Report Name: Microsoft Patch Tuesday, August 2024Generated: 2024-08-14 11:19:27
| Product Name | Prevalence | U | C | H | M | L | A | Comment |
|---|---|---|---|---|---|---|---|---|
| Windows Kernel | 0.9 | 1 | 3 | 4 | Windows Kernel | |||
| Windows TCP/IP | 0.9 | 1 | 1 | Windows component | ||||
| Chromium | 0.8 | 5 | 26 | 31 | Chromium is a free and open-source web browser project, mainly developed and maintained by Google | |||
| Microsoft DWM Core Library | 0.8 | 1 | 1 | Windows component | ||||
| Microsoft Edge | 0.8 | 2 | 3 | 5 | Web browser | |||
| Microsoft Office | 0.8 | 1 | 1 | Microsoft Office is a suite of applications designed to help with productivity and completing common tasks on a computer | ||||
| OpenSSH | 0.8 | 1 | 1 | OpenSSH is a suite of secure networking utilities based on the Secure Shell protocol, which provides a secure channel over an unsecured network in a client–server architecture | ||||
| Secure Boot | 0.8 | 1 | 1 | 2 | Secure boot is a security standard developed by members of the PC industry to help make sure that a device boots using only software that is trusted by the Original Equipment Manufacturer (OEM) | |||
| Windows Ancillary Function Driver for WinSock | 0.8 | 1 | 1 | 2 | Windows component | |||
| Windows App Installer | 0.8 | 1 | 1 | Windows component | ||||
| Windows Bluetooth Driver | 0.8 | 1 | 1 | Windows component | ||||
| Windows Cloud Files Mini Filter Driver | 0.8 | 1 | 1 | Windows component | ||||
| Windows Common Log File System Driver | 0.8 | 1 | 1 | Common Log File System is a general-purpose logging subsystem that is accessible to both kernel-mode as well as user-mode applications for building high-performance transaction logs | ||||
| Windows Compressed Folder | 0.8 | 1 | 1 | Windows component | ||||
| Windows DNS | 0.8 | 1 | 1 | Windows component | ||||
| Windows DWM Core Library | 0.8 | 1 | 1 | Windows component | ||||
| Windows Deployment Services | 0.8 | 1 | 1 | Windows component | ||||
| Windows IP Routing Management Snapin | 0.8 | 3 | 3 | Windows component | ||||
| Windows Initial Machine Configuration | 0.8 | 1 | 1 | Windows component | ||||
| Windows Kerberos | 0.8 | 1 | 1 | Windows component | ||||
| Windows Kernel-Mode Driver | 0.8 | 4 | 4 | Windows component | ||||
| Windows Layer-2 Bridge Network Driver | 0.8 | 2 | 2 | Windows component | ||||
| Windows Line Printer Daemon (LPD) Service | 0.8 | 1 | 1 | Windows component | ||||
| Windows Mark of the Web | 0.8 | 1 | 1 | Windows component | ||||
| Windows Mobile Broadband Driver | 0.8 | 1 | 1 | Windows component | ||||
| Windows NTFS | 0.8 | 1 | 1 | The default file system of the Windows NT family | ||||
| Windows Network Address Translation (NAT) | 0.8 | 2 | 2 | Windows component | ||||
| Windows Network Virtualization | 0.8 | 2 | 2 | Windows component | ||||
| Windows OLE | 0.8 | 1 | 1 | Windows component | ||||
| Windows Power Dependency Coordinator | 0.8 | 1 | 1 | Windows component | ||||
| Windows Print Spooler | 0.8 | 1 | 1 | Windows component | ||||
| Windows Reliable Multicast Transport Driver (RMCAST) | 0.8 | 1 | 1 | Windows component | ||||
| Windows Resilient File System (ReFS) | 0.8 | 1 | 1 | Windows component | ||||
| Windows Resource Manager PSM Service Extension | 0.8 | 2 | 2 | Windows component | ||||
| Windows Routing and Remote Access Service (RRAS) | 0.8 | 5 | 1 | 6 | Windows component | |||
| Windows Secure Channel | 0.8 | 1 | 1 | Windows component | ||||
| Windows Secure Kernel Mode | 0.8 | 2 | 2 | Windows component | ||||
| Windows SmartScreen | 0.8 | 1 | 1 | SmartScreen is a cloud-based anti-phishing and anti-malware component included in several Microsoft products, including operating systems Windows 8 and later, the applications Internet Explorer, Microsoft Edge | ||||
| Windows Update Stack | 0.8 | 1 | 1 | 2 | Windows component | |||
| Windows WLAN AutoConfig Service | 0.8 | 1 | 1 | Windows сomponent | ||||
| .NET and Visual Studio | 0.7 | 2 | 2 | .NET and Visual Studio | ||||
| Microsoft Excel | 0.6 | 2 | 2 | MS Office product | ||||
| Microsoft Office Visio | 0.6 | 1 | 1 | Microsoft Visio | ||||
| Microsoft Outlook | 0.6 | 1 | 1 | Microsoft Outlook is a personal information manager software system from Microsoft, available as a part of the Microsoft 365 software suites | ||||
| Microsoft PowerPoint | 0.6 | 1 | 1 | Microsoft PowerPoint | ||||
| Windows Hyper-V | 0.6 | 1 | 1 | Hardware virtualization component of the client editions of Windows NT | ||||
| Azure Connected Machine Agent | 0.5 | 2 | 2 | Azure Connected Machine Agent | ||||
| Azure CycleCloud | 0.5 | 1 | 1 | Azure CycleCloud | ||||
| Azure IoT SDK | 0.5 | 2 | 2 | Azure IoT SDK | ||||
| Azure Stack Hub | 0.5 | 2 | 2 | Azure Stack Hub | ||||
| Clipboard Virtual Channel Extension | 0.5 | 1 | 1 | Clipboard Virtual Channel Extension | ||||
| GRUB2 | 0.5 | 1 | 1 | Product detected by a:gnu:grub2 (exists in CPE dict) | ||||
| Kernel Streaming Service Driver | 0.5 | 1 | 1 | Kernel Streaming Service Driver | ||||
| Kernel Streaming WOW Thunk Service Driver | 0.5 | 3 | 3 | Kernel Streaming WOW Thunk Service Driver | ||||
| Microsoft Dynamics 365 | 0.5 | 1 | 1 | 2 | Microsoft Dynamics 365 is a product line of enterprise resource planning (ERP) and customer relationship management (CRM) intelligent business applications | |||
| Microsoft Dynamics 365 (on-premises) | 0.5 | 1 | 1 | Microsoft Dynamics 365 (on-premises) | ||||
| Microsoft Local Security Authority (LSA) Server | 0.5 | 2 | 2 | Microsoft Local Security Authority (LSA) Server | ||||
| Microsoft OfficePlus | 0.5 | 1 | 1 | Microsoft OfficePlus | ||||
| Microsoft Project | 0.5 | 1 | 1 | Microsoft Project | ||||
| Microsoft Teams for iOS | 0.5 | 1 | 1 | Microsoft Teams for iOS | ||||
| Scripting Engine | 0.5 | 1 | 1 | Scripting Engine | ||||
| Security Center Broker | 0.5 | 1 | 1 | Security Center Broker | ||||
| copilot_studio | 0.5 | 1 | 1 | Product detected by a:microsoft:copilot_studio (does NOT exist in CPE dict) | ||||
| Azure | 0.4 | 1 | 1 | Azure | ||||
| Unknown Product | 0 | 2 | 2 | Unknown Product |
| Vulnerability Type | Criticality | U | C | H | M | L | A |
|---|---|---|---|---|---|---|---|
| Remote Code Execution | 1.0 | 2 | 18 | 12 | 32 | ||
| Authentication Bypass | 0.98 | 2 | 3 | 5 | |||
| Command Injection | 0.97 | 2 | 2 | ||||
| Security Feature Bypass | 0.9 | 1 | 5 | 2 | 8 | ||
| Elevation of Privilege | 0.85 | 3 | 30 | 33 | |||
| Information Disclosure | 0.83 | 1 | 7 | 8 | |||
| Cross Site Scripting | 0.8 | 2 | 2 | ||||
| Denial of Service | 0.7 | 6 | 6 | ||||
| Memory Corruption | 0.5 | 1 | 22 | 23 | |||
| Spoofing | 0.4 | 9 | 9 | ||||
| Tampering | 0.3 | 1 | 1 | ||||
| Unknown Vulnerability Type | 0 | 1 | 1 |
| Source | U | C | H | M | L | A |
|---|---|---|---|---|---|---|
| MS PT Extended | 1 | 9 | 35 | 45 | ||
| Qualys | 6 | 7 | 16 | 29 | ||
| Tenable | 6 | 3 | 9 | 18 | ||
| Rapid7 | 6 | 2 | 2 | 10 | ||
| ZDI | 5 | 5 |
1. 
Remote Code Execution - OpenSSH (CVE-2024-6387) - Critical [728]
Description: {'ms_cve_data_all': 'RedHat Openssh: CVE-2024-6387 Remote Code Execution Due To A Race Condition In Signal Handling', 'nvd_cve_data_all': 'A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period.', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}
MS PT Extended: CVE-2024-6387 was published before August 2024 Patch Tuesday from 2024-07-10 to 2024-08-12
2. 
Elevation of Privilege - Windows Kernel (CVE-2024-38106) - Critical [720]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 1.0 | 18 | Exploitation in the wild is mentioned on Vulners (cisa_kev object), Microsoft websites | |
| 0.6 | 17 | The existence of a private exploit is mentioned on Microsoft:PrivateExploit:Functional website | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.9 | 14 | Windows Kernel | |
| 0.7 | 10 | CVSS Base Score is 7.0. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
Qualys: CVE-2024-38106: Windows Kernel Elevation of Privilege Vulnerability The Windows kernel is the core of the Windows operating system (OS). It is a computer program that provides essential services for the OS, including low-level operations, scheduling threads, routing hardware interruptions, and more. An attacker must win a race condition to exploit the vulnerability successfully. An attacker who successfully exploits the vulnerability could gain SYSTEM privileges. CISA acknowledged the active exploitation of CVE-2024-38106 by adding it to its Known Exploited Vulnerabilities Catalog and requesting users patch the flaw before September 3, 2024.
Tenable: CVE-2024-38106, CVE-2024-38133 and CVE-2024-38153 | Windows Kernel Elevation of Privilege Vulnerability
Tenable: CVE-2024-38106, CVE-2024-38133 and CVE-2024-38153 are EoP vulnerabilities affecting the Windows Kernel. CVE-2024-38133 and CVE-2024-38153 received CVSSv3 scores of 7.8, while CVE-2024-38106 was scored as a 7. Despite the lower severity and the exploitability requirements of the attacker needing to win a race condition for successful exploitation, CVE-2024-38106 was reportedly exploited in the wild as a zero-day. CVE-2024-38133 and CVE-2024-38153 were not listed as being exploited, however CVE-2024-38133 was rated as “Exploitation More Likely” according to the Microsoft Exploitability Index. Successful exploitation of these vulnerabilities could allow the attacker to elevate privileges to SYSTEM.
Rapid7: Still on the topic of exploited-in-the-wild, elevation-to-SYSTEM vulnerabilities: CVE-2024-38106 requires an attacker to win a race condition which falls under CWE-591: Sensitive Data Storage in Improperly Locked Memory. Although the advisory for CVE-2024-38106 does not provide further detail, a reasonable assumption here might be that the vulnerability could be similar to CVE-2023-36403, where exploitation relies on a flaw in the way the Windows kernel handles locking for registry virtualization, which allows Windows to redirect globally-impactful registry read/write operations to per-user locations to support legacy applications which are not UAC-compatible. Curiously, Windows Server 2012 does not receive a patch for CVE-2024-38106, so either the vulnerability was introduced in a later codebase, or Microsoft is hoping that attackers won’t notice.
ZDI: CVE-2024-38106 - Windows Kernel Elevation of Privilege Vulnerability. This is another privilege escalation bug under active attack that leads to SYSTEM privileges. Microsoft lists exploit complexity as high due to the attacker needing to win a race condition. However, some races are easier to run than others. It’s times like this where the CVSS can be misleading. Race conditions do lead to complexity high in the CVSS score, but with attacks in the wild, it’s clear this bug is readily exploitable.
3. Elevation of Privilege - Windows Ancillary Function Driver for WinSock (CVE-2024-38193) - Critical [716]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 1.0 | 18 | Exploitation in the wild is mentioned on Vulners (cisa_kev object), Microsoft websites | |
| 0.6 | 17 | The existence of a private exploit is mentioned on Microsoft:PrivateExploit:Functional website | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.8 | 14 | Windows component | |
| 0.8 | 10 | CVSS Base Score is 7.8. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
Qualys: CVE-2024-38193: Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability The Windows Ancillary Function Driver (AFD) for WinSock (afd.sys) is a kernel entry point for the Winsock API. An attacker who successfully exploits the vulnerability could gain SYSTEM privileges. CISA acknowledged the active exploitation of CVE-2024-38193 by adding it to its Known Exploited Vulnerabilities Catalog and requesting users patch the flaw before September 3, 2024. CVE-2024-38213: Windows SmartScreen Security Feature Bypass Vulnerability Windows SmartScreen, also known as Microsoft Defender SmartScreen or SmartScreen Filter, is a cloud-based service that helps protect users from malicious websites, applications, and downloads. An attacker must send the user a malicious file and convince them to open it. On successful exploitation, an attacker could bypass the SmartScreen user experience. CISA acknowledged the active exploitation of CVE-2024-38213 by adding it to its Known Exploited Vulnerabilities Catalog and requesting users patch the flaw before September 3, 2024.
Tenable: CVE-2024-38141 and CVE-2024-38193 | Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
Tenable: CVE-2024-38141 and CVE-2024-38193 are EoP vulnerabilities affecting the Windows Ancillary Function Driver for Winsock (afd.sys). Both of these vulnerabilities were given CVSSv3 scores of 7.8 and can allow an attacker to escalate privileges to SYSTEM. CVE-2024-38141 is rated as “Exploitation More Likely” and CVE-2024-38193 was reported to have been exploited in the wild as a zero-day vulnerability.
Rapid7: Moving on to known-exploited vulnerabilities: the Windows Ancillary Function Driver for WinSock receives a patch for exploited-in-the-wild elevation of privilege vulnerability CVE-2024-38193. Successful exploitation is via a use-after-free memory management bug, and could lead to SYSTEM privileges. The advisory doesn’t provide further clues, but with existing in-the-wild exploitation, low attack complexity, no user interaction involved, and low privileges required, this is one to patch immediately to keep malware at bay.
ZDI: CVE-2024-38193 - Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability. This privilege escalation bug allows attackers to run code as SYSTEM. These types of bugs are typically paired with a code execution bug to take over a target. Microsoft doesn’t provide any indication of how broadly this is being exploited, but considering the source, if it’s not in ransomware already, it likely will be soon.
4. Elevation of Privilege - Windows Power Dependency Coordinator (CVE-2024-38107) - Critical [716]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 1.0 | 18 | Exploitation in the wild is mentioned on Vulners (cisa_kev object), Microsoft websites | |
| 0.6 | 17 | The existence of a private exploit is mentioned on Microsoft:PrivateExploit:Functional website | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.8 | 14 | Windows component | |
| 0.8 | 10 | CVSS Base Score is 7.8. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
Qualys: CVE-2024-38107: Windows Power Dependency Coordinator Elevation of Privilege Vulnerability Power Dependency Coordinator (PDC is a component of Modern Standby. On successful exploitation, an attacker could gain SYSTEM privileges. CISA acknowledged the active exploitation of CVE-2024-38107 by adding it to its Known Exploited Vulnerabilities Catalog and requesting users patch the flaw before September 3, 2024.
Tenable: CVE-2024-38107 | Windows Power Dependency Coordinator Elevation of Privilege Vulnerability
Tenable: CVE-2024-38107 is an EoP Vulnerability affecting Windows Power Dependency Coordinator (pdc.sys), a driver responsible for power management on a Windows system. This vulnerability was exploited in the wild as a zero-day, though no specific details about exploitation were available at the time this blog was published. Microsoft provided a CVSSv3 score of 7.8 for this vulnerability and patches are available for all supported versions of Windows and Windows Server.
Rapid7: While we’re looking at exploited-in-the-wild, use-after-free vulnerabilities with minimalist advisories: CVE-2024-38107 also leads to SYSTEM privileges via abuse of the Windows Power Dependency Coordinator, which allows Windows computers to wake almost instantly from sleep. Of course, nothing comes for free: this vulnerability requires no user interaction, has low attack complexity, and requires low privileges. Patch all your Windows assets sooner rather than later.
ZDI: CVE-2024-38107 - Windows Power Dependency Coordinator Elevation of Privilege Vulnerability. Here’s yet another privilege escalation bug that leads to SYSTEM being exploited in the wild. If you’re not familiar with the Power Dependency Coordinator (PDC), it’s a component of Modern Standby. Essentially, its purpose was to allow devices to “instantly” wake from sleep. It was introduced in Windows 8. It also shows how adding capabilities can often add attack surface, too.
5. 
