Patch Tuesday August 2024 - TEN Zero Days!

***If you are receiving this email, it is because you subscribed to it. If you have not subscribed and want to unsubscribe, click here. Please do not mark as spam instead. We've had some problems lately with email blacklisting. We'd appreciate if you unsubscribe if you don't want mailings from us.***

Welcome to my August Patch Tuesday newsletter. This month we have ten zero days to talk about. Yes, you read correctly; TEN! There are four exploits that are public and six different exploits that are currently being exploited. First up are the public exploits:

21302 and 38202 are pretty interesting. These are both related to vulnerabilities that would cause a system "downgrade". How? For 21302, an attacker who convinces a user to do a system restore reverts system files to files with previously mitigated vulnerabilities. For 38202 an attacker with administrator privileges can replace versions of Windows system files with outdated, vulnerable versions.

Next are the exploits that are currently being exploited:

These six are rated moderate and important; none critical. They consist of elevation of privilege, remote code execution and security feature bypass vulnerabilities. I also want to mention these ten that are rated as "Exploitation More Likely" by Microsoft:

So, you will definitely want to get this month's updates tested and deployed as soon as you can. It looks like the bad guys have been busy so please update soon to remediate these recent vulnerabilities.

Besides these there is not much to talk about this month. It's a fairly light month with the usual being released. I recently had a webinar showing how my Supercharger product can help you collect the events you need from your domain controllers to detect malicious activity. Unfortunately, our webinar service provider had a few audio issues. We still managed to do the live event but if you missed it or were there and want to see a recording of it you can register for it here.

Happy patching!

So, without further ado, here’s the chart of MS patches that affect Windows platforms in the past month.

Patch data provided by:
Technology	Products Affected	Severity	Reference	Workaround/ Exploited / Publicly Disclosed	Vulnerability Info
Windows	Windows 10, 11 Server 2008 SP2, 2008 R2 SP1, 2012, 2012 R2, 2016, 2019, 2022 including Server Core Installations Remote Desktop Client	Critical	CVE-2022-2601 CVE-2022-3775 CVE-2023-40547 CVE-2024-21302* CVE-2024-29995 CVE-2024-37968 CVE-2024-38063 CVE-2024-38106 CVE-2024-38107 CVE-2024-38114 CVE-2024-38115 CVE-2024-38116 CVE-2024-38117 CVE-2024-38118 CVE-2024-38120 CVE-2024-38121 CVE-2024-38122 CVE-2024-38123 CVE-2024-38125 CVE-2024-38126 CVE-2024-38127 CVE-2024-38128 CVE-2024-38130 CVE-2024-38131 CVE-2024-38132 CVE-2024-38133 CVE-2024-38134 CVE-2024-38135 CVE-2024-38136 CVE-2024-38137 CVE-2024-38138 CVE-2024-38140 CVE-2024-38141 CVE-2024-38142 CVE-2024-38143 CVE-2024-38144 CVE-2024-38145 CVE-2024-38146 CVE-2024-38147 CVE-2024-38148 CVE-2024-38150 CVE-2024-38151 CVE-2024-38152 CVE-2024-38153 CVE-2024-38154 CVE-2024-38155 CVE-2024-38159 CVE-2024-38160 CVE-2024-38161 CVE-2024-38163 CVE-2024-38165 *CVE-2024-38178* CVE-2024-38180 CVE-2024-38184 CVE-2024-38185 CVE-2024-38186 CVE-2024-38187 CVE-2024-38191 CVE-2024-38193 CVE-2024-38196 CVE-2024-38198 CVE-2024-38199* CVE-2024-38202* *CVE-2024-38213* CVE-2024-38214 CVE-2024-38215 CVE-2024-38223	Workaround: No *Exploited: Yes* Public: Yes*	Denial of Service Elevation of Privilege Information Disclosure Remote Code Execution Security Feature Bypass Spoofing Tampering
Edge	Chromium-based For Android & iOS	Moderate	CVE-2024-38103 CVE-2024-38156 CVE-2024-38218 CVE-2024-38219 CVE-2024-39379 CVE-2024-6772 CVE-2024-6773 CVE-2024-6774 CVE-2024-6775 CVE-2024-6776 CVE-2024-6777 CVE-2024-6778 CVE-2024-6779 CVE-2024-6988 CVE-2024-6989 CVE-2024-6990 CVE-2024-6991 CVE-2024-6994 CVE-2024-6995 CVE-2024-6996 CVE-2024-6997 CVE-2024-6998 CVE-2024-6999 CVE-2024-7000 CVE-2024-7001 CVE-2024-7003 CVE-2024-7004 CVE-2024-7005 CVE-2024-7255 CVE-2024-7256 CVE-2024-7532 CVE-2024-7533 CVE-2024-7534 CVE-2024-7535 CVE-2024-7536 CVE-2024-7550	Workaround: No Exploited: No Public: No	Information Disclosure Remote Code Execution Spoofing
Office	365 Apps for Enterprise Copilot Studio Office 2016, 2019, LTSC 2021 LTSC for Mac 2021 OfficePLUS Outlook/PowerPoint/Project 2016 Teams for iOS	Critical	CVE-2024-38084 CVE-2024-38169 CVE-2024-38170 CVE-2024-38171 CVE-2024-38172 CVE-2024-38173 *CVE-2024-38189* CVE-2024-38197 CVE-2024-38200* CVE-2024-38206	Workaround: No *Exploited: Yes* Public: Yes*	Elevation of Privilege Information Disclosure Remote Code Execution Spoofing
Dynamics	365 Field Service On-Prem v7 CRM Service Portal Web Resource	Critical	CVE-2024-38166 CVE-2024-38182	Workaround: No Exploited: No Public: No	Elevation of Privilege Spoofing
Dev Tools	Visual Studio 2022 17.6, 17.8, 17.10 .NET 8.0 C SDK for Azure IoT Azure IoT Hub Device Client SDK	Important	CVE-2024-38157 CVE-2024-38158 CVE-2024-38167 CVE-2024-38168	Workaround: No Exploited: No Public: No	Denial of Service Information Disclosure Remote Code Execution
Apps	App Installer GroupMe	Critical	CVE-2024-38164 CVE-2024-38176 CVE-2024-38177	Workaround: No Exploited: No Public: No	Elevation of Privilege Spoofing
Azure	Arc Resource Bridge Connected Machine Agent CycleCloud 8.0.0 - 8.6.2 Health Bot Kubernetes Service Node on Azure/Ubuntu Linux Stack Hub	Critical	CVE-2024-38098 CVE-2024-38108 CVE-2024-38109 CVE-2024-38162 CVE-2024-38195 CVE-2024-38201 CVE-2024-6387	Workaround: No Exploited: No Public: No	Elevation of Privilege Remote Code Execution Spoofing
Mariner	Azure Linux 3.0 ARM/x64 CBL Mariner 1.0/2.0 ARM/x64	Critical	CVE-2022-2601 CVE-2022-3775 CVE-2024-6387	Workaround: No Exploited: No Public: No	Remote Code Execution

Thanks as always for reading and best wishes on security,

Randy Franklin Smith

Click here to unsubscribe

Ultimate Windows Security is a division of Monterey Technology Group, Inc. ©2006-2024 Monterey Technology Group, All rights reserved. You may forward this email in its entirety but all other rights reserved.

9450 SW Gemini Drive #53822, Beaverton, OR 97008

Note: We do our best to provide quality information and expert commentary but use all information at your own risk.