***If you are receiving this email, it is because you subscribed to it. If you have not subscribed and want to unsubscribe, click here. Please do not mark as spam instead. We've had some problems lately with email blacklisting. We'd appreciate if you unsubscribe if you don't want mailings from us.***

Welcome to my August Patch Tuesday newsletter. This month we have ten zero days to talk about. Yes, you read correctly; TEN! There are four exploits that are public and six different exploits that are currently being exploited. First up are the public exploits: 21302 and 38202 are pretty interesting. These are both related to vulnerabilities that would cause a system "downgrade". How? For 21302, an attacker who convinces a user to do a system restore reverts system files to files with previously mitigated vulnerabilities. For 38202 an attacker with administrator privileges can replace versions of Windows system files with outdated, vulnerable versions.

Next are the exploits that are currently being exploited:
These six are rated moderate and important; none critical. They consist of elevation of privilege, remote code execution and security feature bypass vulnerabilities. I also want to mention these ten that are rated as "Exploitation More Likely" by Microsoft: So, you will definitely want to get this month's updates tested and deployed as soon as you can. It looks like the bad guys have been busy so please update soon to remediate these recent vulnerabilities.

Besides these there is not much to talk about this month. It's a fairly light month with the usual being released. I recently had a webinar showing how my Supercharger product can help you collect the events you need from your domain controllers to detect malicious activity. Unfortunately, our webinar service provider had a few audio issues. We still managed to do the live event but if you missed it or were there and want to see a recording of it you can register for it here.

Happy patching!
Follow randyfsmith on Twitter

Subscribe to Randy Franklin Smith on Facebook

So, without further ado, here’s the chart of MS patches that affect Windows platforms in the past month.

Patch data provided by:

LOGbinder.com

Technology

Products Affected

Severity

Reference

Workaround/ Exploited / Publicly Disclosed

Vulnerability Info

Windows

Windows 10, 11

Server 2008 SP2, 2008 R2 SP1, 2012, 2012 R2, 2016, 2019, 2022 including Server Core Installations

Remote Desktop Client

Critical

CVE-2022-2601
CVE-2022-3775
CVE-2023-40547
CVE-2024-21302*
CVE-2024-29995
CVE-2024-37968
CVE-2024-38063
CVE-2024-38106
CVE-2024-38107

CVE-2024-38114
CVE-2024-38115
CVE-2024-38116
CVE-2024-38117
CVE-2024-38118
CVE-2024-38120
CVE-2024-38121
CVE-2024-38122
CVE-2024-38123
CVE-2024-38125
CVE-2024-38126
CVE-2024-38127
CVE-2024-38128
CVE-2024-38130
CVE-2024-38131
CVE-2024-38132
CVE-2024-38133
CVE-2024-38134
CVE-2024-38135
CVE-2024-38136
CVE-2024-38137
CVE-2024-38138
CVE-2024-38140
CVE-2024-38141
CVE-2024-38142
CVE-2024-38143
CVE-2024-38144
CVE-2024-38145
CVE-2024-38146
CVE-2024-38147
CVE-2024-38148
CVE-2024-38150
CVE-2024-38151
CVE-2024-38152
CVE-2024-38153
CVE-2024-38154
CVE-2024-38155
CVE-2024-38159
CVE-2024-38160
CVE-2024-38161
CVE-2024-38163
CVE-2024-38165
CVE-2024-38178
CVE-2024-38180
CVE-2024-38184
CVE-2024-38185
CVE-2024-38186
CVE-2024-38187
CVE-2024-38191
CVE-2024-38193
CVE-2024-38196
CVE-2024-38198
CVE-2024-38199*
CVE-2024-38202*
CVE-2024-38213
CVE-2024-38214
CVE-2024-38215
CVE-2024-38223