Security Feature Bypass - Windows Mark of the Web (CVE-2024-38213) - Critical [713]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 1.0 | 18 | Exploitation in the wild is mentioned on Vulners (cisa_kev object), Microsoft websites | |
| 0.6 | 17 | The existence of a private exploit is mentioned on Microsoft:PrivateExploit:Functional website | |
| 0.9 | 15 | Security Feature Bypass | |
| 0.8 | 14 | Windows component | |
| 0.7 | 10 | CVSS Base Score is 6.5. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
Qualys: CVE-2024-38193: Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability The Windows Ancillary Function Driver (AFD) for WinSock (afd.sys) is a kernel entry point for the Winsock API. An attacker who successfully exploits the vulnerability could gain SYSTEM privileges. CISA acknowledged the active exploitation of CVE-2024-38193 by adding it to its Known Exploited Vulnerabilities Catalog and requesting users patch the flaw before September 3, 2024. CVE-2024-38213: Windows SmartScreen Security Feature Bypass Vulnerability Windows SmartScreen, also known as Microsoft Defender SmartScreen or SmartScreen Filter, is a cloud-based service that helps protect users from malicious websites, applications, and downloads. An attacker must send the user a malicious file and convince them to open it. On successful exploitation, an attacker could bypass the SmartScreen user experience. CISA acknowledged the active exploitation of CVE-2024-38213 by adding it to its Known Exploited Vulnerabilities Catalog and requesting users patch the flaw before September 3, 2024.
Tenable: CVE-2024-38213 | Windows Mark of the Web Security Feature Bypass Vulnerability
Tenable: CVE-2024-38213 is a security feature bypass vulnerability with an assigned CVSSv3 score of 6.5. Exploitation of this vulnerability requires a user to open a specially crafted file, which could be hosted on a file server, website or sent via a phishing email. If the attacker is successful in convincing a victim to open this file, they could bypass the Windows SmartScreen user experience. Microsoft has flagged this as “Exploitation Detected” as they are aware of an instance of this vulnerability being exploited.
Rapid7: CVE-2024-38213 describes a Mark of the Web (MotW) security bypass vulnerability in all current Windows products. An attacker who convinces a user to open a malicious file could bypass SmartScreen, which would normally warn the user about files downloaded from the internet, which Windows would otherwise have tagged with MotW. CVE-2024-38213 likely offers less utility to attackers than a broadly-similar SmartScreen bypass published in February 2024, since unlike today’s offering, the advisory for CVE-2024-21351 also described the potential for code injection into SmartScreen itself. The lower CVSSv3 base score for CVE-2024-21351 reflects that difference.
6. Remote Code Execution - Microsoft Project (CVE-2024-38189) - Critical [704]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 1.0 | 18 | Exploitation in the wild is mentioned on Vulners (cisa_kev object), Microsoft websites | |
| 0.6 | 17 | The existence of a private exploit is mentioned on Microsoft:PrivateExploit:Functional website | |
| 1.0 | 15 | Remote Code Execution | |
| 0.5 | 14 | Microsoft Project | |
| 0.9 | 10 | CVSS Base Score is 8.8. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
Qualys: CVE-2024-38189: Microsoft Project Remote Code Execution Vulnerability Microsoft Project is project management software designed to assist a project manager in developing a schedule, assigning resources to tasks, tracking progress, managing the budget, and analyzing workloads. The vulnerability can be exploited in two types of attacks: Email attack scenario: In this attack, an attacker must convince users to open a malicious file sent to them in an email attachment. Web-based attack scenario: In this attack, an attacker can host a website containing a malicious file designed. CISA acknowledged the active exploitation of CVE-2024-38189 by adding it to its Known Exploited Vulnerabilities Catalog and requesting users patch the flaw before September 3, 2024.
Tenable: CVE-2024-38189 | Microsoft Project Remote Code Execution Vulnerability
Tenable: CVE-2024-38189 is a RCE vulnerability affecting Microsoft Project, a project management tool. This vulnerability received a CVSSv3 score of 8.8 and was exploited in the wild. According to the advisory, exploitation requires an unsuspecting victim to open a crafted Microsoft Office Project file. Additionally, the system must be configured to have the “Block macros from running in Office files from the Internet policy” disabled as well as have the VBA Macro Notification Settings disabled in order for a successful attack. Micsoft’s advisory does clarify that the Preview Pane is not an attack vector for this vulnerability and offers mitigation options to protect systems if immediate patching cannot be immediately performed.
Rapid7: Rounding out this month’s half dozen exploited-in-the-wild vulnerabilities is CVE-2024-38189, which describes RCE in Microsoft Project. Exploitation requires that an attacker convince the user to open a malicious file, and is possible only where the “Block macros from running in Office files from the Internet” policy is disabled — it is enabled by default — and the “VBA Macro Notification Settings” are set to a low enough level. Happily, the Preview Pane is not an attack vector in this case.
ZDI: CVE-2024-38189 - Microsoft Project Remote Code Execution Vulnerability. It’s definitely odd to see a code execution bug in Project, but not only do we have one here, it’s being exploited in the wild. For the most part, this is your typical open-and-own bug, but in this case, the target allows macros to run from the internet. The target also needs to disable the VBA Macro Notification Settings. If you do this, please don’t. Here’s some guidance on how to block macros from running in Office products. And if you’re opening random Project files from dicey resources, please go re-take your phishing training.
7. 
Memory Corruption - Scripting Engine (CVE-2024-38178) - Critical [603]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 1.0 | 18 | Exploitation in the wild is mentioned on Vulners (cisa_kev object), Microsoft websites | |
| 0.6 | 17 | The existence of a private exploit is mentioned on Microsoft:PrivateExploit:Functional website | |
| 0.5 | 15 | Memory Corruption | |
| 0.5 | 14 | Scripting Engine | |
| 0.8 | 10 | CVSS Base Score is 7.5. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
Qualys: CVE-2024-38178: Scripting Engine Memory Corruption Vulnerability An attacker may exploit the vulnerability by convincing an authenticated user to a specially crafted URL to be compromised by the attacker. CISA acknowledged the active exploitation of CVE-2024-38178 by adding it to its Known Exploited Vulnerabilities Catalog and requesting users patch the flaw before September 3, 2024.
Tenable: CVE-2024-38178 | Scripting Engine Memory Corruption Vulnerability
Tenable: CVE-2024-38178 is a Scripting Engine memory corruption vulnerability in Windows Scripting. This vulnerability was assigned a CVSSv3 score of 7.5 and Microsoft notes that exploitation has been observed. According to Microsoft, an authenticated victim must have Edge in Internet Explorer Mode as a prerequisite for exploitation prior to an unauthenticated attacker convincing the victim to click a specially crafted URL to obtain RCE.
Rapid7: Although Edge RCE vulnerability CVE-2024-38178 is already known to be exploited in the wild, it likely won’t be top of anyone’s list of greatest concerns this month. The advisory clarifies that successful exploitation would require the attacker to not only convince a user to click a malicious link, but also to first prepare the target asset so that it uses Edge in Internet Explorer Mode. IE Mode provides backwards-compatibility functionality so that users can view legacy websites which rely on the fascinating idiosyncrasies of Internet Explorer; such sites are often served by enterprise legacy web applications, which goes a long way to explaining Microsoft’s continued motivation to keep Internet Explorer somewhat alive. If not already enabled on the target asset, the attacker would have to achieve a modification of Edge settings to enable the “Allow sites to be reloaded in Internet Explorer” setting. Subsequent exploitation would involve convincing the user to open an Internet Explorer mode tab within Edge and then opening the malicious URL. Remediation involves patching Windows itself; all current versions of Windows are affected.
ZDI: CVE-2024-38178 - Scripting Engine Memory Corruption Vulnerability. This vulnerability is somewhat unusual as it requires the target to be using Edge in Internet Explorer mode. It seems the long arm of IE again reaches out from beyond the vale to cause problems. Once Edge is in IE mode, it just takes a user to click a link to get code execution. This patch also comes with a fix for Windows 11 v24H2, which isn’t generally available. However, Copilot+ devices ship with this Windows version, thus the update here.
8. Remote Code Execution - Secure Boot (CVE-2023-40547) - High [514]
Description: Redhat: CVE-2023-40547 Shim -
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 1.0 | 15 | Remote Code Execution | |
| 0.8 | 14 | Secure boot is a security standard developed by members of the PC industry to help make sure that a device boots using only software that is trusted by the Original Equipment Manufacturer (OEM) | |
| 0.8 | 10 | CVSS Base Score is 8.3. According to Microsoft data source | |
| 0.9 | 10 | EPSS Probability is 0.02521, EPSS Percentile is 0.9032 |
Qualys: CVE-2023-40547: Shim RCE in HTTP boot support may lead to secure boot bypass The vulnerability exists in Linux Shim boot. Successful exploitation of the vulnerability could lead to remote code execution, crash, denial of service, and exposure of sensitive data under specific circumstances.
9. 
Authentication Bypass - Windows Update Stack (CVE-2024-38202) - High [472]
Description: {'ms_cve_data_all': 'Windows Update Stack Elevation of Privilege Vulnerability. Summary\nMicrosoft was notified that an elevation of privilege vulnerability exists in Windows Update, potentially enabling an attacker with basic user privileges to reintroduce previously mitigated vulnerabilities or circumvent some features of Virtualization Based Security (VBS). However, an attacker attempting to exploit this vulnerability requires additional interaction by a privileged user to be successful.\nMicrosoft is developing a security update to mitigate this threat, but it is not yet available. Guidance to help customers reduce the risks associated with this vulnerability and to protect their systems until the mitigation is available in a Windows security update is provided in the Recommended Actions section of this CVE.\nThis CVE will be updated, and customers will be notified when the official mitigation is available in a Windows security update. We highly encourage customers to subscribe to Security Update Guide notifications to receive an alert when this update occurs.\nDetails\nA security researcher informed Microsoft of an elevation of privilege vulnerability in Windows Update potentially enabling an attacker with basic user privileges to reintroduce previously mitigated vulnerabilities or circumvent some features of VBS. For exploitation to succeed, an attacker must trick or convince an Administrator or a user with delegated permissions into performing a system restore which inadvertently triggers the vulnerability.\nMicrosoft is developing a security update that will mitigate this vulnerability, but it is not yet available. This CVE will be updated with new information and links to the security updates once available. We highly encourage customers subscribe to Security Update Guide notifications to be alerted of updates. See Microsoft Technical Security Notifications and Security Update Guide Notification System News: Create your profile now – Microsoft Security Response Center.\nMicrosoft is not aware of any attempts to exploit this vulnerability. However, a public presentation regarding this vulnerability was hosted at BlackHat on August 7, 2024. The presentation was appropriately coordinated with Microsoft but may change the threat landscape. Customers concerned with these risks should reference the guidance provided in the Recommended Actions section to protect their systems.\nRecommended Actions\nThe following recommendations do not mitigate the vulnerability but can be used to reduce the risk of exploitation until the security update is available.\n\nConfigure “Audit Object Access” settings to monitor attempts to access files, such as handle creation, read / write operations, or modifications to security descriptors.\n\nAudit File System - Windows 10 | Microsoft Learn\nApply a basic audit policy on a file or folder - Windows 10 | Microsoft Learn\n\n\nAudit users with permission to perform Update and Restore operations to ensure only the appropriate users can perform these operations.\n\nAudit: Audit the use of Backup and Restore privilege (Windows 10) - Windows 10 | Microsoft Learn\n\n\nImplement an Access Control List or Discretionary Access Control Lists to restrict the access or modification of Update files and perform Restore operations to appropriate users, for example administrators only.\n\nAccess Control overview | Microsoft Learn\nDiscretionary Access Control Lists (DACL)\n\n\nAuditing sensitive privileges used to identify access, modification, or replacement of Update related files could help indicate attempts to exploit this vulnerability.\n\nAudit Sensitive Privilege Use - Windows 10 | Microsoft Learn\n\n\n\n', 'nvd_cve_data_all': 'Summary Microsoft was notified that an elevation of privilege vulnerability exists in Windows Update, potentially enabling an attacker with basic user privileges to reintroduce previously mitigated vulnerabilities or circumvent some features of Virtualization Based Security (VBS). However, an attacker attempting to exploit this vulnerability requires additional interaction by a privileged user to be successful. Microsoft is developing a security update to mitigate this threat, but it is not yet available. Guidance to help customers reduce the risks associated with this vulnerability and to protect their systems until the mitigation is available in a Windows security update is provided in the Recommended Actions section of this CVE. This CVE will be updated, and customers will be notified when the official mitigation is available in a Windows security update. We highly encourage customers to subscribe to Security Update Guide notifications to receive an alert when this update occurs. Details A security researcher informed Microsoft of an elevation of privilege vulnerability in Windows Update potentially enabling an attacker with basic user privileges to reintroduce previously mitigated vulnerabilities or circumvent some features of VBS. For exploitation to succeed, an attacker must trick or convince an Administrator or a user with delegated permissions into performing a system restore which inadvertently triggers the vulnerability. Microsoft is developing a security update that will mitigate this vulnerability, but it is not yet available. This CVE will be updated with new information and links to the security updates once available. We highly encourage customers subscribe to Security Update Guide notifications to be alerted of updates. See Microsoft Technical Security Notifications and Security Update Guide Notification System News: Create your profile now – Microsoft Security Response Center. Microsoft is not aware of any attempts to exploit this vulnerability. However, a public presentation regarding this vulnerability was hosted at BlackHat on August 7, 2024. The presentation was appropriately coordinated with Microsoft but may change the threat landscape. Customers concerned with these risks should reference the guidance provided in the Recommended Actions section to protect their systems. Recommended Actions The following recommendations do not mitigate the vulnerability but can be used to reduce the risk of exploitation until the security update is available. Configure “Audit Object Access” settings to monitor attempts to access files, such as handle creation, read / write operations, or modifications to security descriptors. Audit File System - Windows 10 | Microsoft Learn Apply a basic audit policy on a file or folder - Windows 10 | Microsoft Learn Audit users with permission to perform Update and Restore operations to ensure only the appropriate users can perform these operations. Audit: Audit the use of Backup and Restore privilege (Windows 10) - Windows 10 | Microsoft Learn Implement an Access Control List or Discretionary Access Control Lists to restrict the access or modification of Update files and perform Restore operations to appropriate users, for example administrators only. Access Control overview | Microsoft Learn Discretionary Access Control Lists (DACL) Auditing sensitive privileges used to identify access, modification, or replacement of Update related files could help indicate attempts to exploit this vulnerability. Audit Sensitive Privilege Use - Windows 10 | Microsoft Learn', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'Summary\nMicrosoft was notified that an elevation of privilege vulnerability exists in Windows Update, potentially enabling an attacker with basic user privileges to reintroduce previously mitigated vulnerabilities or circumvent some features of Virtualization Based Security (VBS). However, an attacker attempting to exploit this vulnerability requires additional interaction by a privileged user to be successful.\nMicrosoft is developing a security update to mitigate this threat, but it is not yet available. Guidance to help customers reduce the risks associated with this vulnerability and to protect their systems until the mitigation is available in a Windows security update is provided in the Recommended Actions section of this CVE.\nThis CVE will be updated, and customers will be notified when the official mitigation is available in a Windows security update. We highly encourage customers to subscribe to Security Update Guide notifications to receive an alert when this update occurs.\nDetails\nA security researcher informed Microsoft of an elevation of privilege vulnerability in Windows Update potentially enabling an attacker with basic user privileges to reintroduce previously mitigated vulnerabilities or circumvent some features of VBS. For exploitation to succeed, an attacker must trick or convince an Administrator or a user with delegated permissions into performing a system restore which inadvertently triggers the vulnerability.\nMicrosoft is developing a security update that will mitigate this vulnerability, but it is not yet available. This CVE will be updated with new information and links to the security updates once available. We highly encourage customers subscribe to Security Update Guide notifications to be alerted of updates. See Microsoft Technical Security Notifications and Security Update Guide Notification System News: Create your profile now – Microsoft Security Response Center.\nMicrosoft is not aware of any attempts to exploit this vulnerability. However, a public presentation regarding this vulnerability was hosted at BlackHat on August 7, 2024. The presentation was appropriately coordinated with Microsoft but may change the threat landscape. Customers concerned with these risks should reference the guidance provided in the Recommended Actions section to protect their systems.\nRecommended Actions\nThe following recommendations do not mitigate the vulnerability but can be used to reduce the risk of exploitation until the security update is available.\n\nConfigure “Audit Object Access” settings to monitor attempts to access files, such as handle creation, read / write operations, or modifications to security descriptors.\n\nAudit File System - Windows 10 | Microsoft Learn\nApply a basic audit policy on a file or folder - Windows 10 | Microsoft Learn\n\n\nAudit users with permission to perform Update and Restore operations to ensure only the appropriate users can perform these operations.\n\nAudit: Audit the use of Backup and Restore privilege (Windows 10) - Windows 10 | Microsoft Learn\n\n\nImplement an Access Control List or Discretionary Access Control Lists to restrict the access or modification of Update files and perform Restore operations to appropriate users, for example administrators only.\n\nAccess Control overview | Microsoft Learn\nDiscretionary Access Control Lists (DACL)\n\n\nAuditing sensitive privileges used to identify access, modification, or replacement of Update related files could help indicate attempts to exploit this vulnerability.\n\nAudit Sensitive Privilege Use - Windows 10 | Microsoft Learn', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0.4 | 17 | The existence of a private exploit is mentioned on Microsoft:PrivateExploit:PoC website | |
| 0.98 | 15 | Authentication Bypass | |
| 0.8 | 14 | Windows component | |
| 0.7 | 10 | CVSS Base Score is 7.3. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
MS PT Extended: CVE-2024-38202 was published before August 2024 Patch Tuesday from 2024-07-10 to 2024-08-12
Qualys: Microsoft Patch Tuesday for August 2024 Microsoft Patch’s Tuesday, August 2024 edition addressed 102 vulnerabilities, including nine critical and 77 important severity vulnerabilities. In this month’s updates, Microsoft has addressed six actively exploited vulnerabilities, along with three publicly disclosed zero-day vulnerabilities (CVE-2024-21302, CVE-2024-38202, and CVE-2024-38199). There is a tenth publicly disclosed zero-day vulnerability (CVE-2024-38200) for which Microsoft has not released any patch. Microsoft has addressed 12 vulnerabilities in Microsoft Edge (Chromium-based), which were patched earlier this month. Microsoft Patch Tuesday, August edition includes updates for vulnerabilities in Microsoft Office and Components, Microsoft Windows DNS, Windows TCP/IP, Microsoft Teams, Windows Secure Boot, Windows Secure Kernel Mode, Windows Security Center, Windows SmartScreen, Windows App Installer, Windows Scripting, and more. Microsoft has fixed several flaws in multiple software, including Spoofing, Denial of Service (DoS), Elevation of Privilege (EoP), Cross-site Scripting (XSS), Information Disclosure, Security Feature Bypass, and Remote Code Execution (RCE). The August 2024 Microsoft vulnerabilities are classified as follows: Vulnerability CategoryQuantitySeveritiesSpoofing Vulnerability5Important: 5Denial of Service Vulnerability6Important: 6Elevation of Privilege Vulnerability34Critical: 1Important: 33Information Disclosure Vulnerability7Critical: 1Important: 6Remote Code Execution Vulnerability28Critical: 4Important: 24Security Feature Bypass Vulnerability4Important: 2Cross-site Scripting Vulnerability1Critical: 1
Tenable: CVE-2024-38163 and CVE-2024-38202 | Windows Update Stack Elevation of Privilege Vulnerability
Tenable: CVE-2024-38163 and CVE-2024-38202 are both EoP vulnerabilities in Windows Update Stack and were assigned CVSSv3 scores of 7.8 and 7.3 respectively. CVE-2024-38163, if successfully exploited could result in gaining SYSTEM privileges. Microsoft has noted that users don’t need to take any action for this vulnerability as it is only exploitable at run time and the impacted version of WinRE has been superseded by a new version.
