Security News

Microsoft Security Bulletin Coverage For August 2024

By

Overview

Microsoft’s 2024 Patch Tuesday has 87 vulnerabilities, 36 of which are Elevation of Privilege vulnerabilities. The SonicWall Capture Labs threat research team has analyzed and addressed Microsoft’s security advisories for the month of 2024 and has produced coverage for ten of the reported vulnerabilities

Vulnerabilities with Detections

 

CVECVE TitleSignature
CVE-2024-38106Windows Kernel Elevation of Privilege VulnerabilityASPY 6995 Exploit-exe exe.MP_399
CVE-2024-38125Kernel Streaming WOW Thunk Service Driver Elevation of Privilege VulnerabilityASPY 6996 Exploit-exe exe.MP_400
CVE-2024-38141Windows Ancillary Function Driver for WinSock Elevation of Privilege VulnerabilityASPY 6997 Exploit-exe exe.MP_401
CVE-2024-38144Kernel Streaming WOW Thunk Service Driver Elevation of Privilege VulnerabilityASPY 6998 Exploit-exe exe.MP_402
CVE-2024-38147Microsoft DWM Core Library Elevation of Privilege VulnerabilityASPY 6999 Exploit-exe exe.MP_403
CVE-2024-38148Windows Secure Channel Denial of Service VulnerabilityASPY 593  Exploit-exe exe.MP_404
CVE-2024-38150Windows DWM Core Library Elevation of Privilege VulnerabilityASPY 594  Exploit-exe exe.MP_405
CVE-2024-38178Scripting Engine Memory Corruption VulnerabilityIPS 4483  Scripting Engine Memory Corruption (CVE-2024-38178)
CVE-2024-38193Windows Ancillary Function Driver for WinSock Elevation of Privilege VulnerabilityASPY 595  Exploit-exe exe.MP_406
CVE-2024-38196Windows Common Log File System Driver Elevation of Privilege VulnerabilityASPY 596  Exploit-exe exe.MP_407
CVE-2024-38063Windows TCP/IP Remote Code Execution VulnerabilityRTDMI

Release Breakdown

The vulnerabilities can be classified into following categories:

For August there are seven critical, 79 important and one moderate vulnerabilities.

2024 Patch Tuesday Monthly Comparison

Microsoft tracks vulnerabilities that are being actively exploited at the time of discovery and those that have been disclosed publicly before the patch Tuesday release for each month. The above chart displays these metrics as seen each month.

Release Detailed Breakdown

Denial of Service Vulnerabilities

CVECVE Title
CVE-2024-38126Windows Network Address Translation (NAT) Denial of Service Vulnerability
CVE-2024-38132Windows Network Address Translation (NAT) Denial of Service Vulnerability
CVE-2024-38145Windows Layer-2 Bridge Network Driver Denial of Service Vulnerability
CVE-2024-38146Windows Layer-2 Bridge Network Driver Denial of Service Vulnerability
CVE-2024-38148Windows Secure Channel Denial of Service Vulnerability
CVE-2024-38168.NET and Visual Studio Denial of Service Vulnerability

Elevation of Privilege Vulnerabilities

CVECVE Title
CVE-2024-21302Windows Secure Kernel Mode Elevation of Privilege Vulnerability
CVE-2024-29995Windows Kerberos Elevation of Privilege Vulnerability
CVE-2024-38084Microsoft OfficePlus Elevation of Privilege Vulnerability
CVE-2024-38098Azure Connected Machine Agent Elevation of Privilege Vulnerability
CVE-2024-38106Windows Kernel Elevation of Privilege Vulnerability
CVE-2024-38107Windows Power Dependency Coordinator Elevation of Privilege Vulnerability
CVE-2024-38109Azure Health Bot Elevation of Privilege Vulnerability
CVE-2024-38117NTFS Elevation of Privilege Vulnerability
CVE-2024-38125Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability
CVE-2024-38127Windows Hyper-V Elevation of Privilege Vulnerability
CVE-2024-38133Windows Kernel Elevation of Privilege Vulnerability
CVE-2024-38134Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability
CVE-2024-38135Windows Resilient File System (ReFS) Elevation of Privilege Vulnerability
CVE-2024-38136Windows Resource Manager PSM Service Extension Elevation of Privilege Vulnerability
CVE-2024-38137Windows Resource Manager PSM Service Extension Elevation of Privilege Vulnerability
CVE-2024-38141Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
CVE-2024-38142Windows Secure Kernel Mode Elevation of Privilege Vulnerability
CVE-2024-38143Windows WLAN AutoConfig Service Elevation of Privilege Vulnerability
CVE-2024-38144Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability
CVE-2024-38147Microsoft DWM Core Library Elevation of Privilege Vulnerability
CVE-2024-38150Windows DWM Core Library Elevation of Privilege Vulnerability
CVE-2024-38153Windows Kernel Elevation of Privilege Vulnerability
CVE-2024-38162Azure Connected Machine Agent Elevation of Privilege Vulnerability
CVE-2024-38163Windows Update Stack Elevation of Privilege Vulnerability
CVE-2024-38184Windows Kernel-Mode Driver Elevation of Privilege Vulnerability
CVE-2024-38185Windows Kernel-Mode Driver Elevation of Privilege Vulnerability
CVE-2024-38186Windows Kernel-Mode Driver Elevation of Privilege Vulnerability
CVE-2024-38187Windows Kernel-Mode Driver Elevation of Privilege Vulnerability
CVE-2024-38191Kernel Streaming Service Driver Elevation of Privilege Vulnerability
CVE-2024-38193Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
CVE-2024-38196Windows Common Log File System Driver Elevation of Privilege Vulnerability
CVE-2024-38198Windows Print Spooler Elevation of Privilege Vulnerability
CVE-2024-38201Azure Stack Hub Elevation of Privilege Vulnerability
CVE-2024-38202Windows Update Stack Elevation of Privilege Vulnerability
CVE-2024-38215Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
CVE-2024-38223Windows Initial Machine Configuration Elevation of Privilege Vulnerability

