Patch Tuesday Update - August 2024 | Vulnerability Security Testing & DAST

Fortra VM will include the Microsoft Patch Tuesday checks in the NIRV 4.48.0 and FVM Agent 2.10 releases.

Microsoft addressed 86 vulnerabilities in this release, including 7 rated as Critical and 28 Remote Code Execution vulnerabilities.
This release also includes fixes for six vulnerabilities that have been exploited in the wild.
- Microsoft Project Remote Code Execution Vulnerability (CVE-2024-38189)
  - This vulnerability requires an attacker to trick a victim into opening a malicious Microsoft Office Project file on a system with some Microsoft Office security settings disabled.
- Windows Mark of the Web Security Feature Bypass Vulnerability (CVE-2024-38213)
- Scripting Engine Memory Corruption Vulnerability (CVE-2024-38178)
- CVE-2024-38107, CVE-2024-38106, and CVE-2024-38193 are Elevation of Privilege vulnerabilities that can be used to gain SYSTEM privileges on an affected system.

CVE/Advisory	Title	Tag	Microsoft Severity Rating	Base Score	Microsoft Impact	Exploited	Publicly Disclosed
CVE-2022-2601	Redhat: CVE-2022-2601 grub2 – Buffer overflow in grub_font_construct_glyph() can lead to out-of-bound write and possible secure boot bypass	Windows Secure Boot	Important	8.6	Security Feature Bypass	No	No
CVE-2024-38108	Azure Stack Hub Spoofing Vulnerability	Azure Stack	Important	9.3	Spoofing	No	No
CVE-2024-38123	Windows Bluetooth Driver Information Disclosure Vulnerability	Microsoft Bluetooth Driver	Important	4.4	Information Disclosure	No	No
CVE-2024-38159	Windows Network Virtualization Remote Code Execution Vulnerability	Windows Network Virtualization	Critical	9.1	Remote Code Execution	No	No
CVE-2024-38160	Windows Network Virtualization Remote Code Execution Vulnerability	Windows Network Virtualization	Critical	9.1	Remote Code Execution	No	No
CVE-2024-38161	Windows Mobile Broadband Driver Remote Code Execution Vulnerability	Windows Mobile Broadband	Important	6.8	Remote Code Execution	No	No
CVE-2024-38167	.NET and Visual Studio Information Disclosure Vulnerability	.NET and Visual Studio	Important	6.5	Information Disclosure	No	No
CVE-2024-38168	.NET and Visual Studio Denial of Service Vulnerability	.NET and Visual Studio	Important	7.5	Denial of Service	No	No
CVE-2024-38172	Microsoft Excel Remote Code Execution Vulnerability	Microsoft Office Excel	Important	7.8	Remote Code Execution	No	No
CVE-2024-38178	Scripting Engine Memory Corruption Vulnerability	Windows Scripting	Important	7.5	Remote Code Execution	Yes	No
CVE-2024-38184	Windows Kernel-Mode Driver Elevation of Privilege Vulnerability	Windows Kernel-Mode Drivers	Important	7.8	Elevation of Privilege	No	No
CVE-2024-38191	Kernel Streaming Service Driver Elevation of Privilege Vulnerability	Windows Kernel-Mode Drivers	Important	7.8	Elevation of Privilege	No	No
CVE-2024-38193	Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability	Windows Ancillary Function Driver for WinSock	Important	7.8	Elevation of Privilege	Yes	No
CVE-2024-38196	Windows Common Log File System Driver Elevation of Privilege Vulnerability	Windows Common Log File System Driver	Important	7.8	Elevation of Privilege	No	No
CVE-2024-38197	Microsoft Teams for iOS Spoofing Vulnerability	Microsoft Teams	Important	6.5	Spoofing	No	No
CVE-2024-38198	Windows Print Spooler Elevation of Privilege Vulnerability	Windows Print Spooler Components	Important	7.5	Elevation of Privilege	No	No
CVE-2024-38199	Windows Line Printer Daemon (LPD) Service Remote Code Execution Vulnerability	Line Printer Daemon Service (LPD)	Important	9.8	Remote Code Execution	No	Yes