Tenable: CVE-2024-38202 was disclosed and presented at BlackHat USA 2024 and DEF CON 32 by SafeBreach Labs researcher Alon Leviev prior to the August 2024 Patch Tuesday release. The vulnerability which exists in Windows Backup, allows a user with basic privileges to “reintroduce previously mitigated vulnerabilities or circumvent some features of Virtualization Based Security (VBS)”. Leviev identified the vulnerability in the Windows Update mechanism that could allow unauthorized elevation of privileges by enforcing the downgrade of system components. This vulnerability exposes systems to previously patched exploits, making them susceptible to attacks that could leverage these old vulnerabilities. Microsoft has noted that “an attacker attempting to exploit this vulnerability requires additional interaction by a privileged user to be successful.” Microsoft issued an advisory in coordination with this disclosure at Black Hat.
Tenable: CVE-2024-21302 was disclosed at Black Hat USA 2024 by the previously mentioned security researcher, Alon Leviev. Leviev demonstrated that CVE-2024-21302 could be chained with CVE-2024-38202 to downgrade or roll back software versions without the need for interaction from a victim with elevated privileges. The result of this chained attack is the target device could be made susceptible to previously patched vulnerabilities, increasing the attack surface of the device. CVE-2024-21302 was also included in the previously mentioned Microsoft advisory released in coordination with the disclosure at Black Hat.
Rapid7: CVE-2024-38202 describes an elevation of privilege vulnerability in the Windows Update Stack, and exploitation requires that an attacker convinces an administrative user to perform a system restore — unusual, certainly, but social engineers can accomplish many things. Microsoft optimistically assesses exploitation of this vulnerability as less likely. The advisory does not explain how a user with basic privileges can modify the target asset’s System directory, which is required to plant the malicious system restore files, although the SafeBreach write-up does explain the flaw in significant detail. No patch is yet available, although the advisory states that a security update to mitigate this threat is under development. Microsoft provides several recommended actions, which do not mitigate the vulnerability, but can at least provide additional barriers to exploitation and put in place some useful additional visibility of the attack surface and exploitation attempts. One possible outcome of exploitation is that an attacker could modify the integrity and repair utility so that it will no longer detect corruptions in Windows system files.
10. Remote Code Execution - Windows TCP/IP (CVE-2024-38063) - High [447]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 1.0 | 15 | Remote Code Execution | |
| 0.9 | 14 | Windows component | |
| 1.0 | 10 | CVSS Base Score is 9.8. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
Qualys: CVE-2024-38063: Windows TCP/IP Remote Code Execution Vulnerability Transmission Control Protocol/Internet Protocol (TCP/IP) is an industry-standard protocol suite designed for large networks of network segments connected by routers. TCP/IP is the core protocol suite used on the Internet. An unauthenticated attacker may send IPv6 packets, including specially crafted packets, to a Windows machine, which can lead to remote code execution.
Tenable: CVE-2024-38063 | Windows TCP/IP Remote Code Execution Vulnerability
Tenable: CVE-2024-38063 is a critical RCE vulnerability affecting Windows TCP/IP. It received a CVSSv3 score of 9.8 and is rated as “Exploitation More Likely.” An attacker could remotely exploit this vulnerability by sending specially crafted IPv6 packets to a host. Microsoft’s mitigation suggestions suggest disabling IPv6 as only IPv6 packets can be abused to exploit this vulnerability. Microsoft has released patches for all supported versions of Windows and Windows Server, including Server Core installations.
11. Remote Code Execution - Chromium (CVE-2024-7256) - High [430]
Description: Insufficient data validation in Dawn in Google Chrome on Android prior to 127.0.6533.88
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 1.0 | 15 | Remote Code Execution | |
| 0.8 | 14 | Chromium is a free and open-source web browser project, mainly developed and maintained by Google | |
| 0.9 | 10 | CVSS Base Score is 8.8. According to NVD data source | |
| 0.1 | 10 | EPSS Probability is 0.00043, EPSS Percentile is 0.0936 |
MS PT Extended: CVE-2024-7256 was published before August 2024 Patch Tuesday from 2024-07-10 to 2024-08-12
12. Remote Code Execution - Windows Line Printer Daemon (LPD) Service (CVE-2024-38199) - High [430]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 1.0 | 15 | Remote Code Execution | |
| 0.8 | 14 | Windows component | |
| 1.0 | 10 | CVSS Base Score is 9.8. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
Qualys: Microsoft Patch Tuesday for August 2024 Microsoft Patch’s Tuesday, August 2024 edition addressed 102 vulnerabilities, including nine critical and 77 important severity vulnerabilities. In this month’s updates, Microsoft has addressed six actively exploited vulnerabilities, along with three publicly disclosed zero-day vulnerabilities (CVE-2024-21302, CVE-2024-38202, and CVE-2024-38199). There is a tenth publicly disclosed zero-day vulnerability (CVE-2024-38200) for which Microsoft has not released any patch. Microsoft has addressed 12 vulnerabilities in Microsoft Edge (Chromium-based), which were patched earlier this month. Microsoft Patch Tuesday, August edition includes updates for vulnerabilities in Microsoft Office and Components, Microsoft Windows DNS, Windows TCP/IP, Microsoft Teams, Windows Secure Boot, Windows Secure Kernel Mode, Windows Security Center, Windows SmartScreen, Windows App Installer, Windows Scripting, and more. Microsoft has fixed several flaws in multiple software, including Spoofing, Denial of Service (DoS), Elevation of Privilege (EoP), Cross-site Scripting (XSS), Information Disclosure, Security Feature Bypass, and Remote Code Execution (RCE). The August 2024 Microsoft vulnerabilities are classified as follows: Vulnerability CategoryQuantitySeveritiesSpoofing Vulnerability5Important: 5Denial of Service Vulnerability6Important: 6Elevation of Privilege Vulnerability34Critical: 1Important: 33Information Disclosure Vulnerability7Critical: 1Important: 6Remote Code Execution Vulnerability28Critical: 4Important: 24Security Feature Bypass Vulnerability4Important: 2Cross-site Scripting Vulnerability1Critical: 1
Tenable: CVE-2024-38199 | Windows Line Printer Daemon (LPD) Service Remote Code Execution Vulnerability
Tenable: CVE-2024-38199 is a RCE vulnerability in Windows Line Printer Daemon (LPD) Service. The flaw was assigned a CVSSv3 score of 9.8 and rated “Exploitation Less Likely” by Microsoft. A remote attacker could exploit this across a network by dispatching a specially crafted print task to Windows LPD Service, if successful it would result in RCE on the server. Microsoft has also noted that it was publicly disclosed prior to a patch being available.
Rapid7: Line Printer Daemon (LPD) vulnerabilities are like buses: you wait ages for one, and then two come along in quick succession. Last month’s denial of service vulnerability is now joined by CVE-2024-38199, a publicly-disclosed RCE vulnerability. Exploitation requires that an attacker sends a malicious print task to a shared vulnerable Windows Line Printer Daemon service across the network. Many admins won’t need to worry about this vulnerability, since Microsoft has been encouraging everyone to migrate away from LPD for almost a decade, and it isn’t installed by default on Windows products newer than Server 2012. Still, patches are available for Windows Server 2008 SP2, Server 2022 23H2, and everything in between.
13. Remote Code Execution - Windows Reliable Multicast Transport Driver (RMCAST) (CVE-2024-38140) - High [430]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 1.0 | 15 | Remote Code Execution | |
| 0.8 | 14 | Windows component | |
| 1.0 | 10 | CVSS Base Score is 9.8. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
Qualys: CVE-2024-38140: Windows Reliable Multicast Transport Driver (RMCAST) Remote Code Execution Vulnerability Reliable multicast transport is a computer networking protocol that sends messages from one sender to multiple receivers in a distributed system, ensuring that all intended recipients receive the message accurately and in the correct order. An unauthenticated attacker may exploit the vulnerability by sending specially crafted packets to a Windows Pragmatic General Multicast (PGM) open socket on the server. Exploitation of the vulnerability does not require any user interaction.
14. Remote Code Execution - Windows IP Routing Management Snapin (CVE-2024-38114) - High [419]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 1.0 | 15 | Remote Code Execution | |
| 0.8 | 14 | Windows component | |
| 0.9 | 10 | CVSS Base Score is 8.8. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
15. Remote Code Execution - Windows IP Routing Management Snapin (CVE-2024-38115) - High [419]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 1.0 | 15 | Remote Code Execution | |
| 0.8 | 14 | Windows component | |
| 0.9 | 10 | CVSS Base Score is 8.8. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
16. Remote Code Execution - Windows IP Routing Management Snapin (CVE-2024-38116) - High [419]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 1.0 | 15 | Remote Code Execution | |
| 0.8 | 14 | Windows component | |
| 0.9 | 10 | CVSS Base Score is 8.8. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
17. Remote Code Execution - Windows Network Virtualization (CVE-2024-38159) - High [419]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 1.0 | 15 | Remote Code Execution | |
| 0.8 | 14 | Windows component | |
| 0.9 | 10 | CVSS Base Score is 9.1. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
Qualys: CVE-2024-38159 & CVE-2024-38160: Windows Network Virtualization Remote Code Execution Vulnerability Windows Network Virtualization (WNV) allows developers to send on-demand policy requests to a data center management server or orchestrator. These requests can respond to virtual machine life cycle events, such as provisioning and live migration. An attacker may exploit the vulnerability by leveraging the unchecked return value in the wnv.sys component of Windows Server 2016. An attacker may cause unauthorized memory writes or even free a valid block currently in use by manipulating the Memory Descriptor List (MDL) content. Successful exploitation of the vulnerability may lead to a critical guest-to-host escape.
18. Remote Code Execution - Windows Network Virtualization (CVE-2024-38160) - High [419]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 1.0 | 15 | Remote Code Execution | |
| 0.8 | 14 | Windows component | |
| 0.9 | 10 | CVSS Base Score is 9.1. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
Qualys: CVE-2024-38159 & CVE-2024-38160: Windows Network Virtualization Remote Code Execution Vulnerability Windows Network Virtualization (WNV) allows developers to send on-demand policy requests to a data center management server or orchestrator. These requests can respond to virtual machine life cycle events, such as provisioning and live migration. An attacker may exploit the vulnerability by leveraging the unchecked return value in the wnv.sys component of Windows Server 2016. An attacker may cause unauthorized memory writes or even free a valid block currently in use by manipulating the Memory Descriptor List (MDL) content. Successful exploitation of the vulnerability may lead to a critical guest-to-host escape.
19. Remote Code Execution - Windows Routing and Remote Access Service (RRAS) (CVE-2024-38120) - High [419]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 1.0 | 15 | Remote Code Execution | |
| 0.8 | 14 | Windows component | |
| 0.9 | 10 | CVSS Base Score is 8.8. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
20. Remote Code Execution - Windows Routing and Remote Access Service (RRAS) (CVE-2024-38121) - High [419]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 1.0 | 15 | Remote Code Execution | |
| 0.8 | 14 | Windows component | |
| 0.9 | 10 | CVSS Base Score is 8.8. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
21. Remote Code Execution - Windows Routing and Remote Access Service (RRAS) (CVE-2024-38128) - High [419]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 1.0 | 15 | Remote Code Execution | |
| 0.8 | 14 | Windows component | |
| 0.9 | 10 | CVSS Base Score is 8.8. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
22. Remote Code Execution - Windows Routing and Remote Access Service (RRAS) (CVE-2024-38130) - High [419]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 1.0 | 15 | Remote Code Execution | |
| 0.8 | 14 | Windows component | |
| 0.9 | 10 | CVSS Base Score is 8.8. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
23. Remote Code Execution - Windows Routing and Remote Access Service (RRAS) (CVE-2024-38154) - High [419]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 1.0 | 15 | Remote Code Execution | |
| 0.8 | 14 | Windows component | |
| 0.9 | 10 | CVSS Base Score is 8.8. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
24. Authentication Bypass - Microsoft Dynamics 365 (CVE-2024-38182) - High [413]
Description: Weak authentication in
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.98 | 15 | Authentication Bypass | |
| 0.5 | 14 | Microsoft Dynamics 365 is a product line of enterprise resource planning (ERP) and customer relationship management (CRM) intelligent business applications | |
| 0.9 | 10 | CVSS Base Score is 9.0. According to Microsoft data source | |
| 0.4 | 10 | EPSS Probability is 0.00091, EPSS Percentile is 0.39429 |
MS PT Extended: CVE-2024-38182 was published before August 2024 Patch Tuesday from 2024-07-10 to 2024-08-12
25. Security Feature Bypass - Chromium (CVE-2024-6772) - High [413]
Description: Inappropriate implementation in V8 in Google Chrome prior to 126.0.6478.182 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.9 | 15 | Security Feature Bypass | |
| 0.8 | 14 | Chromium is a free and open-source web browser project, mainly developed and maintained by Google | |
| 0.9 | 10 | CVSS Base Score is 8.8. According to NVD data source | |
| 0.1 | 10 | EPSS Probability is 0.00043, EPSS Percentile is 0.0936 |
MS PT Extended: CVE-2024-6772 was published before August 2024 Patch Tuesday from 2024-07-10 to 2024-08-12
26. Security Feature Bypass - Chromium (CVE-2024-6773) - High [413]
Description: Inappropriate implementation in V8 in Google Chrome prior to 126.0.6478.182 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.9 | 15 | Security Feature Bypass | |
| 0.8 | 14 | Chromium is a free and open-source web browser project, mainly developed and maintained by Google | |
| 0.9 | 10 | CVSS Base Score is 8.8. According to NVD data source | |
| 0.1 | 10 | EPSS Probability is 0.00043, EPSS Percentile is 0.0936 |
MS PT Extended: CVE-2024-6773 was published before August 2024 Patch Tuesday from 2024-07-10 to 2024-08-12
27. Remote Code Execution - Microsoft Edge (CVE-2024-39379) - High [407]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 1.0 | 15 | Remote Code Execution | |
| 0.8 | 14 | Web browser | |
| 0.7 | 10 | CVSS Base Score is 7.0. According to Microsoft data source | |
| 0.1 | 10 | EPSS Probability is 0.00044, EPSS Percentile is 0.13163 |
MS PT Extended: CVE-2024-39379 was published before August 2024 Patch Tuesday from 2024-07-10 to 2024-08-12
28. Remote Code Execution - Windows Deployment Services (CVE-2024-38138) - High [407]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 1.0 | 15 | Remote Code Execution | |
| 0.8 | 14 | Windows component | |
| 0.8 | 10 | CVSS Base Score is 7.5. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
29. Remote Code Execution - Windows OLE (CVE-2024-38152) - High [407]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 1.0 | 15 | Remote Code Execution | |
| 0.8 | 14 | Windows component | |
| 0.8 | 10 | CVSS Base Score is 7.8. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
30. Security Feature Bypass - Chromium (CVE-2024-6995) - High [401]
Description: Inappropriate implementation in Fullscreen in Google Chrome on Android prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.9 | 15 | Security Feature Bypass | |
| 0.8 | 14 | Chromium is a free and open-source web browser project, mainly developed and maintained by Google | |
| 0.9 | 10 | CVSS Base Score is 8.8. According to NVD data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
MS PT Extended: CVE-2024-6995 was published before August 2024 Patch Tuesday from 2024-07-10 to 2024-08-12
31. Security Feature Bypass - Chromium (CVE-2024-7005) - High [401]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.9 | 15 | Security Feature Bypass | |
| 0.8 | 14 | Chromium is a free and open-source web browser project, mainly developed and maintained by Google | |
| 0.9 | 10 | CVSS Base Score is 8.8. According to NVD data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
MS PT Extended: CVE-2024-7005 was published before August 2024 Patch Tuesday from 2024-07-10 to 2024-08-12
32. Security Feature Bypass - Windows SmartScreen (CVE-2024-38180) - High [401]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.9 | 15 | Security Feature Bypass | |
| 0.8 | 14 | SmartScreen is a cloud-based anti-phishing and anti-malware component included in several Microsoft products, including operating systems Windows 8 and later, the applications Internet Explorer, Microsoft Edge | |
| 0.9 | 10 | CVSS Base Score is 8.8. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
33. 