Information Disclosure Vulnerabilities

CVECVE Title
CVE-2024-38118Microsoft Local Security Authority (LSA) Server Information Disclosure Vulnerability
CVE-2024-38122Microsoft Local Security Authority (LSA) Server Information Disclosure Vulnerability
CVE-2024-38123Windows Bluetooth Driver Information Disclosure Vulnerability
CVE-2024-38151Windows Kernel Information Disclosure Vulnerability
CVE-2024-38155Security Center Broker Information Disclosure Vulnerability
CVE-2024-38167.NET and Visual Studio Information Disclosure Vulnerability
CVE-2024-38206Microsoft Copilot Studio Information Disclosure Vulnerability
CVE-2024-38214Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability

Remote Code Execution Vulnerabilities

CVECVE Title
CVE-2024-38063Windows TCP/IP Remote Code Execution Vulnerability
CVE-2024-38114Windows IP Routing Management Snapin Remote Code Execution Vulnerability
CVE-2024-38115Windows IP Routing Management Snapin Remote Code Execution Vulnerability
CVE-2024-38116Windows IP Routing Management Snapin Remote Code Execution Vulnerability
CVE-2024-38120Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
CVE-2024-38121Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
CVE-2024-38128Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
CVE-2024-38130Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
CVE-2024-38131Clipboard Virtual Channel Extension Remote Code Execution Vulnerability
CVE-2024-38138Windows Deployment Services Remote Code Execution Vulnerability
CVE-2024-38140Windows Reliable Multicast Transport Driver (RMCAST) Remote Code Execution Vulnerability
CVE-2024-38152Windows OLE Remote Code Execution Vulnerability
CVE-2024-38154Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
CVE-2024-38157Azure IoT SDK Remote Code Execution Vulnerability
CVE-2024-38158Azure IoT SDK Remote Code Execution Vulnerability
CVE-2024-38159Windows Network Virtualization Remote Code Execution Vulnerability
CVE-2024-38160Windows Network Virtualization Remote Code Execution Vulnerability
CVE-2024-38161Windows Mobile Broadband Driver Remote Code Execution Vulnerability
CVE-2024-38169Microsoft Office Visio Remote Code Execution Vulnerability
CVE-2024-38170Microsoft Excel Remote Code Execution Vulnerability
CVE-2024-38171Microsoft PowerPoint Remote Code Execution Vulnerability
CVE-2024-38172Microsoft Excel Remote Code Execution Vulnerability
CVE-2024-38173Microsoft Outlook Remote Code Execution Vulnerability
CVE-2024-38178Scripting Engine Memory Corruption Vulnerability
CVE-2024-38180SmartScreen Prompt Remote Code Execution Vulnerability
CVE-2024-38189Microsoft Project Remote Code Execution Vulnerability
CVE-2024-38195Azure CycleCloud Remote Code Execution Vulnerability
CVE-2024-38199Windows Line Printer Daemon (LPD) Service Remote Code Execution Vulnerability

Security Feature Bypass Vulnerability

CVECVE Title
CVE-2024-38213Windows Mark of the Web Security Feature Bypass Vulnerability

Spoofing Vulnerabilities

CVECVE Title
CVE-2024-37968Windows DNS Spoofing Vulnerability
CVE-2024-38108Azure Stack Hub Spoofing Vulnerability
CVE-2024-38166Microsoft Dynamics 365 Cross-site Scripting Vulnerability
CVE-2024-38177Windows App Installer Spoofing Vulnerability
CVE-2024-38197Microsoft Teams for iOS Spoofing Vulnerability
CVE-2024-38200Microsoft Office Spoofing Vulnerability
CVE-2024-38211Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability

Tampering Vulnerability

CVECVE Title
CVE-2024-38165Windows Compressed Folder Tampering Vulnerability
Security News
The SonicWall Capture Labs Threat Research Team gathers, analyzes and vets cross-vector threat information from the SonicWall Capture Threat network, consisting of global devices and resources, including more than 1 million security sensors in nearly 200 countries and territories. The research team identifies, analyzes, and mitigates critical vulnerabilities and malware daily through in-depth research, which drives protection for all SonicWall customers. In addition to safeguarding networks globally, the research team supports the larger threat intelligence community by releasing weekly deep technical analyses of the most critical threats to small businesses, providing critical knowledge that defenders need to protect their networks.
Recommended Cyber Security Stories
Microsoft XML Core Services Uninitialized Object Access (June 22, 2012)
Fake AnyDesk Drops a Myriad of Malicious Tools
Android Adware reappears on third party after being taken down from the Google play store
Microsoft Security Bulletin Coverage for June 2019
SpyEye targets android devices with Spitmo.A (Sep 13, 2011)
vBulletin Deserialization RCE Vulnerability
Data stealing trojan posing as a PDF document (June 5, 2015)
New Java 0-day drive-by exploit (Jan 10, 2013)