successful exploitation requires users to be on Edge in Internet Explorer Mode and to click on a crafted URL.
Elevation of Privilege Flaws
Three zero-day vulnerabilities allow attackers to gain system admin privileges. CVE-2024-38106 involves a race condition combined with improper memory handling in the Windows Kernel. CVE-2024-38107 affects Windows Power Dependency, and CVE-2024-38193 is found in the Windows Ancillary Function Driver for WinSock.
Bypassing Security Protections
The final zero-day under active exploitation, CVE-2024-38213, bypasses Windows Mark of the Web (MoTW) protections. This flaw allows attackers to introduce malicious files into enterprise environments without being marked as untrusted. It typically forms part of a broader exploit chain.
Understanding Terminology: Zero-day refers to vulnerabilities that are known to hackers before the vendor has a patch, making them potentially more dangerous. Elevation of Privilege (EoP) is a type of vulnerability where an attacker gains higher access rights, allowing them to perform unauthorized actions.
Simple Example: Imagine your home has a locked door (security feature), but there's a small window that was accidentally left open (vulnerability). A burglar (attacker) can climb through the window to unlock your door from the inside, allowing them and others to enter freely. This is similar to how vulnerabilities like EoP allow attackers to gain unauthorized access to systems.
