Jump to content
  • Sign Up
×
×
  • Create New...

August Patch Tuesday proves busy with six zero-days to fix

Pelican Press

By Pelican Press,
in World News

 Share

Recommended Posts

  • Diamond Member
Pelican Press Warlord

Pelican Press 0

Posted
  • Diamond Member
Posted

This is the hidden content, please

August Patch Tuesday proves busy with six zero-days to fix

IT administrators and security teams hoping for a quiet summer have been left disappointed after

This is the hidden content, please
patched six actively exploited zero-day vulnerabilities and four additional issues that have been made public,
This is the hidden content, please
.

Also in the crosshairs of malicious actors this month are no fewer than nine flaws, two of them third-party issues coming from Red Hat, that carry critical severity ratings.

None of these critical flaws make the list of zero-days, but coming amid one of the larger Patch Tuesday updates so far this year, comprising over 100 fixes once third-party issues are accounted for, they will doubtless occupy a lot of time over the next few days.

This is the hidden content, please
has evidence of in-the-wild exploitation … or public disclosure for 10 of the vulnerabilities published today, which is significantly more than usual,” said
This is the hidden content, please
lead software engineer, Adam Barnett.

“At time of writing, all six of the known exploited vulnerabilities patched today are listed on [the]

This is the hidden content, please
[database].
This is the hidden content, please
is also patching five critical remote code ********** (RCE) vulnerabilities today.

“Patch Tuesday watchers will know that today’s haul of four publicly-disclosed vulnerabilities and six further exploited-in-the-wild vulnerabilities is a much larger batch than usual,” he said.

Barnett added: “As something of an olive branch for defenders who may now be eyeing their to-do list with concern,

This is the hidden content, please
has not published any SharePoint or Exchange vulnerabilities this month.”

The six zero-days – for which no public exploit code is yet circulating – comprise the following bugs:

  • This is the hidden content, please
    , an elevation of privilege (EoP) vulnerability in Windows Kernel;
  • This is the hidden content, please
    , an EoP vulnerability in Windows Power Dependency Coordinator;
  • This is the hidden content, please
    a remote code ********** vulnerability in Scripting Engine;
  • This is the hidden content, please
    , an RCE vulnerability in
    This is the hidden content, please
    Project;
  • This is the hidden content, please
    , an EoP vulnerability in Windows Ancillary Function Driver for WinSock;
  • This is the hidden content, please
    , a security feature bypass vulnerability in Windows Mark-of-the-Web.

The good news, as Chris Goettl,

This is the hidden content, please
vice president of security products was quick to observe, is that updating the Windows operating system and Office will “knock out most of the risk pretty quick”.

Running the rule over the list of zero-days, Goettl said CVE-2024-38189 was likely to be the most impactful as it allows an attacker to socially engineer their way into executing arbitrary code on their victim’s system. But, he added, there were mitigating factors, such as policies to block macros from running in Office files from the internet, and VBA macro notification settings.

“If these are enabled, the ******* could be thwarted. Somewhere out there these policy settings were obviously disabled allowing an attacker to exploit the CVE in the wild. Risk-based guidance would be to get your Office installs update this month. If you have limited control over the mitigating policy settings or have an open BYOD [bring your own device] policy then updating Office could be more urgent to reduce your exposure,” he said. 

For CVE-2024-38107, Goettl observed that although the exploit requires an attacker to win a race condition, given it has been detected in attacks already this should not be cause to defer remediating it.

He urged users to consider risk-based guidance and treat this update as of higher severity than

This is the hidden content, please
says it is, adding that the same goes for all of the four other zero-days listed.

The flaws that have been made public, but are not yet seen as exploited in the wild, are as follows:

Reviewing these four issues, Scott Caveza, staff research engineer at

This is the hidden content, please
, said CVE-2024-38202 and CVE-2024-21302 warranted particular attention.

“Both of [these] were disclosed by SafeBreach Labs researcher Alon Leviev. If chained together, an attacker could downgrade or roll back software updates without the need for interaction from a victim with elevated privileges,” said Caveza.

“As a result, previous remediation efforts are essentially erased as target devices could be made susceptible to previously patched vulnerabilities, thus increasing the ******* surface of the device.”

CVE-2024-38200 also warrants close attention, said Caveza. “An attacker could leverage this vulnerability by enticing a victim to access a specially crafted file, likely via a phishing email. Successful exploitation of the vulnerability could result in the victim exposing New Technology Lan Manager (NTLM) hashes to a remote attacker,” he explained.

“NTLM hashes could be abused in NTLM relay or pass-the-hash attacks to further an attacker’s foothold into an organisation. NTLM relay attacks have been observed by a Russian-based threat actor, APT28 [Fancy Bear], who leveraged a similar vulnerability to carry out attacks – CVE-2023-23397, an EoP vulnerability in

This is the hidden content, please
This is the hidden content, please
 patched in March 2023.”



This is the hidden content, please

#August #Patch #Tuesday #proves #busy #zerodays #fix

This is the hidden content, please

This is the hidden content, please

0

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Unfortunately, your content contains terms that we do not allow. Please edit your content to remove the highlighted words below.
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing

  • Vote for the server

    To vote for this server you must login.

    Jim Carrey Flirting GIF

  • Recently Browsing   0 members

    • No registered users viewing this page.

Important Information

Privacy Notice: We utilize cookies to optimize your browsing experience and analyze website traffic. By consenting, you acknowledge and agree to our Cookie Policy, ensuring your privacy preferences are respected.

  I accept