Microsoft Monthly Security Update – 14 August 2024

In Cyber Security by Matsco Engineering Team

 

Microsoft have released a security advisory on the 14th of August 2024 in line with their regular monthly patch schedule which includes a number of updates to address two (2) Extremely High Risk, one (1) High Risk, four (4) Medium Risk and two (2) Low Risk product vulnerabilities.

These updates address vulnerabilities which may impact services through Information Disclosure, Elevation of Privilege, Security Restriction Bypass, Spoofing, Denial of Service, Remote Code Execution and Data Manipulation.

For more information please see: Microsoft Security Update

This release consists of security updates for the following products, features and roles:

  • .NET and Visual Studio
  • Azure Connected Machine Agent
  • Azure CycleCloud
  • Azure Health Bot
  • Azure IoT SDK
  • Azure Stack
  • Line Printer Daemon Service (LPD)
  • Microsoft Bluetooth Driver
  • Microsoft Copilot Studio
  • Microsoft Dynamics
  • Microsoft Edge (Chromium-based)
  • Microsoft Local Security Authority Server (lsasrv)
  • Microsoft Office
  • Microsoft Office Excel
  • Microsoft Office Outlook
  • Microsoft Office PowerPoint
  • Microsoft Office Project
  • Microsoft Office Visio
  • Microsoft Streaming Service
  • Microsoft Teams
  • Microsoft WDAC OLE DB provider for SQL
  • Microsoft Windows DNS
  • Reliable Multicast Transport Driver (RMCAST)
  • Windows Ancillary Function Driver for WinSock
  • Windows App Installer
  • Windows Clipboard Virtual Channel Extension
  • Windows Cloud Files Mini Filter Driver
  • Windows Common Log File System Driver
  • Windows Compressed Folder
  • Windows Deployment Services
  • Windows DWM Core Library
  • Windows Initial Machine Configuration
  • Windows IP Routing Management Snapin
  • Windows Kerberos
  • Windows Kernel
  • Windows Kernel-Mode Drivers
  • Windows Layer-2 Bridge Network Driver
  • Windows Mark of the Web (MOTW)
  • Windows Mobile Broadband
  • Windows Network Address Translation (NAT)
  • Windows Network Virtualization
  • Windows NT OS Kernel
  • Windows NTFS
  • Windows Power Dependency Coordinator
  • Windows Print Spooler Components
  • Windows Resource Manager
  • Windows Routing and Remote Access Service (RRAS)
  • Windows Scripting
  • Windows Secure Kernel Mode
  • Windows Security Center
  • Windows SmartScreen
  • Windows TCP/IP
  • Windows Transport Security Layer (TLS)
  • Windows Update Stack
  • Windows WLAN Auto Config Service

 

CVE-2024-38107 is being exploited in the wild and an attacker who successfully exploits this vulnerability could gain SYSTEM privileges. 

CVE-2024-38213 is being exploited in the wild and this vulnerability can be exploited to bypass the SmartScreen user experience. 

CVE 2024 38193 is being exploited in the wild and an attacker who successfully exploits this vulnerability could gain SYSTEM privileges.

CVE-2024-38106 is being exploited in the wild and an attacker who successfully exploits this vulnerability could gain SYSTEM privileges. 

CVE-2024-38178 is being exploited in the wild and an attacker who successfully exploits this vulnerability can initiate remote code execution if the target uses Edge in Internet Explorer Mode. 

CVE-2024-38189 is being exploited in the wild and an attacker who successfully exploits this vulnerability could perform remote code execution on a system where the policy to block macros from running in Office files from the Internet is disabled, and VBA Macro Notification Settings are not enabled.

Matsco recommends any affected systems are updated as soon as convenient 

Please contact the Matsco Solutions team on the below if you would like any further information or would like to schedule a maintenance.

support@matscosolutions.com

Beijing  +86 400 120 2782
Hong Kong  +852 8101 8418
London   +44 (0)20 7821 4950
New York  +1 866 446 9226
Singapore  +65 6100 1090

Share this Post