August 14, 2024 at 02:03AM
Microsoft shipped fixes for 90 security flaws, including 10 zero-days with active exploitation. Notable updates include addressing CVE-2024-38189, 38178, 38193, 38106, 38107, and 38213. Furthermore, CISA added the flaws to its Known Exploited Vulnerabilities catalog. The update from Microsoft also includes addressing CVE-2024-38200, 38199, 21302, and 38198. Other vendors have also released security updates.
Summary:
Microsoft released patches to address 90 security flaws, including 10 zero-days, with 6 actively exploited in the wild.
Key Points:
– Seven critical, 79 important, and one moderate severity vulnerabilities were fixed, along with 36 Edge browser vulnerabilities.
– Notable fixes include six zero-day vulnerabilities, with CVE-2024-38213 allowing SmartScreen bypass.
– CISA has added these flaws to its Known Exploited Vulnerabilities catalog, requiring fixes by September 3, 2024.
– Four publicly known CVEs include a Microsoft Office Spoofing vulnerability and a Windows LPD Service Remote Code Execution vulnerability.
– Exploitation of CVE-2024-38198 requires an attacker to win a race condition to gain SYSTEM privileges.
– Downgrade attacks against Windows update architecture may be possible with CVE-2024-38202 and CVE-2024-21302.
– A denial-of-service (DoS) flaw in the CLFS driver (CVE-2024-6768) was also reported.
Other Vendors:
Aside from Microsoft, other vendors have also released security updates to address various vulnerabilities.