Microsoft Addresses 90 Security Vulnerabilities in August 2024 Update

Apps & Games / Seavus Project Viewer / Desktop / Windows / News Seavus Project Viewer for Desktop Windows / Microsoft Addresses 90 Security Vulnerabilities in August 2024 Update
14 Aug 2024

On a recent Tuesday, Microsoft unveiled a significant update addressing a total of 90 security vulnerabilities, including 10 zero-day flaws, six of which are currently being exploited in the wild. Among these vulnerabilities, nine have been classified as Critical, while the majority, 80, are deemed Important, with one rated as Moderate. This release follows the resolution of 36 vulnerabilities in the Edge browser just last month.

Details of the Vulnerabilities

The Patch Tuesday updates are particularly noteworthy for their focus on six actively exploited zero-days:

  • CVE-2024-38189 (CVSS score: 8.8) – Microsoft Project Remote Code Execution Vulnerability
  • CVE-2024-38178 (CVSS score: 7.5) – Windows Scripting Engine Memory Corruption Vulnerability
  • CVE-2024-38193 (CVSS score: 7.8) – Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
  • CVE-2024-38106 (CVSS score: 7.0) – Windows Kernel Elevation of Privilege Vulnerability
  • CVE-2024-38107 (CVSS score: 7.8) – Windows Power Dependency Coordinator Elevation of Privilege Vulnerability
  • CVE-2024-38213 (CVSS score: 6.5) – Windows Mark of the Web Security Feature Bypass Vulnerability

Among these, CVE-2024-38213 stands out as it allows attackers to bypass SmartScreen protections. This vulnerability requires an attacker to send a malicious file to the user and persuade them to open it. The flaw was discovered and reported by Peter Girnus from Trend Micro, and it may serve as a bypass for previously exploited vulnerabilities linked to DarkGate malware operators.

In light of these developments, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added these vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, mandating that federal agencies implement the necessary fixes by September 3, 2024.

Publicly Known Vulnerabilities

Four of the vulnerabilities are publicly known:

  • CVE-2024-38200 (CVSS score: 7.5) – Microsoft Office Spoofing Vulnerability
  • CVE-2024-38199 (CVSS score: 9.8) – Windows Line Printer Daemon (LPD) Service Remote Code Execution Vulnerability
  • CVE-2024-21302 (CVSS score: 6.7) – Windows Secure Kernel Mode Elevation of Privilege Vulnerability
  • CVE-2024-38202 (CVSS score: 7.3) – Windows Update Stack Elevation of Privilege Vulnerability

Scott Caveza, a staff research engineer at Tenable, highlighted the risks associated with CVE-2024-38200, noting that attackers could exploit this vulnerability by enticing victims to open specially crafted files, often delivered through phishing emails. The consequences could lead to the exposure of New Technology Lan Manager (NTLM) hashes, which could be misused in further attacks.

The updates also tackle a privilege escalation flaw in the Print Spooler component (CVE-2024-38198, CVSS score: 7.8), allowing an attacker to gain SYSTEM privileges, although successful exploitation requires navigating a race condition.

However, Microsoft has yet to provide updates for CVE-2024-38202 and CVE-2024-21302, which pose risks of downgrade attacks against the Windows update architecture, potentially allowing the replacement of current operating system files with older versions.

Additionally, a report from Fortra has brought attention to a denial-of-service (DoS) flaw in the Common Log File System (CLFS) driver (CVE-2024-6768, CVSS score: 6.8).

How to add company logo to microsoft project?

To add a company logo to Microsoft Project, follow these steps: 1. Open your project file. 2. Go to the Insert menu and select Picture. 3. Locate and select your company logo file, then click Insert. 4. Resize and position the logo as needed within the project view. Note that the logo will only appear on the currently active view and may need to be re-added for different views or reports.

How to insert company logo in microsoft project?

To insert a company logo in Microsoft Project: 1. Open the project where you want to add the logo. 2. Navigate to the Insert tab and select Picture. 3. Find and choose the logo file you want to use and click Insert. 4. Adjust the size and position of the logo within your project view as needed. Remember that this action applies to the specific view currently open and might need to be repeated for other views or reports.
Update: 14 Aug 2024
Seavus Project Viewer

Seavus Project Viewer download for free to PC or mobile

5
977 reviews
3841 downloads

News and reviews about Seavus Project Viewer

Loading...