Microsoft has rolled out its latest round of Patch Tuesday security updates, addressing an impressive total of 90 vulnerabilities within the Windows ecosystem. Among these, the Microsoft Security Response Center has identified five critical Windows vulnerabilities that are currently under active cyber attack. The urgency surrounding these zero-day vulnerabilities has prompted the U.S. Cybersecurity and Infrastructure Security Agency (CISA) to include them in the Known Exploited Vulnerabilities Catalog, mandating compliance by September 3.
Prioritize Vulnerability Patching To Keep Pace With Threat Activity
While the September 3 deadline primarily applies to certain federal civilian executive branch agencies as per U.S. Government Binding Operational Directive 22-01, it serves as a reminder for all organizations and individuals to remain vigilant. CISA emphasizes that the KEV catalog is a resource for the cybersecurity community and network defenders, aimed at assisting organizations in managing vulnerabilities effectively and keeping pace with evolving threats. To mitigate exposure to cyber attacks, it is crucial for all entities—organizations and consumers alike—to prioritize system updates that address known vulnerabilities. For most consumers, this simply entails ensuring that the latest Patch Tuesday updates are fully applied. However, organizations that must test updates prior to deployment should integrate KEV entries into their patch management prioritization process, especially considering the potential risks associated with untested updates.
The Five August 2024 Windows Zero-Day Vulnerabilities Explained
The first vulnerability, CVE-2024-38178, pertains to a memory corruption issue within the Windows scripting engine, potentially allowing an attacker to execute remote code on the affected system. Rated at 7.6 for severity, this vulnerability impacts Windows 10, Windows 11, and Windows Server 2012 and later. Chris Goettl, vice president of security product management at Ivanti, advises that risk-based guidance should classify this update as a higher priority than its initial rating, underscoring the need for swift remediation.
Next, CVE-2024-38213 involves a bypass of the Windows ‘Mark of the Web’ security feature, which could allow an attacker to circumvent SmartScreen protection on Windows 10, Windows 11, and Windows Server 2012 and later. Kev Breen, senior director of cyber threat research at Immersive Labs, notes that while this vulnerability cannot be exploited independently, it often forms part of a larger exploit chain, such as modifying a malicious document or executable file.
CVE-2024-38193 presents an elevation of privilege vulnerability in the Windows ancillary function driver for WinSock, affecting Windows 10, Windows 11, and Windows Server 2008 and later. Adam Barnett, lead software engineer with Rapid7, highlights that successful exploitation could lead to SYSTEM privileges, given the low attack complexity and lack of user interaction required.
Another critical issue, CVE-2024-38106, is a Windows kernel elevation of privilege vulnerability impacting Windows 10, Windows 11, and Windows Server 2016 and later. Mike Walters, president and co-founder of Action1, explains that this vulnerability arises from inadequate protection of sensitive data stored in memory, allowing low-privileged attackers to escalate their privileges. Although exploiting this vulnerability poses challenges due to the need for precise timing, the potential consequences warrant immediate attention.
Lastly, CVE-2024-38107 is a use-after-free elevation of privilege vulnerability within the Windows kernel impacting Windows 10, Windows 11, and Windows Server 2016 and later. This vulnerability could allow an attacker to gain elevated privileges by exploiting freed memory objects. The complexity of this exploit is moderate; however, its potential impact makes it a significant concern for network defenders.
In summary, these five critical vulnerabilities underscore the importance of timely patching and proactive cybersecurity measures. Organizations are urged to integrate these updates into their patch management processes without delay to mitigate potential risks.