Information Disclosure - Microsoft Edge (CVE-2024-38103) - High [400]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.83 | 15 | Information Disclosure | |
| 0.8 | 14 | Web browser | |
| 0.6 | 10 | CVSS Base Score is 5.9. According to Microsoft data source | |
| 0.4 | 10 | EPSS Probability is 0.00088, EPSS Percentile is 0.38372 |
MS PT Extended: CVE-2024-38103 was published before August 2024 Patch Tuesday from 2024-07-10 to 2024-08-12
34. Elevation of Privilege - Windows Kernel (CVE-2024-38133) - Medium [397]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.9 | 14 | Windows Kernel | |
| 0.8 | 10 | CVSS Base Score is 7.8. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
Qualys: Other Microsoft Vulnerability Highlights CVE-2024-38196 is an elevation of privilege vulnerability in the Windows Common Log File System Driver. On successful exploitation, an attacker could gain SYSTEM privileges. CVE-2024-38198 is an elevation of privilege vulnerability in Windows Print Spooler. An attacker must win a race condition to exploit the vulnerability. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges. CVE-2024-38125 is an elevation of privilege vulnerability in Kernel Streaming WOW Thunk Service Driver. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges. CVE-2024-38133 is an elevation of privilege vulnerability in Windows Kernel. An attacker may exploit the vulnerability by convincing a user to send a request to a malicious server. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. CVE-2024-38141 is an elevation of privilege vulnerability in Windows Ancillary Function Driver for WinSock. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges. CVE-2024-38144 is an elevation of privilege vulnerability in Kernel Streaming WOW Thunk Service Driver. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. CVE-2024-38147 is an elevation of privilege vulnerability in Microsoft DWM Core Library. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. To exploit this vulnerability, an attacker must log on to the system. CVE-2024-38148 is a denial-of-service vulnerability in Windows Secure Channel. CVE-2024-38150 is an elevation of privilege vulnerability in Windows DWM Core Library. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges. CVE-2024-38163 is an elevation of privilege vulnerability in the Windows Update Stack. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges.
Tenable: CVE-2024-38106, CVE-2024-38133 and CVE-2024-38153 | Windows Kernel Elevation of Privilege Vulnerability
Tenable: CVE-2024-38106, CVE-2024-38133 and CVE-2024-38153 are EoP vulnerabilities affecting the Windows Kernel. CVE-2024-38133 and CVE-2024-38153 received CVSSv3 scores of 7.8, while CVE-2024-38106 was scored as a 7. Despite the lower severity and the exploitability requirements of the attacker needing to win a race condition for successful exploitation, CVE-2024-38106 was reportedly exploited in the wild as a zero-day. CVE-2024-38133 and CVE-2024-38153 were not listed as being exploited, however CVE-2024-38133 was rated as “Exploitation More Likely” according to the Microsoft Exploitability Index. Successful exploitation of these vulnerabilities could allow the attacker to elevate privileges to SYSTEM.
35. Elevation of Privilege - Windows Kernel (CVE-2024-38153) - Medium [397]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.9 | 14 | Windows Kernel | |
| 0.8 | 10 | CVSS Base Score is 7.8. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
Tenable: CVE-2024-38106, CVE-2024-38133 and CVE-2024-38153 | Windows Kernel Elevation of Privilege Vulnerability
Tenable: CVE-2024-38106, CVE-2024-38133 and CVE-2024-38153 are EoP vulnerabilities affecting the Windows Kernel. CVE-2024-38133 and CVE-2024-38153 received CVSSv3 scores of 7.8, while CVE-2024-38106 was scored as a 7. Despite the lower severity and the exploitability requirements of the attacker needing to win a race condition for successful exploitation, CVE-2024-38106 was reportedly exploited in the wild as a zero-day. CVE-2024-38133 and CVE-2024-38153 were not listed as being exploited, however CVE-2024-38133 was rated as “Exploitation More Likely” according to the Microsoft Exploitability Index. Successful exploitation of these vulnerabilities could allow the attacker to elevate privileges to SYSTEM.
36. Remote Code Execution - Microsoft Edge (CVE-2024-38219) - Medium [395]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 1.0 | 15 | Remote Code Execution | |
| 0.8 | 14 | Web browser | |
| 0.7 | 10 | CVSS Base Score is 6.5. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
MS PT Extended: CVE-2024-38219 was published before August 2024 Patch Tuesday from 2024-07-10 to 2024-08-12
37. Remote Code Execution - Windows Mobile Broadband Driver (CVE-2024-38161) - Medium [395]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 1.0 | 15 | Remote Code Execution | |
| 0.8 | 14 | Windows component | |
| 0.7 | 10 | CVSS Base Score is 6.8. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
38. Authentication Bypass - Windows Secure Kernel Mode (CVE-2024-21302) - Medium [391]
Description: {'ms_cve_data_all': 'Windows Secure Kernel Mode Elevation of Privilege Vulnerability. Summary:\nMicrosoft was notified that an elevation of privilege vulnerability exists in Windows based systems supporting Virtualization Based Security (VBS), including a subset of Azure Virtual Machine SKUS. This vulnerability enables an attacker with administrator privileges to replace current versions of Windows system files with outdated versions. By exploiting this vulnerability, an attacker could reintroduce previously mitigated vulnerabilities, circumvent some features of VBS, and exfiltrate data protected by VBS.\nMicrosoft is developing a security update to mitigate this threat, but it is not yet available. Guidance to help customers reduce the risks associated with this vulnerability and to protect their systems until the mitigation is available in a Windows security update is provided in the Recommended Actions section of this CVE.\nThis CVE will be updated when the mitigation is available in a Windows security update. We highly encourage customers to subscribe to Security Update Guide notifications to receive an alert when this update occurs.\nUpdate: August 13, 2024\nMicrosoft has released the August 2024 security updates that include an opt-in revocation policy mitigation to address this vulnerability. Customers running affected versions of Windows are encouraged to review KB5042562: Guidance for blocking rollback of virtualization-based security related updates to assess if this opt-in policy meets the needs of their environment before implementing this mitigation. There are risks associated with this mitigation that should be understood prior to applying it to your systems. Detailed information about these risks is also available in KB5042562.\nDetails:\nA security researcher informed Microsoft of an elevation of privilege vulnerability in Windows 10, Windows 11, Windows Server 2016, and higher based systems including Azure Virtual Machines (VM) that support VBS. For more information on Windows versions and VM SKUs supporting VBS, reference: Virtualization-based Security (VBS) | Microsoft Learn.\nThe vulnerability enables an attacker with administrator privileges on the target system to replace current Windows system files with outdated versions. Successful exploitation provides an attacker with the ability to reintroduce previously mitigated vulnerabilities, circumvent VBS security features, and exfiltrate data protected by VBS.\nMicrosoft is developing a security update that will revoke outdated, unpatched VBS system files to mitigate this vulnerability, but it is not yet available. Due to the complexity of blocking such a large quantity of files, rigorous testing is required to avoid integration failures or regressions. This CVE will be updated with new information and links to the security updates once available. We highly encourage customers subscribe to Security Update Guide notifications to be alerted of updates. For more information see Microsoft Technical Security Notifications and Security Update Guide Notification System News: Create your profile now – Microsoft Security Response Center\nMicrosoft is not aware of any attempts to exploit this vulnerability. However, a public presentation regarding this vulnerability was hosted at BlackHat on August 7, 2024. The presentation was appropriately coordinated with Microsoft but may change the threat landscape. Customers concerned with these risks should reference the guidance provided in the Recommended Actions section to protect their systems.\nRecommended Actions:\nMicrosoft has released an opt-in mitigation available as an interim solution to help protect customers concerned about this vulnerability until the final mitigation is available in a security update.\n\nFor Windows 10 1809 and later, Windows 11 version 21H2 and later, and Windows Server 2019 and later, administrators can deploy a Microsoft-signed revocation policy (SkuSiPolicy.p7b) to block vulnerable, unpatched versions of VBS system files from being loaded by the operating system. For more information, refer to KB5042562: Guidance for blocking rollback of virtualization-based security related updates.\n\nCaution: There are risks associated with this mitigation that should be understood prior to applying it to your systems. Detailed information about these risks is also available in KB5042562.The following recommendations do not mitigate the vulnerability but can be used to reduce the risk of exploitation until the security update is available.\n\nConfigure “Audit Object Access” settings to monitor attempts to access files, such as handle creation, read / write operations, or modifications to security descriptors.\n\nAudit File System - Windows 10 | Microsoft Learn \n\nApply a basic audit policy on a file or folder - Windows 10 | Microsoft Learn\n\nAuditing sensitive privileges used to identify access, modification, or replacement of VBS and Backup related files could help indicate attempts to exploit this vulnerability.\n\nAudit Sensitive Privilege Use - Windows 10 | Microsoft Learn\n\nProtect your Azure tenant by investigating administrators and users flagged for risky sign-ins and rotating their credentials.\n\nInvestigate risk Microsoft Entra ID Protection - Microsoft Entra ID Protection | Microsoft Learn\n\nEnabling Multi-Factor Authentication can also help alleviate concerns about compromised accounts or exposure.\n\nEnforce multifactor verification for users\n\n\nDetections:\nA detection has been added to Microsoft Defender for Endpoint (MDE) to alert customers using this product of an exploit attempt. Instructions for how Azure customers can integrate and enable MDE with Defender for Cloud are found here:\n\nIntegration with Microsoft Defender for Cloud - Microsoft Defender for Endpoint | Microsoft Learn \nEnable the Defender for Endpoint integration - Microsoft Defender for Cloud | Microsoft Learn\n\nNote: False positives may be triggered by legitimate operations due to detection logic. Customers should investigate any alert for this detection to validate the root cause.\n', 'nvd_cve_data_all': 'Summary: Microsoft was notified that an elevation of privilege vulnerability exists in Windows based systems supporting Virtualization Based Security (VBS), including a subset of Azure Virtual Machine SKUS. This vulnerability enables an attacker with administrator privileges to replace current versions of Windows system files with outdated versions. By exploiting this vulnerability, an attacker could reintroduce previously mitigated vulnerabilities, circumvent some features of VBS, and exfiltrate data protected by VBS. Microsoft is developing a security update to mitigate this threat, but it is not yet available. Guidance to help customers reduce the risks associated with this vulnerability and to protect their systems until the mitigation is available in a Windows security update is provided in the Recommended Actions section of this CVE. This CVE will be updated when the mitigation is available in a Windows security update. We highly encourage customers to subscribe to Security Update Guide notifications to receive an alert when this update occurs. Update: August 13, 2024 Microsoft has released the August 2024 security updates that include an opt-in revocation policy mitigation to address this vulnerability. Customers running affected versions of Windows are encouraged to review KB5042562: Guidance for blocking rollback of virtualization-based security related updates to assess if this opt-in policy meets the needs of their environment before implementing this mitigation. There are risks associated with this mitigation that should be understood prior to applying it to your systems. Detailed information about these risks is also available in KB5042562. Details: A security researcher informed Microsoft of an elevation of privilege vulnerability in Windows 10, Windows 11, Windows Server 2016, and higher based systems including Azure Virtual Machines (VM) that support VBS. For more information on Windows versions and VM SKUs supporting VBS, reference: Virtualization-based Security (VBS) | Microsoft Learn. The vulnerability enables an attacker with administrator privileges on the target system to replace current Windows system files with outdated versions. Successful exploitation provides an attacker with the ability to reintroduce previously mitigated vulnerabilities, circumvent VBS security features, and exfiltrate data protected by VBS. Microsoft is developing a security update that will revoke outdated, unpatched VBS system files to mitigate this vulnerability, but it is not yet available. Due to the complexity of blocking such a large quantity of files, rigorous testing is required to avoid integration failures or regressions. This CVE will be updated with new information and links to the security updates once available. We highly encourage customers subscribe to Security Update Guide notifications to be alerted of updates. For more information see Microsoft Technical Security Notifications and Security Update Guide Notification System News: Create your profile now – Microsoft Security Response Center Microsoft is not aware of any attempts to exploit this vulnerability. However, a public presentation regarding this vulnerability was hosted at BlackHat on August 7, 2024. The presentation was appropriately coordinated with Microsoft but may change the threat landscape. Customers concerned with these risks should reference the guidance provided in the Recommended Actions section to protect their systems. Recommended Actions: Microsoft has released an opt-in mitigation available as an interim solution to help protect customers concerned about this vulnerability until the final mitigation is available in a security update. For Windows 10 1809 and later, Windows 11 version 21H2 and later, and Windows Server 2019 and later, administrators can deploy a Microsoft-signed revocation policy (SkuSiPolicy.p7b) to block vulnerable, unpatched versions of VBS system files from being loaded by the operating system. For more information, refer to KB5042562: Guidance for blocking rollback of virtualization-based security related...', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'Summary:\nMicrosoft was notified that an elevation of privilege vulnerability exists in Windows based systems supporting Virtualization Based Security (VBS), including a subset of Azure Virtual Machine SKUS. This vulnerability enables an attacker with administrator privileges to replace current versions of Windows system files with outdated versions. By exploiting this vulnerability, an attacker could reintroduce previously mitigated vulnerabilities, circumvent some features of VBS, and exfiltrate data protected by VBS.\nMicrosoft is developing a security update to mitigate this threat, but it is not yet available. Guidance to help customers reduce the risks associated with this vulnerability and to protect their systems until the mitigation is available in a Windows security update is provided in the Recommended Actions section of this CVE.\nThis CVE will be updated when the mitigation is available in a Windows security update. We highly encourage customers to subscribe to Security Update Guide notifications to receive an alert when this update occurs.\nUpdate: August 13, 2024\nMicrosoft has released the August 2024 security updates that include an opt-in revocation policy mitigation to address this vulnerability. Customers running affected versions of Windows are encouraged to review KB5042562: Guidance for blocking rollback of virtualization-based security related updates to assess if this opt-in policy meets the needs of their environment before implementing this mitigation. There are risks associated with this mitigation that should be understood prior to applying it to your systems. Detailed information about these risks is also available in KB5042562.\nDetails:\nA security researcher informed Microsoft of an elevation of privilege vulnerability in Windows 10, Windows 11, Windows Server 2016, and higher based systems including Azure Virtual Machines (VM) that support VBS. For more information on Windows versions and VM SKUs supporting VBS, reference: Virtualization-based Security (VBS) | Microsoft Learn.\nThe vulnerability enables an attacker with administrator privileges on the target system to replace current Windows system files with outdated versions. Successful exploitation provides an attacker with the ability to reintroduce previously mitigated vulnerabilities, circumvent VBS security features, and exfiltrate data protected by VBS.\nMicrosoft is developing a security update that will revoke outdated, unpatched VBS system files to mitigate this vulnerability, but it is not yet available. Due to the complexity of blocking such a large quantity of files, rigorous testing is required to avoid integration failures or regressions. This CVE will be updated with new information and links to the security updates once available. We highly encourage customers subscribe to Security Update Guide notifications to be alerted of updates. For more information see Microsoft Technical Security Notifications and Security Update Guide Notification System News: Create your profile now – Microsoft Security Response Center\nMicrosoft is not aware of any attempts to exploit this vulnerability. However, a public presentation regarding this vulnerability was hosted at BlackHat on August 7, 2024. The presentation was appropriately coordinated with Microsoft but may change the threat landscape. Customers concerned with these risks should reference the guidance provided in the Recommended Actions section to protect their systems.\nRecommended Actions:\nMicrosoft has released an opt-in mitigation available as an interim solution to help protect customers concerned about this vulnerability until the final mitigation is available in a security update.\n\nFor Windows 10 1809 and later, Windows 11 version 21H2 and later, and Windows Server 2019 and later, administrators can deploy a Microsoft-signed revocation policy (SkuSiPolicy.p7b) to block vulnerable, unpatched versions of VBS system files from being loaded by the operating system. For more information, refer to KB5042562: Guidance for blocking rollback of virtualization-based security related...', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.98 | 15 | Authentication Bypass | |
| 0.8 | 14 | Windows component | |
| 0.7 | 10 | CVSS Base Score is 6.7. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
MS PT Extended: CVE-2024-21302 was published before August 2024 Patch Tuesday from 2024-07-10 to 2024-08-12
Qualys: Microsoft Patch Tuesday for August 2024 Microsoft Patch’s Tuesday, August 2024 edition addressed 102 vulnerabilities, including nine critical and 77 important severity vulnerabilities. In this month’s updates, Microsoft has addressed six actively exploited vulnerabilities, along with three publicly disclosed zero-day vulnerabilities (CVE-2024-21302, CVE-2024-38202, and CVE-2024-38199). There is a tenth publicly disclosed zero-day vulnerability (CVE-2024-38200) for which Microsoft has not released any patch. Microsoft has addressed 12 vulnerabilities in Microsoft Edge (Chromium-based), which were patched earlier this month. Microsoft Patch Tuesday, August edition includes updates for vulnerabilities in Microsoft Office and Components, Microsoft Windows DNS, Windows TCP/IP, Microsoft Teams, Windows Secure Boot, Windows Secure Kernel Mode, Windows Security Center, Windows SmartScreen, Windows App Installer, Windows Scripting, and more. Microsoft has fixed several flaws in multiple software, including Spoofing, Denial of Service (DoS), Elevation of Privilege (EoP), Cross-site Scripting (XSS), Information Disclosure, Security Feature Bypass, and Remote Code Execution (RCE). The August 2024 Microsoft vulnerabilities are classified as follows: Vulnerability CategoryQuantitySeveritiesSpoofing Vulnerability5Important: 5Denial of Service Vulnerability6Important: 6Elevation of Privilege Vulnerability34Critical: 1Important: 33Information Disclosure Vulnerability7Critical: 1Important: 6Remote Code Execution Vulnerability28Critical: 4Important: 24Security Feature Bypass Vulnerability4Important: 2Cross-site Scripting Vulnerability1Critical: 1
Tenable: CVE-2024-21302 and CVE-2024-38142 | Windows Secure Kernel Mode Elevation of Privilege Vulnerability
Tenable: CVE-2024-21302 and CVE-2024-38142 are both elevation of privilege vulnerabilities in Windows Secure Kernel with an exploitability assessment by Microsoft as “Exploitation Less Likely”. CVE-2024-21302 carries a CVSSv3 score of 6.7 and CVE-2024-38142 a score of 7.8 with successful exploitation of either of these vulnerabilities resulting in an attacker gaining SYSTEM privileges.
