Windows users must update by September 3, CISA says
Microsoft has released the monthly round of Patch Tuesday security updates, with fixes for a total of 90 vulnerabilities across the Windows ecosystem. Of these, the Microsoft Security Response Center warns that five Windows vulnerabilities are already under active cyber attacks. These zero-day security issues are so critical that the U.S. Cybersecurity and Infrastructure Security Agency has included all of them in the Known Exploited Vulnerabilities Catalog with a compliance update deadline of September 3.
Although the CISA compliance deadline of September 3 applies specifically to certain federal civilian executive branch agencies under U.S. Government Binding Operational Directive 22-01, it does not mean that others, including private sector organizations and individuals, are exempt. CISA emphasizes that the KEV catalog is intended to aid “the cybersecurity community and network defenders” and aims to assist “every organization better manage vulnerabilities and keep up with threat activity.” Essentially, to minimize the risk of cyber attacks, all organizations and individuals should focus on updating their systems to address these vulnerabilities. For most consumers, this generally means applying the latest Patch Tuesday security updates thoroughly. However, for organizations that require testing updates before deployment to operational environments, it’s crucial to consider KEV listings as part of their vulnerability management and prioritization strategies.
Prioritize patching for known exploits
CVE-2024-38178 is a Windows scripting engine memory corruption vulnerability which could allow an attacker to initiate remote code execution on the affected system. This zero-day is rated 7.6 with a severity of important, affecting Windows 10, Windows 11 as well as Windows Server 2012 and later. “The attacker would need to prepare the target so that it would use Edge in Internet Explorer Mode to execute a specially crafted file,” Chris Goettl, vice president of security product management at Ivanti, said, “risk-based guidance would treat this update as a higher severity than important and to remediate as soon as possible.”
CVE-2024-38213 is a Windows ‘Mark of the Web’ security feature bypass vulnerability that could enable an attacker to bypass SmartScreen user protection on Windows 10, Windows 11 as well as Windows Server 2012 and later. “This feature is designed as an extra layer of defence-in-depth by marking files that are downloaded from the internet as untrusted,” Kev Breen, senior director of cyber threat research at Immersive Labs, said. “This vulnerability is not exploitable on its own,” Breen advised, “and is typically seen as part of an exploit chain, for example, modifying a malicious document or exe file to include this bypass before sending the file via email or distributing on compromised websites.”
CVE-2024-38193 is an elevation of privilege vulnerability in the Windows ancillary function driver for WinSock, affecting Windows 10, Windows 11 and Windows Server 2008 and later. “Successful exploitation is via a use-after-free memory management bug, and could lead to SYSTEM privileges,” Adam Barnett, lead software engineer with Rapid7, said. “The advisory doesn’t provide further clues, but with existing in-the-wild exploitation, low attack complexity, no user interaction involved, and low privileges required, this is one to patch immediately to keep malware at bay.”
CVE-2024-38106 is a Windows kernel elevation of privilege vulnerability affecting Windows 10, Windows 11 and Windows Server 2016 and later. “This vulnerability arises when sensitive data is stored in memory that lacks adequate protection,” Mike Walters, president and co-founder of Action1, said, “permitting a low-privileged attacker to manipulate the memory content and escalate their privileges to the SYSTEM level.” The good news is that there is quite a challenge in exploiting this one, that being “the necessity to exploit the race condition with precise timing,” Walters said, “aiming to gain control over the memory before it is securely locked or accessed.”
CVE-2024-38107 is identified as a use-after-free elevation of privilege vulnerability within the Windows power dependency coordinator. This issue affects Windows 10, Windows 11, and Windows 2012 or later. Described by Walters, this zero-day vulnerability involves a situation where “a program continues to use a pointer to memory after it has been freed,” potentially leading to arbitrary code execution or full system control. To exploit this vulnerability, an attacker would require local access to the machine with minimal privileges, yet the potential consequences of a successful attack include disabling security mechanisms, deploying additional malware, or facilitating lateral movement within the network, as per Walters’ analysis.
One Community. Many Voices. Create a free account to share your thoughts.
Our community focuses on bridging people together through thoughtful and open discussions. We encourage our readers to share their perspectives and engage in exchanges of ideas and facts within a protected environment.
Please adhere to the posting guidelines stipulated in our site’s Terms of Service. Below is a summary of some key rules: maintain civility at all times.
Your post will be rejected if we notice that it seems to contain:
User accounts will be blocked if we notice or believe that users are engaged in:
So, how can you be a power user?
Thanks for reading our community guidelines. Please read the full list of posting rules found in our site’s Terms of Service.
Welcome to DediRock, your trusted partner in high-performance hosting solutions. At DediRock, we specialize in providing dedicated servers, VPS hosting, and cloud services tailored to meet the unique needs of businesses and individuals alike. Our mission is to deliver reliable, scalable, and secure hosting solutions that empower our clients to achieve their digital goals. With a commitment to exceptional customer support, cutting-edge technology, and robust infrastructure, DediRock stands out as a leader in the hosting industry. Join us and experience the difference that dedicated service and unwavering reliability can make for your online presence. Launch our website.