CVE-2024-38201	Azure Stack Hub Elevation of Privilege Vulnerability	Azure Stack	Important	7	Elevation of Privilege	No	No
CVE-2024-38213	Windows Mark of the Web Security Feature Bypass Vulnerability	Windows Mark of the Web (MOTW)	Moderate	6.5	Security Feature Bypass	Yes	No
CVE-2023-40547	Redhat: CVE-2023-40547 Shim – RCE in HTTP boot support may lead to secure boot bypass	Windows Secure Boot	Critical	8.3	Security Feature Bypass	No	No
CVE-2024-38084	Microsoft OfficePlus Elevation of Privilege Vulnerability	Microsoft Office	Important	7.8	Elevation of Privilege	No	No
CVE-2024-38063	Windows TCP/IP Remote Code Execution Vulnerability	Windows TCP/IP	Critical	9.8	Remote Code Execution	No	No
CVE-2024-38098	Azure Connected Machine Agent Elevation of Privilege Vulnerability	Azure Connected Machine Agent	Important	7.8	Elevation of Privilege	No	No
CVE-2024-38106	Windows Kernel Elevation of Privilege Vulnerability	Windows Kernel	Important	7	Elevation of Privilege	Yes	No
CVE-2024-38107	Windows Power Dependency Coordinator Elevation of Privilege Vulnerability	Windows Power Dependency Coordinator	Important	7.8	Elevation of Privilege	Yes	No
CVE-2024-29995	Windows Kerberos Elevation of Privilege Vulnerability	Windows Kerberos	Important	8.1	Elevation of Privilege	No	No
CVE-2024-38114	Windows IP Routing Management Snapin Remote Code Execution Vulnerability	Windows IP Routing Management Snapin	Important	8.8	Remote Code Execution	No	No
CVE-2024-38115	Windows IP Routing Management Snapin Remote Code Execution Vulnerability	Windows IP Routing Management Snapin	Important	8.8	Remote Code Execution	No	No
CVE-2024-38116	Windows IP Routing Management Snapin Remote Code Execution Vulnerability	Windows IP Routing Management Snapin	Important	8.8	Remote Code Execution	No	No
CVE-2024-38117	NTFS Elevation of Privilege Vulnerability	Windows NTFS	Important	7.8	Elevation of Privilege	No	No
CVE-2024-38118	Microsoft Local Security Authority (LSA) Server Information Disclosure Vulnerability	Microsoft Local Security Authority Server (lsasrv)	Important	5.5	Information Disclosure	No	No
CVE-2024-38121	Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability	Windows Routing and Remote Access Service (RRAS)	Important	8.8	Remote Code Execution	No	No
CVE-2024-38122	Microsoft Local Security Authority (LSA) Server Information Disclosure Vulnerability	Microsoft Local Security Authority Server (lsasrv)	Important	5.5	Information Disclosure	No	No
CVE-2024-38125	Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability	Microsoft Streaming Service	Important	7.8	Elevation of Privilege	No	No
CVE-2024-38126	Windows Network Address Translation (NAT) Denial of Service Vulnerability	Windows Network Address Translation (NAT)	Important	7.5	Denial of Service	No	No
CVE-2024-38127	Windows Hyper-V Elevation of Privilege Vulnerability	Windows Kernel	Important	7.8	Elevation of Privilege	No	No
CVE-2024-38128	Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability	Windows Routing and Remote Access Service (RRAS)	Important	8.8	Remote Code Execution	No	No
CVE-2024-38130	Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability	Windows Routing and Remote Access Service (RRAS)	Important	8.8	Remote Code Execution	No	No
CVE-2024-38131	Clipboard Virtual Channel Extension Remote Code Execution Vulnerability	Windows Clipboard Virtual Channel Extension	Important	8.8	Remote Code Execution	No	No