Tenable: CVE-2024-21302 was disclosed at Black Hat USA 2024 by the previously mentioned security researcher, Alon Leviev. Leviev demonstrated that CVE-2024-21302 could be chained with CVE-2024-38202 to downgrade or roll back software versions without the need for interaction from a victim with elevated privileges. The result of this chained attack is the target device could be made susceptible to previously patched vulnerabilities, increasing the attack surface of the device. CVE-2024-21302 was also included in the previously mentioned Microsoft advisory released in coordination with the disclosure at Black Hat.
Rapid7: CVE-2024-21302 is the second half of the downgrade attack pair discovered by SafeBreach. Exploitation allows an attacker with administrator privileges to replace updated Windows system files with older versions and thus reintroduce vulnerabilities to Virtualization-based security (VBS). Patches are available; however, defenders must note that the patch does not automatically remediate assets, but instead delivers an opt-in Microsoft-signed revocation policy, which brings with it the risk of a boot loop if applied and then improperly reverted. Significant guidance is available under KB5042562: Guidance for blocking rollback of Virtualization-based Security (VBS) related security updates.
39. Elevation of Privilege - Microsoft DWM Core Library (CVE-2024-38147) - Medium [380]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.8 | 14 | Windows component | |
| 0.8 | 10 | CVSS Base Score is 7.8. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
Qualys: Other Microsoft Vulnerability Highlights CVE-2024-38196 is an elevation of privilege vulnerability in the Windows Common Log File System Driver. On successful exploitation, an attacker could gain SYSTEM privileges. CVE-2024-38198 is an elevation of privilege vulnerability in Windows Print Spooler. An attacker must win a race condition to exploit the vulnerability. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges. CVE-2024-38125 is an elevation of privilege vulnerability in Kernel Streaming WOW Thunk Service Driver. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges. CVE-2024-38133 is an elevation of privilege vulnerability in Windows Kernel. An attacker may exploit the vulnerability by convincing a user to send a request to a malicious server. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. CVE-2024-38141 is an elevation of privilege vulnerability in Windows Ancillary Function Driver for WinSock. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges. CVE-2024-38144 is an elevation of privilege vulnerability in Kernel Streaming WOW Thunk Service Driver. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. CVE-2024-38147 is an elevation of privilege vulnerability in Microsoft DWM Core Library. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. To exploit this vulnerability, an attacker must log on to the system. CVE-2024-38148 is a denial-of-service vulnerability in Windows Secure Channel. CVE-2024-38150 is an elevation of privilege vulnerability in Windows DWM Core Library. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges. CVE-2024-38163 is an elevation of privilege vulnerability in the Windows Update Stack. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges.
40. Elevation of Privilege - Windows Ancillary Function Driver for WinSock (CVE-2024-38141) - Medium [380]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.8 | 14 | Windows component | |
| 0.8 | 10 | CVSS Base Score is 7.8. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
Qualys: Other Microsoft Vulnerability Highlights CVE-2024-38196 is an elevation of privilege vulnerability in the Windows Common Log File System Driver. On successful exploitation, an attacker could gain SYSTEM privileges. CVE-2024-38198 is an elevation of privilege vulnerability in Windows Print Spooler. An attacker must win a race condition to exploit the vulnerability. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges. CVE-2024-38125 is an elevation of privilege vulnerability in Kernel Streaming WOW Thunk Service Driver. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges. CVE-2024-38133 is an elevation of privilege vulnerability in Windows Kernel. An attacker may exploit the vulnerability by convincing a user to send a request to a malicious server. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. CVE-2024-38141 is an elevation of privilege vulnerability in Windows Ancillary Function Driver for WinSock. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges. CVE-2024-38144 is an elevation of privilege vulnerability in Kernel Streaming WOW Thunk Service Driver. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. CVE-2024-38147 is an elevation of privilege vulnerability in Microsoft DWM Core Library. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. To exploit this vulnerability, an attacker must log on to the system. CVE-2024-38148 is a denial-of-service vulnerability in Windows Secure Channel. CVE-2024-38150 is an elevation of privilege vulnerability in Windows DWM Core Library. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges. CVE-2024-38163 is an elevation of privilege vulnerability in the Windows Update Stack. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges.
Tenable: CVE-2024-38141 and CVE-2024-38193 | Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
Tenable: CVE-2024-38141 and CVE-2024-38193 are EoP vulnerabilities affecting the Windows Ancillary Function Driver for Winsock (afd.sys). Both of these vulnerabilities were given CVSSv3 scores of 7.8 and can allow an attacker to escalate privileges to SYSTEM. CVE-2024-38141 is rated as “Exploitation More Likely” and CVE-2024-38193 was reported to have been exploited in the wild as a zero-day vulnerability.
41. Elevation of Privilege - Windows Cloud Files Mini Filter Driver (CVE-2024-38215) - Medium [380]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.8 | 14 | Windows component | |
| 0.8 | 10 | CVSS Base Score is 7.8. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
42. Elevation of Privilege - Windows Common Log File System Driver (CVE-2024-38196) - Medium [380]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.8 | 14 | Common Log File System is a general-purpose logging subsystem that is accessible to both kernel-mode as well as user-mode applications for building high-performance transaction logs | |
| 0.8 | 10 | CVSS Base Score is 7.8. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
Qualys: Other Microsoft Vulnerability Highlights CVE-2024-38196 is an elevation of privilege vulnerability in the Windows Common Log File System Driver. On successful exploitation, an attacker could gain SYSTEM privileges. CVE-2024-38198 is an elevation of privilege vulnerability in Windows Print Spooler. An attacker must win a race condition to exploit the vulnerability. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges. CVE-2024-38125 is an elevation of privilege vulnerability in Kernel Streaming WOW Thunk Service Driver. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges. CVE-2024-38133 is an elevation of privilege vulnerability in Windows Kernel. An attacker may exploit the vulnerability by convincing a user to send a request to a malicious server. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. CVE-2024-38141 is an elevation of privilege vulnerability in Windows Ancillary Function Driver for WinSock. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges. CVE-2024-38144 is an elevation of privilege vulnerability in Kernel Streaming WOW Thunk Service Driver. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. CVE-2024-38147 is an elevation of privilege vulnerability in Microsoft DWM Core Library. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. To exploit this vulnerability, an attacker must log on to the system. CVE-2024-38148 is a denial-of-service vulnerability in Windows Secure Channel. CVE-2024-38150 is an elevation of privilege vulnerability in Windows DWM Core Library. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges. CVE-2024-38163 is an elevation of privilege vulnerability in the Windows Update Stack. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges.
43. Elevation of Privilege - Windows DWM Core Library (CVE-2024-38150) - Medium [380]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.8 | 14 | Windows component | |
| 0.8 | 10 | CVSS Base Score is 7.8. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
Qualys: Other Microsoft Vulnerability Highlights CVE-2024-38196 is an elevation of privilege vulnerability in the Windows Common Log File System Driver. On successful exploitation, an attacker could gain SYSTEM privileges. CVE-2024-38198 is an elevation of privilege vulnerability in Windows Print Spooler. An attacker must win a race condition to exploit the vulnerability. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges. CVE-2024-38125 is an elevation of privilege vulnerability in Kernel Streaming WOW Thunk Service Driver. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges. CVE-2024-38133 is an elevation of privilege vulnerability in Windows Kernel. An attacker may exploit the vulnerability by convincing a user to send a request to a malicious server. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. CVE-2024-38141 is an elevation of privilege vulnerability in Windows Ancillary Function Driver for WinSock. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges. CVE-2024-38144 is an elevation of privilege vulnerability in Kernel Streaming WOW Thunk Service Driver. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. CVE-2024-38147 is an elevation of privilege vulnerability in Microsoft DWM Core Library. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. To exploit this vulnerability, an attacker must log on to the system. CVE-2024-38148 is a denial-of-service vulnerability in Windows Secure Channel. CVE-2024-38150 is an elevation of privilege vulnerability in Windows DWM Core Library. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges. CVE-2024-38163 is an elevation of privilege vulnerability in the Windows Update Stack. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges.
44. Elevation of Privilege - Windows Kerberos (CVE-2024-29995) - Medium [380]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.8 | 14 | Windows component | |
| 0.8 | 10 | CVSS Base Score is 8.1. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
45. Elevation of Privilege - Windows Kernel-Mode Driver (CVE-2024-38184) - Medium [380]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.8 | 14 | Windows component | |
| 0.8 | 10 | CVSS Base Score is 7.8. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
46. Elevation of Privilege - Windows Kernel-Mode Driver (CVE-2024-38185) - Medium [380]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.8 | 14 | Windows component | |
| 0.8 | 10 | CVSS Base Score is 7.8. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
47. Elevation of Privilege - Windows Kernel-Mode Driver (CVE-2024-38186) - Medium [380]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.8 | 14 | Windows component | |
| 0.8 | 10 | CVSS Base Score is 7.8. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
48. Elevation of Privilege - Windows Kernel-Mode Driver (CVE-2024-38187) - Medium [380]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.8 | 14 | Windows component | |
| 0.8 | 10 | CVSS Base Score is 7.8. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
49. Elevation of Privilege - Windows NTFS (CVE-2024-38117) - Medium [380]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.8 | 14 | The default file system of the Windows NT family | |
| 0.8 | 10 | CVSS Base Score is 7.8. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
50. Elevation of Privilege - Windows Print Spooler (CVE-2024-38198) - Medium [380]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.8 | 14 | Windows component | |
| 0.8 | 10 | CVSS Base Score is 7.5. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
Qualys: Other Microsoft Vulnerability Highlights CVE-2024-38196 is an elevation of privilege vulnerability in the Windows Common Log File System Driver. On successful exploitation, an attacker could gain SYSTEM privileges. CVE-2024-38198 is an elevation of privilege vulnerability in Windows Print Spooler. An attacker must win a race condition to exploit the vulnerability. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges. CVE-2024-38125 is an elevation of privilege vulnerability in Kernel Streaming WOW Thunk Service Driver. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges. CVE-2024-38133 is an elevation of privilege vulnerability in Windows Kernel. An attacker may exploit the vulnerability by convincing a user to send a request to a malicious server. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. CVE-2024-38141 is an elevation of privilege vulnerability in Windows Ancillary Function Driver for WinSock. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges. CVE-2024-38144 is an elevation of privilege vulnerability in Kernel Streaming WOW Thunk Service Driver. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. CVE-2024-38147 is an elevation of privilege vulnerability in Microsoft DWM Core Library. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. To exploit this vulnerability, an attacker must log on to the system. CVE-2024-38148 is a denial-of-service vulnerability in Windows Secure Channel. CVE-2024-38150 is an elevation of privilege vulnerability in Windows DWM Core Library. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges. CVE-2024-38163 is an elevation of privilege vulnerability in the Windows Update Stack. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges.
51. Elevation of Privilege - Windows Resilient File System (ReFS) (CVE-2024-38135) - Medium [380]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.8 | 14 | Windows component | |
| 0.8 | 10 | CVSS Base Score is 7.8. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
52. Elevation of Privilege - Windows Secure Kernel Mode (CVE-2024-38142) - Medium [380]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.8 | 14 | Windows component | |
| 0.8 | 10 | CVSS Base Score is 7.8. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
Tenable: CVE-2024-21302 and CVE-2024-38142 | Windows Secure Kernel Mode Elevation of Privilege Vulnerability
Tenable: CVE-2024-21302 and CVE-2024-38142 are both elevation of privilege vulnerabilities in Windows Secure Kernel with an exploitability assessment by Microsoft as “Exploitation Less Likely”. CVE-2024-21302 carries a CVSSv3 score of 6.7 and CVE-2024-38142 a score of 7.8 with successful exploitation of either of these vulnerabilities resulting in an attacker gaining SYSTEM privileges.
53. Elevation of Privilege - Windows Update Stack (CVE-2024-38163) - Medium [380]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.8 | 14 | Windows component | |
| 0.8 | 10 | CVSS Base Score is 7.8. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
Qualys: Other Microsoft Vulnerability Highlights CVE-2024-38196 is an elevation of privilege vulnerability in the Windows Common Log File System Driver. On successful exploitation, an attacker could gain SYSTEM privileges. CVE-2024-38198 is an elevation of privilege vulnerability in Windows Print Spooler. An attacker must win a race condition to exploit the vulnerability. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges. CVE-2024-38125 is an elevation of privilege vulnerability in Kernel Streaming WOW Thunk Service Driver. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges. CVE-2024-38133 is an elevation of privilege vulnerability in Windows Kernel. An attacker may exploit the vulnerability by convincing a user to send a request to a malicious server. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. CVE-2024-38141 is an elevation of privilege vulnerability in Windows Ancillary Function Driver for WinSock. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges. CVE-2024-38144 is an elevation of privilege vulnerability in Kernel Streaming WOW Thunk Service Driver. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. CVE-2024-38147 is an elevation of privilege vulnerability in Microsoft DWM Core Library. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. To exploit this vulnerability, an attacker must log on to the system. CVE-2024-38148 is a denial-of-service vulnerability in Windows Secure Channel. CVE-2024-38150 is an elevation of privilege vulnerability in Windows DWM Core Library. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges. CVE-2024-38163 is an elevation of privilege vulnerability in the Windows Update Stack. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges.
Tenable: CVE-2024-38163 and CVE-2024-38202 | Windows Update Stack Elevation of Privilege Vulnerability
Tenable: CVE-2024-38163 and CVE-2024-38202 are both EoP vulnerabilities in Windows Update Stack and were assigned CVSSv3 scores of 7.8 and 7.3 respectively. CVE-2024-38163, if successfully exploited could result in gaining SYSTEM privileges. Microsoft has noted that users don’t need to take any action for this vulnerability as it is only exploitable at run time and the impacted version of WinRE has been superseded by a new version.
54. 
Spoofing - Windows DNS (CVE-2024-37968) - Medium [380]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0.4 | 17 | The existence of a private exploit is mentioned on Microsoft:PrivateExploit:PoC website | |
| 0.4 | 15 | Spoofing | |
| 0.8 | 14 | Windows component | |
| 0.8 | 10 | CVSS Base Score is 7.5. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
55. Remote Code Execution - Microsoft Excel (CVE-2024-38172) - Medium [373]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 1.0 | 15 | Remote Code Execution | |
| 0.6 | 14 | MS Office product | |
| 0.8 | 10 | CVSS Base Score is 7.8. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
56. Remote Code Execution - Microsoft Office Visio (CVE-2024-38169) - Medium [373]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 1.0 | 15 | Remote Code Execution | |
| 0.6 | 14 | Microsoft Visio | |
| 0.8 | 10 | CVSS Base Score is 7.8. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
57. Remote Code Execution - Microsoft PowerPoint (CVE-2024-38171) - Medium [373]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 1.0 | 15 | Remote Code Execution | |
| 0.6 | 14 | Microsoft PowerPoint | |
| 0.8 | 10 | CVSS Base Score is 7.8. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
58. Information Disclosure - Windows Kernel (CVE-2024-38151) - Medium [369]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.83 | 15 | Information Disclosure | |
| 0.9 | 14 | Windows Kernel | |
| 0.6 | 10 | CVSS Base Score is 5.5. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
59. Remote Code Execution - Clipboard Virtual Channel Extension (CVE-2024-38131) - Medium [369]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 1.0 | 15 | Remote Code Execution | |
| 0.5 | 14 | Clipboard Virtual Channel Extension | |
| 0.9 | 10 | CVSS Base Score is 8.8. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
60. Elevation of Privilege - Windows Initial Machine Configuration (CVE-2024-38223) - Medium [368]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.8 | 14 | Windows component | |
| 0.7 | 10 | CVSS Base Score is 6.8. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
61. Elevation of Privilege - Windows Resource Manager PSM Service Extension (CVE-2024-38136) - Medium [368]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.8 | 14 | Windows component | |
| 0.7 | 10 | CVSS Base Score is 7.0. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
62. Elevation of Privilege - Windows Resource Manager PSM Service Extension (CVE-2024-38137) - Medium [368]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.8 | 14 | Windows component | |
| 0.7 | 10 | CVSS Base Score is 7.0. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
63. Memory Corruption - Secure Boot (CVE-2022-2601) - Medium [365]
Description: A buffer overflow was found in grub_font_construct_glyph(). A malicious crafted pf2 font can lead to an overflow when calculating the max_glyph_size value, allocating a smaller than needed buffer for the glyph, this further leads to a buffer overflow and a heap based
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.5 | 15 | Memory Corruption | |
| 0.8 | 14 | Secure boot is a security standard developed by members of the PC industry to help make sure that a device boots using only software that is trusted by the Original Equipment Manufacturer (OEM) | |
| 0.9 | 10 | CVSS Base Score is 8.6. According to Microsoft data source | |
| 0.3 | 10 | EPSS Probability is 0.00075, EPSS Percentile is 0.32744 |
64. Information Disclosure - Windows Routing and Remote Access Service (RRAS) (CVE-2024-38214) - Medium [364]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.83 | 15 | Information Disclosure | |
| 0.8 | 14 | Windows component | |
| 0.7 | 10 | CVSS Base Score is 6.5. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
65. Remote Code Execution - Microsoft Excel (CVE-2024-38170) - Medium [361]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 1.0 | 15 | Remote Code Execution | |
| 0.6 | 14 | MS Office product | |
| 0.7 | 10 | CVSS Base Score is 7.1. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
66. Remote Code Execution - Microsoft Outlook (CVE-2024-38173) - Medium [361]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 1.0 | 15 | Remote Code Execution | |
| 0.6 | 14 | Microsoft Outlook is a personal information manager software system from Microsoft, available as a part of the Microsoft 365 software suites | |
| 0.7 | 10 | CVSS Base Score is 6.7. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
67. Remote Code Execution - Azure CycleCloud (CVE-2024-38195) - Medium [357]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 1.0 | 15 | Remote Code Execution | |
| 0.5 | 14 | Azure CycleCloud | |
| 0.8 | 10 | CVSS Base Score is 7.8. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
68. Remote Code Execution - GRUB2 (CVE-2022-3775) - Medium [357]
Description: When rendering certain unicode sequences, grub2's font code doesn't proper validate if the informed glyph's width and height is constrained within bitmap size. As consequence an attacker can craft an input which will lead to a out-of-bounds write into grub2's heap, leading to memory corruption and availability issues. Although complex,
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 1.0 | 15 | Remote Code Execution | |
| 0.5 | 14 | Product detected by a:gnu:grub2 (exists in CPE dict) | |
| 0.7 | 10 | CVSS Base Score is 7.1. According to Microsoft data source | |
| 0.1 | 10 | EPSS Probability is 0.00044, EPSS Percentile is 0.13043 |
Qualys: CVE-2022-3775: Heap-based out-of-bounds write when rendering certain Unicode sequences Microsoft has not released any information about the vulnerability.
