Microsoft Addresses 102 Vulnerabilities, Including Six Under Active Exploitation

Apps & Games / Seavus Project Viewer / Desktop / Windows / News Seavus Project Viewer for Desktop Windows / Microsoft Addresses 102 Vulnerabilities, Including Six Under Active Exploitation
14 Aug 2024

Microsoft has unveiled a significant update this August, addressing a total of 102 vulnerabilities across its product suite. Among these, six vulnerabilities are currently under active exploitation, while four others are publicly disclosed but not yet exploited. This month’s Patch Tuesday underscores the importance of vigilance in cybersecurity, especially with the backdrop of increasing threats.

Active Exploits and Critical Vulnerabilities

Among the vulnerabilities, the most pressing is CVE-2024-38189, a Remote Code Execution (RCE) vulnerability in Microsoft Project, which carries a CVSS rating of 8.8. The exploit requires certain security features to be disabled, making it a complex but not impossible target for attackers. The exploit’s details remain sparse, but it highlights the need for users to exercise caution when handling files from untrusted sources.

Another notable vulnerability is CVE-2024-38178, a Scripting Engine Memory Corruption flaw rated at 7.5. This vulnerability necessitates the use of Edge in Internet Explorer Mode, a feature that some organizations still rely on despite Microsoft ceasing support for the browser two years ago. If an attacker can lure a victim into clicking a malicious link while in this mode, they could execute remote code on the device.

Additionally, CVE-2024-38193 presents an Elevation of Privilege vulnerability with a CVSS score of 7.8, potentially allowing attackers to gain system privileges. Experts suggest that such vulnerabilities are often paired with code execution flaws, raising concerns about their potential use in ransomware attacks.

Other vulnerabilities include CVE-2024-38106, which involves a race condition in the Windows Kernel, and CVE-2024-38107, which also allows for elevation of privileges. Both have been exploited in the wild, reinforcing the urgency of applying patches promptly.

For those looking to prioritize their patching efforts, Microsoft has flagged four publicly disclosed vulnerabilities that, while not yet exploited, warrant immediate attention:

  • CVE-2024-38200 – Microsoft Office Spoofing Vulnerability (6.5 CVSS)
  • CVE-2024-38199 – Windows Line Printer Daemon (LPD) Service RCE Vulnerability (9.8 CVSS)
  • CVE-2024-21302 – Windows Secure Kernel Mode Elevation of Privilege Vulnerability (6.7 CVSS)
  • CVE-2024-38202 – Windows Update Stack Elevation of Privilege Vulnerability (7.3 CVSS)

Adobe and SAP Security Updates

In a parallel effort, Adobe has addressed 71 CVEs across its suite of products, including Illustrator, Photoshop, and Acrobat. The updates span 11 different applications, with Commerce being the most affected, featuring seven critical vulnerabilities. Notably, Adobe has reported no known exploits for these flaws, allowing users to update with confidence.

SAP has also stepped up its security measures, releasing 25 new or updated patches, including two HotNews notes. One of the most critical, CVE-2024-41730, carries a CVSS rating of 9.8 and addresses a denial of service vulnerability in the SAP BusinessObjects platform. This vulnerability poses a significant risk, as it could allow unauthorized users to compromise system integrity if Single Sign-On Enterprise authentication is enabled.

Intel's Comprehensive Security Measures

Intel has joined the ranks of companies addressing security vulnerabilities, issuing 43 advisories this month. Among these, nine are classified as high-severity flaws. These vulnerabilities span various products, including Intel Ethernet Controllers and Adapters, which may allow for privilege escalation or denial of service. Additionally, issues in Intel NUC BIOS Firmware and the Intel Core Ultra Processor could also lead to serious security breaches if left unpatched.

This collective effort by Microsoft, Adobe, SAP, and Intel highlights the critical need for organizations to stay ahead in the ever-evolving landscape of cybersecurity threats. Regular updates and prompt patching remain essential defenses against potential exploits.

How to add logo to Microsoft Project?

To add a logo to Microsoft Project, follow these steps: 1. Open your project and go to the Insert tab. 2. Click on Object in the Text group. 3. In the Object dialog box, select Create from File. 4. Click Browse and find your logo file. 5. Click Insert and then OK. The logo will be inserted into your project. Position and resize it as needed.

How to make a flow chart in Microsoft Project?

Microsoft Project is primarily a scheduling tool and isn't designed for flowcharts. To create a flowchart, you can use a different application like Microsoft Visio, which integrates well with Microsoft Project. Alternatively, insert drawings by going to Insert > Object > Create New > Microsoft Visio Drawing. You can also use SmartArt from the Insert tab in Project to create simple diagrams.
Update: 14 Aug 2024
Seavus Project Viewer

Seavus Project Viewer download for free to PC or mobile

5
977 reviews
3843 downloads

News and reviews about Seavus Project Viewer

Loading...