Workaround: No
Exploited: Yes
Public: Yes*

Denial of Service

Elevation of Privilege

Information Disclosure

Remote Code Execution

Security Feature Bypass

Spoofing

Tampering

Edge

Chromium-based

For Android & iOS

Moderate

CVE-2024-38103
CVE-2024-38156
CVE-2024-38218
CVE-2024-38219
CVE-2024-39379
CVE-2024-6772
CVE-2024-6773
CVE-2024-6774
CVE-2024-6775
CVE-2024-6776
CVE-2024-6777
CVE-2024-6778
CVE-2024-6779
CVE-2024-6988
CVE-2024-6989
CVE-2024-6990
CVE-2024-6991
CVE-2024-6994
CVE-2024-6995
CVE-2024-6996
CVE-2024-6997
CVE-2024-6998
CVE-2024-6999
CVE-2024-7000
CVE-2024-7001
CVE-2024-7003
CVE-2024-7004
CVE-2024-7005
CVE-2024-7255
CVE-2024-7256
CVE-2024-7532
CVE-2024-7533
CVE-2024-7534
CVE-2024-7535
CVE-2024-7536
CVE-2024-7550

Workaround: No
Exploited: No
Public: No

Information Disclosure

Remote Code Execution

Spoofing

Office

365 Apps for Enterprise

Copilot Studio

Office 2016, 2019, LTSC 2021

LTSC for Mac 2021

OfficePLUS

Outlook/PowerPoint/Project 2016

Teams for iOS

Critical

CVE-2024-38084
CVE-2024-38169
CVE-2024-38170
CVE-2024-38171
CVE-2024-38172
CVE-2024-38173
CVE-2024-38189
CVE-2024-38197
CVE-2024-38200*
CVE-2024-38206

Workaround: No
Exploited: Yes
Public: Yes*

Elevation of Privilege

Information Disclosure

Remote Code Execution

Spoofing

Dynamics

365 Field Service On-Prem v7

CRM Service Portal Web Resource

Critical

CVE-2024-38166
CVE-2024-38182

Workaround: No
Exploited: No
Public: No

Elevation of Privilege

Spoofing

Dev Tools

Visual Studio 2022 17.6, 17.8, 17.10

.NET 8.0

C SDK for Azure IoT

Azure IoT Hub Device Client SDK

Important

CVE-2024-38157
CVE-2024-38158
CVE-2024-38167
CVE-2024-38168

Workaround: No
Exploited: No

Public: No

Denial of Service

Information Disclosure

Remote Code Execution

Apps

App Installer

GroupMe

Critical

CVE-2024-38164
CVE-2024-38176
CVE-2024-38177

Workaround: No
Exploited: No

Public: No

Elevation of Privilege

Spoofing

Azure

Arc Resource Bridge

Connected Machine Agent

CycleCloud 8.0.0 - 8.6.2

Health Bot

Kubernetes Service Node on Azure/Ubuntu Linux

Stack Hub

Critical

CVE-2024-38098
CVE-2024-38108
CVE-2024-38109
CVE-2024-38162
CVE-2024-38195
CVE-2024-38201
CVE-2024-6387

Workaround: No
Exploited: No
Public: No

Elevation of Privilege

Remote Code Execution

Spoofing

Mariner

Azure Linux 3.0 ARM/x64

CBL Mariner 1.0/2.0 ARM/x64

Critical

CVE-2022-2601
CVE-2022-3775
CVE-2024-6387

Workaround: No
Exploited: No
Public: No

Remote Code Execution

Thanks as always for reading and best wishes on security,

Randy Franklin Smith

Follow randyfsmith on Twitter Subscribe to Randy Franklin Smith on Facebook

Click here to unsubscribe

Ultimate Windows Security is a division of Monterey Technology Group, Inc. ©2006-2024 Monterey Technology Group, All rights reserved. You may forward this email in its entirety but all other rights reserved.

9450 SW Gemini Drive #53822, Beaverton, OR 97008

Note: We do our best to provide quality information and expert commentary but use all information at your own risk.