69. 
Denial of Service - Windows Layer-2 Bridge Network Driver (CVE-2024-38145) - Medium [353]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.7 | 15 | Denial of Service | |
| 0.8 | 14 | Windows component | |
| 0.8 | 10 | CVSS Base Score is 7.5. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
70. Denial of Service - Windows Layer-2 Bridge Network Driver (CVE-2024-38146) - Medium [353]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.7 | 15 | Denial of Service | |
| 0.8 | 14 | Windows component | |
| 0.8 | 10 | CVSS Base Score is 7.5. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
71. Denial of Service - Windows Network Address Translation (NAT) (CVE-2024-38126) - Medium [353]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.7 | 15 | Denial of Service | |
| 0.8 | 14 | Windows component | |
| 0.8 | 10 | CVSS Base Score is 7.5. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
72. Denial of Service - Windows Network Address Translation (NAT) (CVE-2024-38132) - Medium [353]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.7 | 15 | Denial of Service | |
| 0.8 | 14 | Windows component | |
| 0.8 | 10 | CVSS Base Score is 7.5. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
73. Denial of Service - Windows Secure Channel (CVE-2024-38148) - Medium [353]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.7 | 15 | Denial of Service | |
| 0.8 | 14 | Windows component | |
| 0.8 | 10 | CVSS Base Score is 7.5. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
Qualys: Other Microsoft Vulnerability Highlights CVE-2024-38196 is an elevation of privilege vulnerability in the Windows Common Log File System Driver. On successful exploitation, an attacker could gain SYSTEM privileges. CVE-2024-38198 is an elevation of privilege vulnerability in Windows Print Spooler. An attacker must win a race condition to exploit the vulnerability. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges. CVE-2024-38125 is an elevation of privilege vulnerability in Kernel Streaming WOW Thunk Service Driver. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges. CVE-2024-38133 is an elevation of privilege vulnerability in Windows Kernel. An attacker may exploit the vulnerability by convincing a user to send a request to a malicious server. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. CVE-2024-38141 is an elevation of privilege vulnerability in Windows Ancillary Function Driver for WinSock. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges. CVE-2024-38144 is an elevation of privilege vulnerability in Kernel Streaming WOW Thunk Service Driver. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. CVE-2024-38147 is an elevation of privilege vulnerability in Microsoft DWM Core Library. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. To exploit this vulnerability, an attacker must log on to the system. CVE-2024-38148 is a denial-of-service vulnerability in Windows Secure Channel. CVE-2024-38150 is an elevation of privilege vulnerability in Windows DWM Core Library. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges. CVE-2024-38163 is an elevation of privilege vulnerability in the Windows Update Stack. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges.
74. 
Command Injection - copilot_studio (CVE-2024-38206) - Medium [351]
Description: An authenticated attacker can bypass Server-Side Request Forgery (
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.97 | 15 | Command Injection | |
| 0.5 | 14 | Product detected by a:microsoft:copilot_studio (does NOT exist in CPE dict) | |
| 0.8 | 10 | CVSS Base Score is 8.5. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
MS PT Extended: CVE-2024-38206 was published before August 2024 Patch Tuesday from 2024-07-10 to 2024-08-12
Qualys: CVE-2024-38206: Microsoft Copilot Studio Information Disclosure Vulnerability Microsoft Copilot Studio is a graphical, low-code tool for creating and maintaining copilots. A copilot is an AI-powered conversational interface based on large language models (LLMs) and additional sources of knowledge. An authenticated attacker may bypass Server-Side Request Forgery (SSRF) protection in Microsoft Copilot Studio to disclose sensitive information over a network.
Tenable: CVE-2024-38206 | Microsoft Copilot Studio Information Disclosure Vulnerability
Tenable: CVE-2024-38206 is a critical severity information disclosure vulnerability affecting Microsoft’s Copilot Studio, an AI-powered chatbot. This vulnerability received a CVSSv3 score of 8.5 and could be abused by an authenticated attacker to bypass server-side request forgery (SSRF) protections in order to leak potentially sensitive information. The vulnerability was released by Microsoft on August 6, with the advisory noting that no user action is required as the issue has been patched by Microsoft. This vulnerability was discovered and reported to Microsoft by Tenable researcher Evan Grant.
75. Information Disclosure - .NET and Visual Studio (CVE-2024-38167) - Medium [348]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.83 | 15 | Information Disclosure | |
| 0.7 | 14 | .NET and Visual Studio | |
| 0.7 | 10 | CVSS Base Score is 6.5. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
76. Command Injection - Azure (CVE-2024-38109) - Medium [347]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.97 | 15 | Command Injection | |
| 0.4 | 14 | Azure | |
| 0.9 | 10 | CVSS Base Score is 9.1. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
Qualys: CVE-2024-38109: Azure Health Bot Elevation of Privilege Vulnerability An authenticated attacker may exploit a Server-Side Request Forgery (SSRF) vulnerability in Microsoft Azure Health Bot. On successful exploitation, an attacker may elevate privileges over a network.
Tenable: CVE-2024-38109 | Azure Health Bot Elevation of Privilege Vulnerability
Tenable: CVE-2024-38109 is a critical severity EoP vulnerability affecting Azure Health Bot. This vulnerability received a CVSSv3 score of 9.1 and is the result of a SSRF vulnerability in Azure Health Bot that can be abused to escalate privileges. This vulnerability was discovered by Tenable researcher Jimi Sebree and responsibly disclosed to Microsoft. The issue has been patched by Microsoft and no action is required for users of the Health Bot service. For more information on this vulnerability, please refer to Tenable Research Advisories TRA-2024-27 and TRA-2024-28, as well as our blog post.
77. Elevation of Privilege - Windows Hyper-V (CVE-2024-38127) - Medium [347]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.6 | 14 | Hardware virtualization component of the client editions of Windows NT | |
| 0.8 | 10 | CVSS Base Score is 7.8. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
78. Remote Code Execution - Azure IoT SDK (CVE-2024-38157) - Medium [345]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 1.0 | 15 | Remote Code Execution | |
| 0.5 | 14 | Azure IoT SDK | |
| 0.7 | 10 | CVSS Base Score is 7.0. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
79. Remote Code Execution - Azure IoT SDK (CVE-2024-38158) - Medium [345]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 1.0 | 15 | Remote Code Execution | |
| 0.5 | 14 | Azure IoT SDK | |
| 0.7 | 10 | CVSS Base Score is 7.0. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
80. Elevation of Privilege - Kernel Streaming WOW Thunk Service Driver (CVE-2024-38144) - Medium [342]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.5 | 14 | Kernel Streaming WOW Thunk Service Driver | |
| 0.9 | 10 | CVSS Base Score is 8.8. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
Qualys: Other Microsoft Vulnerability Highlights CVE-2024-38196 is an elevation of privilege vulnerability in the Windows Common Log File System Driver. On successful exploitation, an attacker could gain SYSTEM privileges. CVE-2024-38198 is an elevation of privilege vulnerability in Windows Print Spooler. An attacker must win a race condition to exploit the vulnerability. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges. CVE-2024-38125 is an elevation of privilege vulnerability in Kernel Streaming WOW Thunk Service Driver. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges. CVE-2024-38133 is an elevation of privilege vulnerability in Windows Kernel. An attacker may exploit the vulnerability by convincing a user to send a request to a malicious server. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. CVE-2024-38141 is an elevation of privilege vulnerability in Windows Ancillary Function Driver for WinSock. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges. CVE-2024-38144 is an elevation of privilege vulnerability in Kernel Streaming WOW Thunk Service Driver. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. CVE-2024-38147 is an elevation of privilege vulnerability in Microsoft DWM Core Library. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. To exploit this vulnerability, an attacker must log on to the system. CVE-2024-38148 is a denial-of-service vulnerability in Windows Secure Channel. CVE-2024-38150 is an elevation of privilege vulnerability in Windows DWM Core Library. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges. CVE-2024-38163 is an elevation of privilege vulnerability in the Windows Update Stack. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges.
81. Authentication Bypass - Unknown Product (CVE-2024-38164) - Medium [341]
Description: {'ms_cve_data_all': 'GroupMe Elevation of Privilege Vulnerability. An improper access control vulnerability in GroupMe allows an a unauthenticated attacker to elevate privileges over a network by convincing a user to click on a malicious link.\n', 'nvd_cve_data_all': 'An improper access control vulnerability in GroupMe allows an a unauthenticated attacker to elevate privileges over a network by convincing a user to click on a malicious link.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'An improper access control vulnerability in GroupMe allows an a unauthenticated attacker to elevate privileges over a network by convincing a user to click on a malicious link.', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.98 | 15 | Authentication Bypass | |
| 0 | 14 | Unknown Product | |
| 1.0 | 10 | CVSS Base Score is 9.6. According to Microsoft data source | |
| 0.4 | 10 | EPSS Probability is 0.00091, EPSS Percentile is 0.39429 |
MS PT Extended: CVE-2024-38164 was published before August 2024 Patch Tuesday from 2024-07-10 to 2024-08-12
82. Memory Corruption - Chromium (CVE-2024-6774) - Medium [341]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.5 | 15 | Memory Corruption | |
| 0.8 | 14 | Chromium is a free and open-source web browser project, mainly developed and maintained by Google | |
| 0.9 | 10 | CVSS Base Score is 8.8. According to NVD data source | |
| 0.1 | 10 | EPSS Probability is 0.00043, EPSS Percentile is 0.0936 |
MS PT Extended: CVE-2024-6774 was published before August 2024 Patch Tuesday from 2024-07-10 to 2024-08-12
83. Memory Corruption - Chromium (CVE-2024-6775) - Medium [341]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.5 | 15 | Memory Corruption | |
| 0.8 | 14 | Chromium is a free and open-source web browser project, mainly developed and maintained by Google | |
| 0.9 | 10 | CVSS Base Score is 8.8. According to NVD data source | |
| 0.1 | 10 | EPSS Probability is 0.00043, EPSS Percentile is 0.0936 |
MS PT Extended: CVE-2024-6775 was published before August 2024 Patch Tuesday from 2024-07-10 to 2024-08-12
84. Memory Corruption - Chromium (CVE-2024-6776) - Medium [341]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.5 | 15 | Memory Corruption | |
| 0.8 | 14 | Chromium is a free and open-source web browser project, mainly developed and maintained by Google | |
| 0.9 | 10 | CVSS Base Score is 8.8. According to NVD data source | |
| 0.1 | 10 | EPSS Probability is 0.00043, EPSS Percentile is 0.0936 |
MS PT Extended: CVE-2024-6776 was published before August 2024 Patch Tuesday from 2024-07-10 to 2024-08-12
85. Memory Corruption - Chromium (CVE-2024-6777) - Medium [341]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.5 | 15 | Memory Corruption | |
| 0.8 | 14 | Chromium is a free and open-source web browser project, mainly developed and maintained by Google | |
| 0.9 | 10 | CVSS Base Score is 8.8. According to NVD data source | |
| 0.1 | 10 | EPSS Probability is 0.00043, EPSS Percentile is 0.0936 |
MS PT Extended: CVE-2024-6777 was published before August 2024 Patch Tuesday from 2024-07-10 to 2024-08-12
86. Memory Corruption - Chromium (CVE-2024-6779) - Medium [341]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.5 | 15 | Memory Corruption | |
| 0.8 | 14 | Chromium is a free and open-source web browser project, mainly developed and maintained by Google | |
| 0.9 | 10 | CVSS Base Score is 8.8. According to NVD data source | |
| 0.1 | 10 | EPSS Probability is 0.00043, EPSS Percentile is 0.0936 |
MS PT Extended: CVE-2024-6779 was published before August 2024 Patch Tuesday from 2024-07-10 to 2024-08-12
87. Memory Corruption - Chromium (CVE-2024-6990) - Medium [341]
Description: Uninitialized Use in Dawn in Google Chrome on Android prior to 127.0.6533.88 allowed a remote attacker to potentially perform
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.5 | 15 | Memory Corruption | |
| 0.8 | 14 | Chromium is a free and open-source web browser project, mainly developed and maintained by Google | |
| 0.9 | 10 | CVSS Base Score is 8.8. According to NVD data source | |
| 0.1 | 10 | EPSS Probability is 0.00043, EPSS Percentile is 0.0936 |
MS PT Extended: CVE-2024-6990 was published before August 2024 Patch Tuesday from 2024-07-10 to 2024-08-12
88. Security Feature Bypass - Chromium (CVE-2024-7003) - Medium [341]
Description: Inappropriate implementation in FedCM in Google Chrome prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.9 | 15 | Security Feature Bypass | |
| 0.8 | 14 | Chromium is a free and open-source web browser project, mainly developed and maintained by Google | |
| 0.4 | 10 | CVSS Base Score is 4.3. According to NVD data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
MS PT Extended: CVE-2024-7003 was published before August 2024 Patch Tuesday from 2024-07-10 to 2024-08-12
89. Security Feature Bypass - Chromium (CVE-2024-7004) - Medium [341]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.9 | 15 | Security Feature Bypass | |
| 0.8 | 14 | Chromium is a free and open-source web browser project, mainly developed and maintained by Google | |
| 0.4 | 10 | CVSS Base Score is 4.3. According to NVD data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
MS PT Extended: CVE-2024-7004 was published before August 2024 Patch Tuesday from 2024-07-10 to 2024-08-12
90. Denial of Service - .NET and Visual Studio (CVE-2024-38168) - Medium [336]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.7 | 15 | Denial of Service | |
| 0.7 | 14 | .NET and Visual Studio | |
| 0.8 | 10 | CVSS Base Score is 7.5. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
91. Elevation of Privilege - Windows WLAN AutoConfig Service (CVE-2024-38143) - Medium [332]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.8 | 14 | Windows сomponent | |
| 0.4 | 10 | CVSS Base Score is 4.2. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
92. Elevation of Privilege - Azure Connected Machine Agent (CVE-2024-38098) - Medium [330]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.5 | 14 | Azure Connected Machine Agent | |
| 0.8 | 10 | CVSS Base Score is 7.8. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
93. Elevation of Privilege - Azure Connected Machine Agent (CVE-2024-38162) - Medium [330]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.5 | 14 | Azure Connected Machine Agent | |
| 0.8 | 10 | CVSS Base Score is 7.8. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
94. Elevation of Privilege - Kernel Streaming Service Driver (CVE-2024-38191) - Medium [330]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.5 | 14 | Kernel Streaming Service Driver | |
| 0.8 | 10 | CVSS Base Score is 7.8. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
95. Elevation of Privilege - Kernel Streaming WOW Thunk Service Driver (CVE-2024-38125) - Medium [330]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.5 | 14 | Kernel Streaming WOW Thunk Service Driver | |
| 0.8 | 10 | CVSS Base Score is 7.8. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
Qualys: Other Microsoft Vulnerability Highlights CVE-2024-38196 is an elevation of privilege vulnerability in the Windows Common Log File System Driver. On successful exploitation, an attacker could gain SYSTEM privileges. CVE-2024-38198 is an elevation of privilege vulnerability in Windows Print Spooler. An attacker must win a race condition to exploit the vulnerability. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges. CVE-2024-38125 is an elevation of privilege vulnerability in Kernel Streaming WOW Thunk Service Driver. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges. CVE-2024-38133 is an elevation of privilege vulnerability in Windows Kernel. An attacker may exploit the vulnerability by convincing a user to send a request to a malicious server. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. CVE-2024-38141 is an elevation of privilege vulnerability in Windows Ancillary Function Driver for WinSock. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges. CVE-2024-38144 is an elevation of privilege vulnerability in Kernel Streaming WOW Thunk Service Driver. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. CVE-2024-38147 is an elevation of privilege vulnerability in Microsoft DWM Core Library. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. To exploit this vulnerability, an attacker must log on to the system. CVE-2024-38148 is a denial-of-service vulnerability in Windows Secure Channel. CVE-2024-38150 is an elevation of privilege vulnerability in Windows DWM Core Library. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges. CVE-2024-38163 is an elevation of privilege vulnerability in the Windows Update Stack. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges.
