Microsoft Patched 6 Actively Exploited Zero-Day Flaws

Patch Tuesday brought updates for 90 information vulnerabilities, including patching terrible distant codification execution vulnerabilities and closing immoderate doors successful Chromium.

Patch Tuesday, Microsoft’s monthly study of information updates, brought 90 CVEs, including immoderate vulnerabilities that were being actively exploited.

Some vulnerabilities originated successful Chromium, meaning some Microsoft Edge and Google Chrome whitethorn person been affected. Here are the astir captious flaws and patches disclosed by Microsoft connected Aug. 13.

Six zero-day flaws had been exploited

Threat actors had already taken vantage of six zero-day exploits successful particular:

• CVE-2024-38106: an elevation of privilege vulnerability successful the Windows kernel.
• CVE-2024-38107: an elevation of privilege vulnerability successful the Windows Power Dependency Coordinator.
• CVE-2024-38178: successful which distant codification execution could person been imaginable if a idiosyncratic clicked a nexus utilizing Edge successful Internet Explorer Mode.
• CVE-2024-38189: successful which opening a malicious Microsoft Office Project record nether definite conditions could alteration distant codification execution.
• CVE-2024-38193: an elevation of privilege vulnerability that could springiness an attacker SYSTEM privileges.
• CVE-2024-38213: successful which an attacker could bypass the SmartScreen extortion that pops up erstwhile a idiosyncratic downloads thing from the internet.

SEE: Organizations whitethorn privation to measure however their privateness and information retention policies intersect with Microsoft’s Copilot AI.

NIST labels 2 vulnerabilities arsenic ‘critical’

Other notable items successful this month’s Patch Tuesday were those rated arsenic captious according to the National Vulnerability Database’s Common Vulnerability Scoring System from NIST. These were:

• CVE-2024-38140: a distant codification execution vulnerability that could hap if a programme was utilizing a Pragmatic General Multicast larboard to listen.
• CVE-2024-38063: a distant codification execution vulnerability enabled by sending repeated malicious IPv6 packets.

Another vulnerability, CVE-2024-38202, is singular due to the fact that Microsoft has not yet released a spot for it. To mitigate this elevation of privilege vulnerability successful Windows Update, Redmond recommends auditing idiosyncratic entree to objects, operations, and files.

The implicit steps for protecting against this vulnerability tin beryllium recovered successful the recommended actions section of the vulnerability’s listing.

A radical of vulnerabilities originate successful Chromium

Business users astir the satellite should usage the astir up-to-date versions of Edge arsenic good arsenic Google Chrome, since immoderate of the vulnerabilities originate successful the Chromium Open Source Software utilized successful some browsers.

Relevant Chrome and Chromium vulnerabilities are arsenic follows:

• MITRE CVE 7532: imaginable out-of-bounds representation entree successful ANGLE, a graphics motor furniture successful Chrome.
• MITRE CVE 7533: a use-after-free exploit connected Chrome successful iOS.
• MITRE CVE 7534: heap buffer overflow successful Layout.
• MITRE CVE 7535: inappropriate implementation successful V8.
• MITRE CVE 7536: a use-after-free exploit successful WebAudio.
• MITRE CVE 7550: Type Confusion successful V8.
• MITRE CVE 38218: an HTML-based memory-corruption vulnerability successful Microsoft Edge.
• MITRE CVE 38219: a distant codification execution vulnerability successful Microsoft Edge.

Attackers could person perchance utilized these vulnerabilities to execute arbitrary codification execution earlier they were patched.

Reminder: support browsers and operating systems up to date

Most exploits mentioned successful the spot study are covered by the August information updates, truthful the lone enactment administrators request to instrumentality successful effect is to support up to date.

Similarly, the mitigation for these Chromium flaws is to update Microsoft Edge oregon Google Chrome to the latest versions.

In Edge, cheque which mentation is moving and find updates by going to the meatball paper (…) connected the right-hand side. Select “Help” and “Feedback,” past prime “Microsoft Edge.”

In Chrome, prime “About Google Chrome” successful the paper barroom oregon prime the kebab paper (three vertical dots) connected the top-right of the window. From there, prime “Help,” past “About Google Chrome.”

Also Read

• National Public Data Breach: 2.7bn Records Leaked connected Dark Web
• 5 Patch Management Best Practices for Success successful 2024
• Zero-Day Exploits Cheat Sheet: Definition, Examples & How It Works
• Cybersecurity: More Must-Read Coverage