CVE-2024-38132	Windows Network Address Translation (NAT) Denial of Service Vulnerability	Windows Network Address Translation (NAT)	Important	7.5	Denial of Service	No	No
CVE-2024-38133	Windows Kernel Elevation of Privilege Vulnerability	Windows Kernel	Important	7.8	Elevation of Privilege	No	No
CVE-2024-38134	Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability	Microsoft Streaming Service	Important	7.8	Elevation of Privilege	No	No
CVE-2024-38135	Windows Resilient File System (ReFS) Elevation of Privilege Vulnerability	Windows NT OS Kernel	Important	7.8	Elevation of Privilege	No	No
CVE-2024-38136	Windows Resource Manager PSM Service Extension Elevation of Privilege Vulnerability	Windows Resource Manager	Important	7	Elevation of Privilege	No	No
CVE-2024-38137	Windows Resource Manager PSM Service Extension Elevation of Privilege Vulnerability	Windows Resource Manager	Important	7	Elevation of Privilege	No	No
CVE-2024-38138	Windows Deployment Services Remote Code Execution Vulnerability	Windows Deployment Services	Important	7.5	Remote Code Execution	No	No
CVE-2024-38140	Windows Reliable Multicast Transport Driver (RMCAST) Remote Code Execution Vulnerability	Reliable Multicast Transport Driver (RMCAST)	Critical	9.8	Remote Code Execution	No	No
CVE-2024-38141	Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability	Windows Ancillary Function Driver for WinSock	Important	7.8	Elevation of Privilege	No	No
CVE-2024-38142	Windows Secure Kernel Mode Elevation of Privilege Vulnerability	Windows Secure Kernel Mode	Important	7.8	Elevation of Privilege	No	No
CVE-2024-38143	Windows WLAN AutoConfig Service Elevation of Privilege Vulnerability	Windows WLAN Auto Config Service	Important	4.2	Elevation of Privilege	No	No
CVE-2024-38144	Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability	Microsoft Streaming Service	Important	8.8	Elevation of Privilege	No	No
CVE-2024-38145	Windows Layer-2 Bridge Network Driver Denial of Service Vulnerability	Windows Layer-2 Bridge Network Driver	Important	7.5	Denial of Service	No	No
CVE-2024-38146	Windows Layer-2 Bridge Network Driver Denial of Service Vulnerability	Windows Layer-2 Bridge Network Driver	Important	7.5	Denial of Service	No	No
CVE-2024-38147	Microsoft DWM Core Library Elevation of Privilege Vulnerability	Windows DWM Core Library	Important	7.8	Elevation of Privilege	No	No
CVE-2024-38148	Windows Secure Channel Denial of Service Vulnerability	Windows Transport Security Layer (TLS)	Important	7.5	Denial of Service	No	No
CVE-2024-38150	Windows DWM Core Library Elevation of Privilege Vulnerability	Windows DWM Core Library	Important	7.8	Elevation of Privilege	No	No
CVE-2024-38151	Windows Kernel Information Disclosure Vulnerability	Windows Kernel	Important	5.5	Information Disclosure	No	No
CVE-2024-38152	Windows OLE Remote Code Execution Vulnerability	Microsoft WDAC OLE DB provider for SQL	Important	7.8	Remote Code Execution	No	No
CVE-2024-38153	Windows Kernel Elevation of Privilege Vulnerability	Windows Kernel	Important	7.8	Elevation of Privilege	No	No
CVE-2024-38154	Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability	Windows Routing and Remote Access Service (RRAS)	Important	8.8	Remote Code Execution	No	No
CVE-2024-38155	Security Center Broker Information Disclosure Vulnerability	Windows Security Center	Important	5.5	Information Disclosure	No	No
CVE-2024-38157	Azure IoT SDK Remote Code Execution Vulnerability	Azure IoT SDK	Important	7	Remote Code Execution	No	No
CVE-2024-38158	Azure IoT SDK Remote Code Execution Vulnerability	Azure IoT SDK	Important	7	Remote Code Execution	No	No