96. Elevation of Privilege - Kernel Streaming WOW Thunk Service Driver (CVE-2024-38134) - Medium [330]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.5 | 14 | Kernel Streaming WOW Thunk Service Driver | |
| 0.8 | 10 | CVSS Base Score is 7.8. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
97. Elevation of Privilege - Microsoft OfficePlus (CVE-2024-38084) - Medium [330]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.5 | 14 | Microsoft OfficePlus | |
| 0.8 | 10 | CVSS Base Score is 7.8. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
98. Information Disclosure - Windows Bluetooth Driver (CVE-2024-38123) - Medium [329]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.83 | 15 | Information Disclosure | |
| 0.8 | 14 | Windows component | |
| 0.4 | 10 | CVSS Base Score is 4.4. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
99. Memory Corruption - Chromium (CVE-2024-6988) - Medium [329]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.5 | 15 | Memory Corruption | |
| 0.8 | 14 | Chromium is a free and open-source web browser project, mainly developed and maintained by Google | |
| 0.9 | 10 | CVSS Base Score is 8.8. According to NVD data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
MS PT Extended: CVE-2024-6988 was published before August 2024 Patch Tuesday from 2024-07-10 to 2024-08-12
100. Memory Corruption - Chromium (CVE-2024-6989) - Medium [329]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.5 | 15 | Memory Corruption | |
| 0.8 | 14 | Chromium is a free and open-source web browser project, mainly developed and maintained by Google | |
| 0.9 | 10 | CVSS Base Score is 8.8. According to NVD data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
MS PT Extended: CVE-2024-6989 was published before August 2024 Patch Tuesday from 2024-07-10 to 2024-08-12
101. Memory Corruption - Chromium (CVE-2024-6991) - Medium [329]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.5 | 15 | Memory Corruption | |
| 0.8 | 14 | Chromium is a free and open-source web browser project, mainly developed and maintained by Google | |
| 0.9 | 10 | CVSS Base Score is 8.8. According to NVD data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
MS PT Extended: CVE-2024-6991 was published before August 2024 Patch Tuesday from 2024-07-10 to 2024-08-12
102. Memory Corruption - Chromium (CVE-2024-6994) - Medium [329]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.5 | 15 | Memory Corruption | |
| 0.8 | 14 | Chromium is a free and open-source web browser project, mainly developed and maintained by Google | |
| 0.9 | 10 | CVSS Base Score is 8.8. According to NVD data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
MS PT Extended: CVE-2024-6994 was published before August 2024 Patch Tuesday from 2024-07-10 to 2024-08-12
103. Memory Corruption - Chromium (CVE-2024-6997) - Medium [329]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.5 | 15 | Memory Corruption | |
| 0.8 | 14 | Chromium is a free and open-source web browser project, mainly developed and maintained by Google | |
| 0.9 | 10 | CVSS Base Score is 8.8. According to NVD data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
MS PT Extended: CVE-2024-6997 was published before August 2024 Patch Tuesday from 2024-07-10 to 2024-08-12
104. Memory Corruption - Chromium (CVE-2024-6998) - Medium [329]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.5 | 15 | Memory Corruption | |
| 0.8 | 14 | Chromium is a free and open-source web browser project, mainly developed and maintained by Google | |
| 0.9 | 10 | CVSS Base Score is 8.8. According to NVD data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
MS PT Extended: CVE-2024-6998 was published before August 2024 Patch Tuesday from 2024-07-10 to 2024-08-12
105. Memory Corruption - Chromium (CVE-2024-7000) - Medium [329]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.5 | 15 | Memory Corruption | |
| 0.8 | 14 | Chromium is a free and open-source web browser project, mainly developed and maintained by Google | |
| 0.9 | 10 | CVSS Base Score is 8.8. According to NVD data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
MS PT Extended: CVE-2024-7000 was published before August 2024 Patch Tuesday from 2024-07-10 to 2024-08-12
106. Memory Corruption - Chromium (CVE-2024-7532) - Medium [329]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.5 | 15 | Memory Corruption | |
| 0.8 | 14 | Chromium is a free and open-source web browser project, mainly developed and maintained by Google | |
| 0.9 | 10 | CVSS Base Score is 8.8. According to NVD data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
MS PT Extended: CVE-2024-7532 was published before August 2024 Patch Tuesday from 2024-07-10 to 2024-08-12
107. Memory Corruption - Chromium (CVE-2024-7533) - Medium [329]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.5 | 15 | Memory Corruption | |
| 0.8 | 14 | Chromium is a free and open-source web browser project, mainly developed and maintained by Google | |
| 0.9 | 10 | CVSS Base Score is 8.8. According to NVD data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
MS PT Extended: CVE-2024-7533 was published before August 2024 Patch Tuesday from 2024-07-10 to 2024-08-12
108. Memory Corruption - Chromium (CVE-2024-7534) - Medium [329]
Description: Heap buffer overflow in Layout in Google Chrome prior to 127.0.6533.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.5 | 15 | Memory Corruption | |
| 0.8 | 14 | Chromium is a free and open-source web browser project, mainly developed and maintained by Google | |
| 0.9 | 10 | CVSS Base Score is 8.8. According to NVD data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
MS PT Extended: CVE-2024-7534 was published before August 2024 Patch Tuesday from 2024-07-10 to 2024-08-12
109. Memory Corruption - Chromium (CVE-2024-7535) - Medium [329]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.5 | 15 | Memory Corruption | |
| 0.8 | 14 | Chromium is a free and open-source web browser project, mainly developed and maintained by Google | |
| 0.9 | 10 | CVSS Base Score is 8.8. According to NVD data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
MS PT Extended: CVE-2024-7535 was published before August 2024 Patch Tuesday from 2024-07-10 to 2024-08-12
110. Memory Corruption - Chromium (CVE-2024-7536) - Medium [329]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.5 | 15 | Memory Corruption | |
| 0.8 | 14 | Chromium is a free and open-source web browser project, mainly developed and maintained by Google | |
| 0.9 | 10 | CVSS Base Score is 8.8. According to NVD data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
MS PT Extended: CVE-2024-7536 was published before August 2024 Patch Tuesday from 2024-07-10 to 2024-08-12
111. Memory Corruption - Chromium (CVE-2024-7550) - Medium [329]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.5 | 15 | Memory Corruption | |
| 0.8 | 14 | Chromium is a free and open-source web browser project, mainly developed and maintained by Google | |
| 0.9 | 10 | CVSS Base Score is 8.8. According to NVD data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
MS PT Extended: CVE-2024-7550 was published before August 2024 Patch Tuesday from 2024-07-10 to 2024-08-12
112. 
Cross Site Scripting - Microsoft Dynamics 365 (on-premises) (CVE-2024-38211) - Medium [321]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.8 | 15 | Cross Site Scripting | |
| 0.5 | 14 | Microsoft Dynamics 365 (on-premises) | |
| 0.8 | 10 | CVSS Base Score is 8.2. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
113. Cross Site Scripting - Microsoft Dynamics 365 (CVE-2024-38166) - Medium [321]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.8 | 15 | Cross Site Scripting | |
| 0.5 | 14 | Microsoft Dynamics 365 is a product line of enterprise resource planning (ERP) and customer relationship management (CRM) intelligent business applications | |
| 0.8 | 10 | CVSS Base Score is 8.2. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
MS PT Extended: CVE-2024-38166 was published before August 2024 Patch Tuesday from 2024-07-10 to 2024-08-12
Qualys: CVE-2024-38166: Microsoft Dynamics 365 Cross-site Scripting Vulnerability Microsoft Dynamics 365 is an integrated suite of enterprise resource planning and customer relationship management applications offered by Microsoft. It combines various functions such as sales, customer service, field service, operations, finance, marketing, and project service automation into a single platform. An unauthenticated attacker may exploit improper neutralization of input during web page generation in Microsoft Dynamics 365 to spoof over a network. An attacker must convince a user to click on a link to exploit the vulnerability successfully.
114. Elevation of Privilege - Azure Stack Hub (CVE-2024-38201) - Medium [318]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.5 | 14 | Azure Stack Hub | |
| 0.7 | 10 | CVSS Base Score is 7.0. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
115. Authentication Bypass - Unknown Product (CVE-2024-38176) - Medium [317]
Description: {'ms_cve_data_all': 'GroupMe Elevation of Privilege Vulnerability. An improper restriction of excessive authentication attempts in GroupMe allows a unauthenticated attacker to elevate privileges over a network.\n', 'nvd_cve_data_all': 'An improper restriction of excessive authentication attempts in GroupMe allows a unauthenticated attacker to elevate privileges over a network.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'An improper restriction of excessive authentication attempts in GroupMe allows a unauthenticated attacker to elevate privileges over a network.', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.98 | 15 | Authentication Bypass | |
| 0 | 14 | Unknown Product | |
| 0.8 | 10 | CVSS Base Score is 8.1. According to Microsoft data source | |
| 0.4 | 10 | EPSS Probability is 0.00091, EPSS Percentile is 0.39429 |
MS PT Extended: CVE-2024-38176 was published before August 2024 Patch Tuesday from 2024-07-10 to 2024-08-12
116. Memory Corruption - Microsoft Edge (CVE-2024-38218) - Medium [317]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.5 | 15 | Memory Corruption | |
| 0.8 | 14 | Web browser | |
| 0.8 | 10 | CVSS Base Score is 8.4. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
MS PT Extended: CVE-2024-38218 was published before August 2024 Patch Tuesday from 2024-07-10 to 2024-08-12
117. Information Disclosure - Microsoft Local Security Authority (LSA) Server (CVE-2024-38118) - Medium [302]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.83 | 15 | Information Disclosure | |
| 0.5 | 14 | Microsoft Local Security Authority (LSA) Server | |
| 0.6 | 10 | CVSS Base Score is 5.5. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
118. Information Disclosure - Microsoft Local Security Authority (LSA) Server (CVE-2024-38122) - Medium [302]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.83 | 15 | Information Disclosure | |
| 0.5 | 14 | Microsoft Local Security Authority (LSA) Server | |
| 0.6 | 10 | CVSS Base Score is 5.5. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
119. Information Disclosure - Security Center Broker (CVE-2024-38155) - Medium [302]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.83 | 15 | Information Disclosure | |
| 0.5 | 14 | Security Center Broker | |
| 0.6 | 10 | CVSS Base Score is 5.5. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
120. Spoofing - Microsoft Edge (CVE-2024-38156) - Medium [300]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.4 | 15 | Spoofing | |
| 0.8 | 14 | Web browser | |
| 0.6 | 10 | CVSS Base Score is 6.1. According to Microsoft data source | |
| 0.2 | 10 | EPSS Probability is 0.00046, EPSS Percentile is 0.1751 |
MS PT Extended: CVE-2024-38156 was published before August 2024 Patch Tuesday from 2024-07-10 to 2024-08-12
121. Spoofing - Windows App Installer (CVE-2024-38177) - Medium [300]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.4 | 15 | Spoofing | |
| 0.8 | 14 | Windows component | |
| 0.8 | 10 | CVSS Base Score is 7.8. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
122. Spoofing - Microsoft Office (CVE-2024-38200) - Medium [288]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.4 | 15 | Spoofing | |
| 0.8 | 14 | Microsoft Office is a suite of applications designed to help with productivity and completing common tasks on a computer | |
| 0.7 | 10 | CVSS Base Score is 6.5. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
MS PT Extended: CVE-2024-38200 was published before August 2024 Patch Tuesday from 2024-07-10 to 2024-08-12
Qualys: Microsoft Patch Tuesday for August 2024 Microsoft Patch’s Tuesday, August 2024 edition addressed 102 vulnerabilities, including nine critical and 77 important severity vulnerabilities. In this month’s updates, Microsoft has addressed six actively exploited vulnerabilities, along with three publicly disclosed zero-day vulnerabilities (CVE-2024-21302, CVE-2024-38202, and CVE-2024-38199). There is a tenth publicly disclosed zero-day vulnerability (CVE-2024-38200) for which Microsoft has not released any patch. Microsoft has addressed 12 vulnerabilities in Microsoft Edge (Chromium-based), which were patched earlier this month. Microsoft Patch Tuesday, August edition includes updates for vulnerabilities in Microsoft Office and Components, Microsoft Windows DNS, Windows TCP/IP, Microsoft Teams, Windows Secure Boot, Windows Secure Kernel Mode, Windows Security Center, Windows SmartScreen, Windows App Installer, Windows Scripting, and more. Microsoft has fixed several flaws in multiple software, including Spoofing, Denial of Service (DoS), Elevation of Privilege (EoP), Cross-site Scripting (XSS), Information Disclosure, Security Feature Bypass, and Remote Code Execution (RCE). The August 2024 Microsoft vulnerabilities are classified as follows: Vulnerability CategoryQuantitySeveritiesSpoofing Vulnerability5Important: 5Denial of Service Vulnerability6Important: 6Elevation of Privilege Vulnerability34Critical: 1Important: 33Information Disclosure Vulnerability7Critical: 1Important: 6Remote Code Execution Vulnerability28Critical: 4Important: 24Security Feature Bypass Vulnerability4Important: 2Cross-site Scripting Vulnerability1Critical: 1
Tenable: CVE-2024-38200 | Microsoft Office Spoofing Vulnerability
Tenable: CVE-2024-38200 is a spoofing vulnerability affecting Microsoft Office with a CVSSv3 score of 6.5 and rated by Microsoft as “Exploitation Less Likely”. An attacker could leverage this vulnerability with a specially crafted file that a victim would need to interact with. This could be achieved by hosting it on a file server or website and convincing the victim to click on the file or similarly it could be included in a phishing email. Successful exploitation of the vulnerability could result in the victim exposing NTLM (New Technology Lan Manager) hashes to a remote attacker.
Tenable: CVE-2024-38200 was publicly disclosed on August 8 at DEF CON 32 by Jim Rush and Tomais Williamson, both Senior Security Consultants at PrivSec Consulting. Patches for this vulnerability were released today as part of the August 2024 Patch Tuesday released, however on August 10, Microsoft provided mitigations in coordination with this disclosure prior to the patch being released.
Rapid7: Published last week to acknowledge its public disclosure, and patched today for all current versions of Office, CVE-2024-38200 describes a spoofing vulnerability. Exploitation requires that the user click a malicious link. Although the advisory doesn’t describe the impact, the weakness is CWE-200: Exposure of Sensitive Information to an Unauthorized Actor, and the FAQ mentions outgoing NTLM traffic; reading between the lines, it’s highly likely that NTLM hashes are exposed upon successful exploitation.
123. 
Tampering - Windows Compressed Folder (CVE-2024-38165) - Medium [270]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.3 | 15 | Tampering | |
| 0.8 | 14 | Windows component | |
| 0.7 | 10 | CVSS Base Score is 6.5. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
124. Spoofing - Azure Stack Hub (CVE-2024-38108) - Medium [261]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.4 | 15 | Spoofing | |
| 0.5 | 14 | Azure Stack Hub | |
| 0.9 | 10 | CVSS Base Score is 9.3. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
125. Spoofing - Chromium (CVE-2024-6999) - Medium [252]
Description: Inappropriate implementation in FedCM in Google Chrome prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.4 | 15 | Spoofing | |
| 0.8 | 14 | Chromium is a free and open-source web browser project, mainly developed and maintained by Google | |
| 0.4 | 10 | CVSS Base Score is 4.3. According to NVD data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
MS PT Extended: CVE-2024-6999 was published before August 2024 Patch Tuesday from 2024-07-10 to 2024-08-12
126. Spoofing - Chromium (CVE-2024-7001) - Medium [252]
Description: Inappropriate implementation in HTML in Google Chrome prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.4 | 15 | Spoofing | |
| 0.8 | 14 | Chromium is a free and open-source web browser project, mainly developed and maintained by Google | |
| 0.4 | 10 | CVSS Base Score is 4.3. According to NVD data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
MS PT Extended: CVE-2024-7001 was published before August 2024 Patch Tuesday from 2024-07-10 to 2024-08-12
127. 
