Microsoft Monthly Security Update (August 2024)
RISK: Extremely High Risk
TYPE: Operating Systems - Windows OS
Microsoft has released monthly security update for their products:
| Vulnerable Product | Risk Level | Impacts | Notes |
| Mariner |  Medium Risk | Security Restriction Bypass Remote Code Execution | |
| Windows |  Extremely High Risk | Security Restriction Bypass Information Disclosure Remote Code Execution Elevation of Privilege Denial of Service Data Manipulation Spoofing | CVE-2024-38107 is being exploited in the wild. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.
CVE-2024-38213 is being exploited in the wild. This vulnerability can be exploited to bypass the SmartScreen user experience.
CVE 2024 38193 is being exploited in the wild. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.
CVE-2024-38106 is being exploited in the wild. An attacker who successfully exploits this vulnerability could gain SYSTEM privileges if they win a race condition.
CVE-2024-38178 is being exploited in the wild. An attacker who successfully exploits this vulnerability can initiate remote code execution if the target uses Edge in Internet Explorer Mode. |
| Extended Security Updates (ESU) | Extremely High Risk | Security Restriction Bypass Remote Code Execution Elevation of Privilege Information Disclosure Denial of Service Spoofing | CVE-2024-38107 is being exploited in the wild. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.
CVE-2024-38213 is being exploited in the wild. This vulnerability can be exploited to bypass the SmartScreen user experience.
CVE 2024 38193 is being exploited in the wild. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.
CVE-2024-38178 is being exploited in the wild. An attacker who successfully exploits this vulnerability can initiate remote code execution if the target uses Edge in Internet Explorer Mode. |
| Azure | Medium Risk | Spoofing Elevation of Privilege Remote Code Execution | |
| Developer Tools | Medium Risk | Information Disclosure Denial of Service Remote Code Execution | |
| Microsoft Office |  High Risk | Remote Code Execution Spoofing Elevation of Privilege Information Disclosure | CVE-2024-38189 is being exploited in the wild. An attacker who successfully exploits this vulnerability could perform remote code execution on a system where the policy to block macros from running in Office files from the Internet is disabled, and VBA Macro Notification Settings are not enabled. |
| Browser | Medium Risk | Remote Code Execution | |
| Apps |  Low Risk | Spoofing | |
| Microsoft Dynamics | Low Risk | Spoofing |
Number of 'Extremely High Risk' product(s): 2
Number of 'High Risk' product(s): 1
Number of 'Medium Risk' product(s): 4
Number of 'Low Risk' product(s): 2
Evaluation of overall 'Risk Level': Extremely High Risk
Impact
- Information Disclosure
- Elevation of Privilege
- Security Restriction Bypass
- Spoofing
- Denial of Service
- Remote Code Execution
- Data Manipulation
System / Technologies affected
- Mariner
- Windows
- Extended Security Updates (ESU)
- Azure
- Developer Tools
- Microsoft Office
- Browser
- Apps
- Microsoft Dynamics
Solutions
Before installation of the software, please visit the vendor web-site for more details.
- Apply fixes issued by the vendor.
Vulnerability Identifier
Source
Related Link
Related Tags
Share with