Security News Microsoft August 2024 Patch Tuesday fixes 9 zero-days, 6 exploited

Gandalf_The_Grey

Gandalf_The_Grey

Level 82
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
7,189
Content source
https://www.bleepingcomputer.com/news/microsoft/microsoft-august-2024-patch-tuesday-fixes-9-zero-days-6-exploited/
Today is Microsoft's August 2024 Patch Tuesday, which includes security updates for 89 flaws, including six actively exploited and three publicly disclosed zero-days. Microsoft is still working on an update for a tenth publicly disclosed zero-day.

This Patch Tuesday fixed eight critical vulnerabilities, which were a mixture of elevation of privileges, remote code execution, and information disclosure.

The number of bugs in each vulnerability category is listed below:
  • 36 Elevation of Privilege Vulnerabilities
  • 4 Security Feature Bypass Vulnerabilities
  • 28 Remote Code Execution Vulnerabilities
  • 8 Information Disclosure Vulnerabilities
  • 6 Denial of Service Vulnerabilities
  • 7 Spoofing Vulnerabilities
The number of bugs listed above do not include Microsoft Edge flaws that were disclosed earlier this month.

To learn more about the non-security updates released today, you can review our dedicated articles on the new Windows 11 KB5041585 update and Windows 10 KB5041580 update.
Click to expand...
www.bleepingcomputer.com

Microsoft August 2024 Patch Tuesday fixes 9 zero-days, 6 exploited

Today is Microsoft's August 2024 Patch Tuesday, which includes security updates for 89 flaws, including six actively exploited and three publicly disclosed zero-days. Microsoft is still working on an update for a tenth publicly disclosed zero-day.
www.bleepingcomputer.com www.bleepingcomputer.com
 
  • Like
  • +Reputation
Reactions: Faybert, oldschool, silversurfer and 2 others
Gandalf_The_Grey

Gandalf_The_Grey

Level 82
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
7,189
ZDI: The August 2024 Security Update Review
I have successfully survived Summer Hacker Camp, and I hope you have too. And we return just in time for Patch Tuesday and a new crop of 0-days as Microsoft and Adobe have released their regularly scheduled updates. Take a break from your regular activities and join us as we review the details of their latest security alerts. If you’d rather watch the full video recap covering the entire release, you can check it out here:
Click to expand...

Adobe Patches for August 2024

For August, Adobe released 11 security bulletins addressing 71 CVEs in Adobe Illustrator. Dimension, Photoshop, InDesign, Acrobat and Reader, Bridge, Substance 3D Stager, Commerce, InCopy. Substance 3D Sampler, and Substance 3D Designer. A total of 14 of these bugs came through the ZDI program. The largest of these updates is for Adobe Commerce, which includes several fixes for Critical-rated bode execution bugs. The patch for InDesign also corrects many code execution bugs. However, I’m probably most concerned about the update for Acrobat and Reader, as maliciously crafted PDFs are often used in ransomware.

The fixes for Photoshop, Substance 3D Stager, InCopy, and Substance 3D Designer each address a single Critical-rated CVE that could lead to code execution. The patch for Illustrator corrects seven bugs, but most of these are rated Important. The Dimension patch has three Critical and three Important bugs. ZDI’s Mat Powell reported the three bugs fixed in Adobe Bridge. The final Adobe patch for August is for Substance 3D Sampler and fixes four bugs.

None of the bugs fixed by Adobe this month are listed as publicly known or under active attack at the time of release. Adobe categorizes these updates as a deployment priority rating of 3.
Click to expand...
Microsoft Patches for August 2024

This month, Microsoft released 90 new CVEs in Windows and Windows Components; Office and Office Components; .NET and Visual Studio; Azure; Co-Pilot; Microsoft Dynamics; Teams; and (of course) Secure Boot. With the third-party bugs also listed, it brings the total CVE count to 102. Four of these bugs came through the ZDI program, including one of the bugs listed as under active exploit.

Of the patches being released today, seven are rated Critical, 79 are rated Important, and one is rated Moderate in severity. While this isn’t the biggest release, it is unusual to see so many bugs listed as public or under active attack in a single release.

Four of these CVEs are listed as publicly known, and six others are listed as under active attack.
Click to expand...
Looking Ahead

The next Patch Tuesday of 2024 will be on September 10, and I’ll return with details and pumpkin-spiced patch analysis then. Until then, stay safe, happy patching, and may all your reboots be smooth and clean!
Click to expand...
www.zerodayinitiative.com

Zero Day Initiative — The August 2024 Security Update Review

I have successfully survived Summer Hacker Camp, and I hope you have too. And we return just in time for Patch Tuesday and a new crop of 0-days as Microsoft and Adobe have released their regularly scheduled updates. Take a break from your regular activities and join us as we review the details of th
www.zerodayinitiative.com www.zerodayinitiative.com
 
  • Like
  • +Reputation
Reactions: oldschool, silversurfer, Andy Ful and 1 other person
Gandalf_The_Grey

Gandalf_The_Grey

Level 82
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
7,189
Ghacks: The Windows Security Updates of August 2024 are now available - BitLocker Recovery issue fixed
You may download the following Excel spreadsheet to get a list of released updates. Click on the following link to download the archive to the local device: Windows Security Updates August 2024 Excel spreadsheet

Executive Summary
  • Microsoft released a total of 90 security updates for various Microsoft products and 12 security updates from non-Microsoft issues (e.g. Chromium).
  • Windows clients with issues are: Windows 10 version 1607, 1809, 21H2, and 22H2, Windows 11 version 21H2, Windows 11 version 24H2.
  • Windows Server clients with issues: Windows Server 2008, Windows Server 2012, Windows Server 2019, and Windows Server 2022
Click to expand...
www.ghacks.net

The Windows Security Updates of August 2024 are now available - BitLocker Recovery issue fixed - gHacks Tech News

Here is an overview of the August 2024 security updates that Microsoft released for its Windows operating systems.
www.ghacks.net
 
  • Like
Reactions: oldschool, silversurfer, Andy Ful and 1 other person

Similar threads

Gandalf_The_Grey
    • Like
    • +Reputation
Security News Microsoft September 2024 Patch Tuesday fixes 4 zero-days, 79 flaws
Replies
2
Views
1,378
Security News
Gandalf_The_Grey
Gandalf_The_Grey
Gandalf_The_Grey
    • Like
    • +Reputation
    • Applause
Security News Microsoft July 2024 Patch Tuesday fixes 142 flaws, 4 zero-days
Replies
2
Views
3,089
Security News
Gandalf_The_Grey
Gandalf_The_Grey
Gandalf_The_Grey
    • Like
    • +Reputation
Security News Microsoft May 2024 Patch Tuesday fixes 3 zero-days, 61 flaws
Replies
2
Views
2,299
Security News
Gandalf_The_Grey
Gandalf_The_Grey

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top