CVE-2024-38162	Azure Connected Machine Agent Elevation of Privilege Vulnerability	Azure Connected Machine Agent	Important	7.8	Elevation of Privilege	No	No
CVE-2024-38165	Windows Compressed Folder Tampering Vulnerability	Windows Compressed Folder	Important	6.5	Tampering	No	No
CVE-2024-38169	Microsoft Office Visio Remote Code Execution Vulnerability	Microsoft Office Visio	Important	7.8	Remote Code Execution	No	No
CVE-2024-38170	Microsoft Excel Remote Code Execution Vulnerability	Microsoft Office Excel	Important	7.1	Remote Code Execution	No	No
CVE-2024-38171	Microsoft PowerPoint Remote Code Execution Vulnerability	Microsoft Office PowerPoint	Important	7.8	Remote Code Execution	No	No
CVE-2024-38173	Microsoft Outlook Remote Code Execution Vulnerability	Microsoft Office Outlook	Important	6.7	Remote Code Execution	No	No
CVE-2024-38177	Windows App Installer Spoofing Vulnerability	Windows App Installer	Important	7.8	Spoofing	No	No
CVE-2024-38180	Windows SmartScreen Security Feature Bypass Vulnerability	Windows SmartScreen	Important	8.8	Security Feature Bypass	No	No
CVE-2024-38185	Windows Kernel-Mode Driver Elevation of Privilege Vulnerability	Windows Kernel-Mode Drivers	Important	7.8	Elevation of Privilege	No	No
CVE-2024-38186	Windows Kernel-Mode Driver Elevation of Privilege Vulnerability	Windows Kernel-Mode Drivers	Important	7.8	Elevation of Privilege	No	No
CVE-2024-38187	Windows Kernel-Mode Driver Elevation of Privilege Vulnerability	Windows Kernel-Mode Drivers	Important	7.8	Elevation of Privilege	No	No
CVE-2024-38189	Microsoft Project Remote Code Execution Vulnerability	Microsoft Office Project	Important	8.8	Remote Code Execution	Yes	No
CVE-2024-38195	Azure CycleCloud Remote Code Execution Vulnerability	Azure CycleCloud	Important	7.8	Remote Code Execution	No	No
CVE-2024-38163	Windows Update Stack Elevation of Privilege Vulnerability	Windows Update Stack	Important	7.8	Elevation of Privilege	No	No
CVE-2022-3775	Redhat: CVE-2022-3775 grub2 – Heap based out-of-bounds write when rendering certain Unicode sequences	Windows Secure Boot	Critical	7.1	Remote Code Execution	No	No
CVE-2024-38211	Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability	Microsoft Dynamics	Important	8.2	Spoofing	No	No
CVE-2024-38120	Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability	Windows Routing and Remote Access Service (RRAS)	Important	8.8	Remote Code Execution	No	No
CVE-2024-38214	Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability	Windows Routing and Remote Access Service (RRAS)	Important	6.5	Information Disclosure	No	No
CVE-2024-38215	Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability	Windows Cloud Files Mini Filter Driver	Important	7.8	Elevation of Privilege	No	No
CVE-2024-38222	Microsoft Edge (Chromium-based) Information Disclosure Vulnerability	Microsoft Edge (Chromium-based)		N/A		No	No
CVE-2024-38223	Windows Initial Machine Configuration Elevation of Privilege Vulnerability	Windows Initial Machine Configuration	Important	6.8	Elevation of Privilege	No	No
CVE-2024-38109	Azure Health Bot Elevation of Privilege Vulnerability	Azure Health Bot	Critical	9.1	Elevation of Privilege	No	No
CVE-2024-37968	Windows DNS Spoofing Vulnerability	Microsoft Windows DNS	Important	7.5	Spoofing	No	No

Quickly Find and Fix Your Most At-Risk Weaknesses

Watch this demo to see how Fortra VM can help.

Watch now

Patch Tuesday Update - August 2024

Quickly Find and Fix Your Most At-Risk Weaknesses

Footer 1

Footer 2

Footer 3

Footer Menu 4

Contact Information

Privacy Policy

Cookie Policy

Impressum