Security News Microsoft August 2024 Patch Tuesday fixes 9 zero-days, 6 exploited

Gandalf_The_Grey

Level 81
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
7,084
Today is Microsoft's August 2024 Patch Tuesday, which includes security updates for 89 flaws, including six actively exploited and three publicly disclosed zero-days. Microsoft is still working on an update for a tenth publicly disclosed zero-day.

This Patch Tuesday fixed eight critical vulnerabilities, which were a mixture of elevation of privileges, remote code execution, and information disclosure.

The number of bugs in each vulnerability category is listed below:
  • 36 Elevation of Privilege Vulnerabilities
  • 4 Security Feature Bypass Vulnerabilities
  • 28 Remote Code Execution Vulnerabilities
  • 8 Information Disclosure Vulnerabilities
  • 6 Denial of Service Vulnerabilities
  • 7 Spoofing Vulnerabilities
The number of bugs listed above do not include Microsoft Edge flaws that were disclosed earlier this month.

To learn more about the non-security updates released today, you can review our dedicated articles on the new Windows 11 KB5041585 update and Windows 10 KB5041580 update.
 

Gandalf_The_Grey

Level 81
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
7,084
ZDI: The August 2024 Security Update Review
I have successfully survived Summer Hacker Camp, and I hope you have too. And we return just in time for Patch Tuesday and a new crop of 0-days as Microsoft and Adobe have released their regularly scheduled updates. Take a break from your regular activities and join us as we review the details of their latest security alerts. If you’d rather watch the full video recap covering the entire release, you can check it out here:

Adobe Patches for August 2024

For August, Adobe released 11 security bulletins addressing 71 CVEs in Adobe Illustrator. Dimension, Photoshop, InDesign, Acrobat and Reader, Bridge, Substance 3D Stager, Commerce, InCopy. Substance 3D Sampler, and Substance 3D Designer. A total of 14 of these bugs came through the ZDI program. The largest of these updates is for Adobe Commerce, which includes several fixes for Critical-rated bode execution bugs. The patch for InDesign also corrects many code execution bugs. However, I’m probably most concerned about the update for Acrobat and Reader, as maliciously crafted PDFs are often used in ransomware.

The fixes for Photoshop, Substance 3D Stager, InCopy, and Substance 3D Designer each address a single Critical-rated CVE that could lead to code execution. The patch for Illustrator corrects seven bugs, but most of these are rated Important. The Dimension patch has three Critical and three Important bugs. ZDI’s Mat Powell reported the three bugs fixed in Adobe Bridge. The final Adobe patch for August is for Substance 3D Sampler and fixes four bugs.

None of the bugs fixed by Adobe this month are listed as publicly known or under active attack at the time of release. Adobe categorizes these updates as a deployment priority rating of 3.
Microsoft Patches for August 2024

This month, Microsoft released 90 new CVEs in Windows and Windows Components; Office and Office Components; .NET and Visual Studio; Azure; Co-Pilot; Microsoft Dynamics; Teams; and (of course) Secure Boot. With the third-party bugs also listed, it brings the total CVE count to 102. Four of these bugs came through the ZDI program, including one of the bugs listed as under active exploit.

Of the patches being released today, seven are rated Critical, 79 are rated Important, and one is rated Moderate in severity. While this isn’t the biggest release, it is unusual to see so many bugs listed as public or under active attack in a single release.

Four of these CVEs are listed as publicly known, and six others are listed as under active attack.
Looking Ahead

The next Patch Tuesday of 2024 will be on September 10, and I’ll return with details and pumpkin-spiced patch analysis then. Until then, stay safe, happy patching, and may all your reboots be smooth and clean!
 

Gandalf_The_Grey

Level 81
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
7,084
Ghacks: The Windows Security Updates of August 2024 are now available - BitLocker Recovery issue fixed
You may download the following Excel spreadsheet to get a list of released updates. Click on the following link to download the archive to the local device: Windows Security Updates August 2024 Excel spreadsheet

Executive Summary
  • Microsoft released a total of 90 security updates for various Microsoft products and 12 security updates from non-Microsoft issues (e.g. Chromium).
  • Windows clients with issues are: Windows 10 version 1607, 1809, 21H2, and 22H2, Windows 11 version 21H2, Windows 11 version 24H2.
  • Windows Server clients with issues: Windows Server 2008, Windows Server 2012, Windows Server 2019, and Windows Server 2022
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top