Unknown Vulnerability Type - Chromium (CVE-2024-6778) - Medium [252]
Description: {'ms_cve_data_all': 'Chromium: CVE-2024-6778 Race in DevTools. This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.\n', 'nvd_cve_data_all': 'Race in DevTools in Google Chrome prior to 126.0.6478.182 allowed an attacker who convinced a user to install a malicious extension to inject scripts or HTML into a privileged page via a crafted Chrome Extension. (Chromium security severity: High)', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'Race in DevTools in Google Chrome prior to 126.0.6478.182 allowed an attacker who convinced a user to install a malicious extension to inject scripts or HTML into a privileged page via a crafted Chrome Extension. (Chromium security severity: High)', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0 | 15 | Unknown Vulnerability Type | |
| 0.8 | 14 | Chromium is a free and open-source web browser project, mainly developed and maintained by Google | |
| 0.9 | 10 | CVSS Base Score is 8.8. According to NVD data source | |
| 0.1 | 10 | EPSS Probability is 0.00043, EPSS Percentile is 0.0936 |
MS PT Extended: CVE-2024-6778 was published before August 2024 Patch Tuesday from 2024-07-10 to 2024-08-12
128. Spoofing - Chromium (CVE-2024-6996) - Medium [240]
Description: Race in Frames in Google Chrome prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.4 | 15 | Spoofing | |
| 0.8 | 14 | Chromium is a free and open-source web browser project, mainly developed and maintained by Google | |
| 0.3 | 10 | CVSS Base Score is 3.1. According to NVD data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
MS PT Extended: CVE-2024-6996 was published before August 2024 Patch Tuesday from 2024-07-10 to 2024-08-12
129. Spoofing - Microsoft Teams for iOS (CVE-2024-38197) - Medium [238]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.4 | 15 | Spoofing | |
| 0.5 | 14 | Microsoft Teams for iOS | |
| 0.7 | 10 | CVSS Base Score is 6.5. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
130. Memory Corruption - Chromium (CVE-2024-7255) - Medium [234]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.5 | 15 | Memory Corruption | |
| 0.8 | 14 | Chromium is a free and open-source web browser project, mainly developed and maintained by Google | |
| 0.0 | 10 | CVSS Base Score is NA. No data. | |
| 0.1 | 10 | EPSS Probability is 0.00043, EPSS Percentile is 0.0936 |
MS PT Extended: CVE-2024-7255 was published before August 2024 Patch Tuesday from 2024-07-10 to 2024-08-12
Elevation of Privilege (3)Qualys: CVE-2024-38106: Windows Kernel Elevation of Privilege Vulnerability The Windows kernel is the core of the Windows operating system (OS). It is a computer program that provides essential services for the OS, including low-level operations, scheduling threads, routing hardware interruptions, and more. An attacker must win a race condition to exploit the vulnerability successfully. An attacker who successfully exploits the vulnerability could gain SYSTEM privileges. CISA acknowledged the active exploitation of CVE-2024-38106 by adding it to its Known Exploited Vulnerabilities Catalog and requesting users patch the flaw before September 3, 2024.
Tenable: CVE-2024-38106, CVE-2024-38133 and CVE-2024-38153 | Windows Kernel Elevation of Privilege Vulnerability
Tenable: CVE-2024-38106, CVE-2024-38133 and CVE-2024-38153 are EoP vulnerabilities affecting the Windows Kernel. CVE-2024-38133 and CVE-2024-38153 received CVSSv3 scores of 7.8, while CVE-2024-38106 was scored as a 7. Despite the lower severity and the exploitability requirements of the attacker needing to win a race condition for successful exploitation, CVE-2024-38106 was reportedly exploited in the wild as a zero-day. CVE-2024-38133 and CVE-2024-38153 were not listed as being exploited, however CVE-2024-38133 was rated as “Exploitation More Likely” according to the Microsoft Exploitability Index. Successful exploitation of these vulnerabilities could allow the attacker to elevate privileges to SYSTEM.
Rapid7: Still on the topic of exploited-in-the-wild, elevation-to-SYSTEM vulnerabilities: CVE-2024-38106 requires an attacker to win a race condition which falls under CWE-591: Sensitive Data Storage in Improperly Locked Memory. Although the advisory for CVE-2024-38106 does not provide further detail, a reasonable assumption here might be that the vulnerability could be similar to CVE-2023-36403, where exploitation relies on a flaw in the way the Windows kernel handles locking for registry virtualization, which allows Windows to redirect globally-impactful registry read/write operations to per-user locations to support legacy applications which are not UAC-compatible. Curiously, Windows Server 2012 does not receive a patch for CVE-2024-38106, so either the vulnerability was introduced in a later codebase, or Microsoft is hoping that attackers won’t notice.
ZDI: CVE-2024-38106 - Windows Kernel Elevation of Privilege Vulnerability. This is another privilege escalation bug under active attack that leads to SYSTEM privileges. Microsoft lists exploit complexity as high due to the attacker needing to win a race condition. However, some races are easier to run than others. It’s times like this where the CVSS can be misleading. Race conditions do lead to complexity high in the CVSS score, but with attacks in the wild, it’s clear this bug is readily exploitable.
Qualys: CVE-2024-38193: Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability The Windows Ancillary Function Driver (AFD) for WinSock (afd.sys) is a kernel entry point for the Winsock API. An attacker who successfully exploits the vulnerability could gain SYSTEM privileges. CISA acknowledged the active exploitation of CVE-2024-38193 by adding it to its Known Exploited Vulnerabilities Catalog and requesting users patch the flaw before September 3, 2024. CVE-2024-38213: Windows SmartScreen Security Feature Bypass Vulnerability Windows SmartScreen, also known as Microsoft Defender SmartScreen or SmartScreen Filter, is a cloud-based service that helps protect users from malicious websites, applications, and downloads. An attacker must send the user a malicious file and convince them to open it. On successful exploitation, an attacker could bypass the SmartScreen user experience. CISA acknowledged the active exploitation of CVE-2024-38213 by adding it to its Known Exploited Vulnerabilities Catalog and requesting users patch the flaw before September 3, 2024.
Tenable: CVE-2024-38141 and CVE-2024-38193 | Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
Tenable: CVE-2024-38141 and CVE-2024-38193 are EoP vulnerabilities affecting the Windows Ancillary Function Driver for Winsock (afd.sys). Both of these vulnerabilities were given CVSSv3 scores of 7.8 and can allow an attacker to escalate privileges to SYSTEM. CVE-2024-38141 is rated as “Exploitation More Likely” and CVE-2024-38193 was reported to have been exploited in the wild as a zero-day vulnerability.
Rapid7: Moving on to known-exploited vulnerabilities: the Windows Ancillary Function Driver for WinSock receives a patch for exploited-in-the-wild elevation of privilege vulnerability CVE-2024-38193. Successful exploitation is via a use-after-free memory management bug, and could lead to SYSTEM privileges. The advisory doesn’t provide further clues, but with existing in-the-wild exploitation, low attack complexity, no user interaction involved, and low privileges required, this is one to patch immediately to keep malware at bay.
ZDI: CVE-2024-38193 - Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability. This privilege escalation bug allows attackers to run code as SYSTEM. These types of bugs are typically paired with a code execution bug to take over a target. Microsoft doesn’t provide any indication of how broadly this is being exploited, but considering the source, if it’s not in ransomware already, it likely will be soon.
Qualys: CVE-2024-38107: Windows Power Dependency Coordinator Elevation of Privilege Vulnerability Power Dependency Coordinator (PDC is a component of Modern Standby. On successful exploitation, an attacker could gain SYSTEM privileges. CISA acknowledged the active exploitation of CVE-2024-38107 by adding it to its Known Exploited Vulnerabilities Catalog and requesting users patch the flaw before September 3, 2024.
Tenable: CVE-2024-38107 | Windows Power Dependency Coordinator Elevation of Privilege Vulnerability
Tenable: CVE-2024-38107 is an EoP Vulnerability affecting Windows Power Dependency Coordinator (pdc.sys), a driver responsible for power management on a Windows system. This vulnerability was exploited in the wild as a zero-day, though no specific details about exploitation were available at the time this blog was published. Microsoft provided a CVSSv3 score of 7.8 for this vulnerability and patches are available for all supported versions of Windows and Windows Server.
Rapid7: While we’re looking at exploited-in-the-wild, use-after-free vulnerabilities with minimalist advisories: CVE-2024-38107 also leads to SYSTEM privileges via abuse of the Windows Power Dependency Coordinator, which allows Windows computers to wake almost instantly from sleep. Of course, nothing comes for free: this vulnerability requires no user interaction, has low attack complexity, and requires low privileges. Patch all your Windows assets sooner rather than later.
ZDI: CVE-2024-38107 - Windows Power Dependency Coordinator Elevation of Privilege Vulnerability. Here’s yet another privilege escalation bug that leads to SYSTEM being exploited in the wild. If you’re not familiar with the Power Dependency Coordinator (PDC), it’s a component of Modern Standby. Essentially, its purpose was to allow devices to “instantly” wake from sleep. It was introduced in Windows 8. It also shows how adding capabilities can often add attack surface, too.
Security Feature Bypass (1)Qualys: CVE-2024-38193: Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability The Windows Ancillary Function Driver (AFD) for WinSock (afd.sys) is a kernel entry point for the Winsock API. An attacker who successfully exploits the vulnerability could gain SYSTEM privileges. CISA acknowledged the active exploitation of CVE-2024-38193 by adding it to its Known Exploited Vulnerabilities Catalog and requesting users patch the flaw before September 3, 2024. CVE-2024-38213: Windows SmartScreen Security Feature Bypass Vulnerability Windows SmartScreen, also known as Microsoft Defender SmartScreen or SmartScreen Filter, is a cloud-based service that helps protect users from malicious websites, applications, and downloads. An attacker must send the user a malicious file and convince them to open it. On successful exploitation, an attacker could bypass the SmartScreen user experience. CISA acknowledged the active exploitation of CVE-2024-38213 by adding it to its Known Exploited Vulnerabilities Catalog and requesting users patch the flaw before September 3, 2024.
Tenable: CVE-2024-38213 | Windows Mark of the Web Security Feature Bypass Vulnerability
Tenable: CVE-2024-38213 is a security feature bypass vulnerability with an assigned CVSSv3 score of 6.5. Exploitation of this vulnerability requires a user to open a specially crafted file, which could be hosted on a file server, website or sent via a phishing email. If the attacker is successful in convincing a victim to open this file, they could bypass the Windows SmartScreen user experience. Microsoft has flagged this as “Exploitation Detected” as they are aware of an instance of this vulnerability being exploited.
Rapid7: CVE-2024-38213 describes a Mark of the Web (MotW) security bypass vulnerability in all current Windows products. An attacker who convinces a user to open a malicious file could bypass SmartScreen, which would normally warn the user about files downloaded from the internet, which Windows would otherwise have tagged with MotW. CVE-2024-38213 likely offers less utility to attackers than a broadly-similar SmartScreen bypass published in February 2024, since unlike today’s offering, the advisory for CVE-2024-21351 also described the potential for code injection into SmartScreen itself. The lower CVSSv3 base score for CVE-2024-21351 reflects that difference.
Remote Code Execution (1)Qualys: CVE-2024-38189: Microsoft Project Remote Code Execution Vulnerability Microsoft Project is project management software designed to assist a project manager in developing a schedule, assigning resources to tasks, tracking progress, managing the budget, and analyzing workloads. The vulnerability can be exploited in two types of attacks: Email attack scenario: In this attack, an attacker must convince users to open a malicious file sent to them in an email attachment. Web-based attack scenario: In this attack, an attacker can host a website containing a malicious file designed. CISA acknowledged the active exploitation of CVE-2024-38189 by adding it to its Known Exploited Vulnerabilities Catalog and requesting users patch the flaw before September 3, 2024.
Tenable: CVE-2024-38189 | Microsoft Project Remote Code Execution Vulnerability
Tenable: CVE-2024-38189 is a RCE vulnerability affecting Microsoft Project, a project management tool. This vulnerability received a CVSSv3 score of 8.8 and was exploited in the wild. According to the advisory, exploitation requires an unsuspecting victim to open a crafted Microsoft Office Project file. Additionally, the system must be configured to have the “Block macros from running in Office files from the Internet policy” disabled as well as have the VBA Macro Notification Settings disabled in order for a successful attack. Micsoft’s advisory does clarify that the Preview Pane is not an attack vector for this vulnerability and offers mitigation options to protect systems if immediate patching cannot be immediately performed.
Rapid7: Rounding out this month’s half dozen exploited-in-the-wild vulnerabilities is CVE-2024-38189, which describes RCE in Microsoft Project. Exploitation requires that an attacker convince the user to open a malicious file, and is possible only where the “Block macros from running in Office files from the Internet” policy is disabled — it is enabled by default — and the “VBA Macro Notification Settings” are set to a low enough level. Happily, the Preview Pane is not an attack vector in this case.
ZDI: CVE-2024-38189 - Microsoft Project Remote Code Execution Vulnerability. It’s definitely odd to see a code execution bug in Project, but not only do we have one here, it’s being exploited in the wild. For the most part, this is your typical open-and-own bug, but in this case, the target allows macros to run from the internet. The target also needs to disable the VBA Macro Notification Settings. If you do this, please don’t. Here’s some guidance on how to block macros from running in Office products. And if you’re opening random Project files from dicey resources, please go re-take your phishing training.
Memory Corruption (1)Qualys: CVE-2024-38178: Scripting Engine Memory Corruption Vulnerability An attacker may exploit the vulnerability by convincing an authenticated user to a specially crafted URL to be compromised by the attacker. CISA acknowledged the active exploitation of CVE-2024-38178 by adding it to its Known Exploited Vulnerabilities Catalog and requesting users patch the flaw before September 3, 2024.
Tenable: CVE-2024-38178 | Scripting Engine Memory Corruption Vulnerability
Tenable: CVE-2024-38178 is a Scripting Engine memory corruption vulnerability in Windows Scripting. This vulnerability was assigned a CVSSv3 score of 7.5 and Microsoft notes that exploitation has been observed. According to Microsoft, an authenticated victim must have Edge in Internet Explorer Mode as a prerequisite for exploitation prior to an unauthenticated attacker convincing the victim to click a specially crafted URL to obtain RCE.
Rapid7: Although Edge RCE vulnerability CVE-2024-38178 is already known to be exploited in the wild, it likely won’t be top of anyone’s list of greatest concerns this month. The advisory clarifies that successful exploitation would require the attacker to not only convince a user to click a malicious link, but also to first prepare the target asset so that it uses Edge in Internet Explorer Mode. IE Mode provides backwards-compatibility functionality so that users can view legacy websites which rely on the fascinating idiosyncrasies of Internet Explorer; such sites are often served by enterprise legacy web applications, which goes a long way to explaining Microsoft’s continued motivation to keep Internet Explorer somewhat alive. If not already enabled on the target asset, the attacker would have to achieve a modification of Edge settings to enable the “Allow sites to be reloaded in Internet Explorer” setting. Subsequent exploitation would involve convincing the user to open an Internet Explorer mode tab within Edge and then opening the malicious URL. Remediation involves patching Windows itself; all current versions of Windows are affected.
ZDI: CVE-2024-38178 - Scripting Engine Memory Corruption Vulnerability. This vulnerability is somewhat unusual as it requires the target to be using Edge in Internet Explorer mode. It seems the long arm of IE again reaches out from beyond the vale to cause problems. Once Edge is in IE mode, it just takes a user to click a link to get code execution. This patch also comes with a fix for Windows 11 v24H2, which isn’t generally available. However, Copilot+ devices ship with this Windows version, thus the update here.
Remote Code Execution (1)MS PT Extended: CVE-2024-6387 was published before August 2024 Patch Tuesday from 2024-07-10 to 2024-08-12
Remote Code Execution (30)Qualys: CVE-2023-40547: Shim RCE in HTTP boot support may lead to secure boot bypass The vulnerability exists in Linux Shim boot. Successful exploitation of the vulnerability could lead to remote code execution, crash, denial of service, and exposure of sensitive data under specific circumstances.
Qualys: CVE-2024-38063: Windows TCP/IP Remote Code Execution Vulnerability Transmission Control Protocol/Internet Protocol (TCP/IP) is an industry-standard protocol suite designed for large networks of network segments connected by routers. TCP/IP is the core protocol suite used on the Internet. An unauthenticated attacker may send IPv6 packets, including specially crafted packets, to a Windows machine, which can lead to remote code execution.
Tenable: CVE-2024-38063 | Windows TCP/IP Remote Code Execution Vulnerability
Tenable: CVE-2024-38063 is a critical RCE vulnerability affecting Windows TCP/IP. It received a CVSSv3 score of 9.8 and is rated as “Exploitation More Likely.” An attacker could remotely exploit this vulnerability by sending specially crafted IPv6 packets to a host. Microsoft’s mitigation suggestions suggest disabling IPv6 as only IPv6 packets can be abused to exploit this vulnerability. Microsoft has released patches for all supported versions of Windows and Windows Server, including Server Core installations.
MS PT Extended: CVE-2024-7256 was published before August 2024 Patch Tuesday from 2024-07-10 to 2024-08-12
Qualys: Microsoft Patch Tuesday for August 2024 Microsoft Patch’s Tuesday, August 2024 edition addressed 102 vulnerabilities, including nine critical and 77 important severity vulnerabilities. In this month’s updates, Microsoft has addressed six actively exploited vulnerabilities, along with three publicly disclosed zero-day vulnerabilities (CVE-2024-21302, CVE-2024-38202, and CVE-2024-38199). There is a tenth publicly disclosed zero-day vulnerability (CVE-2024-38200) for which Microsoft has not released any patch. Microsoft has addressed 12 vulnerabilities in Microsoft Edge (Chromium-based), which were patched earlier this month. Microsoft Patch Tuesday, August edition includes updates for vulnerabilities in Microsoft Office and Components, Microsoft Windows DNS, Windows TCP/IP, Microsoft Teams, Windows Secure Boot, Windows Secure Kernel Mode, Windows Security Center, Windows SmartScreen, Windows App Installer, Windows Scripting, and more. Microsoft has fixed several flaws in multiple software, including Spoofing, Denial of Service (DoS), Elevation of Privilege (EoP), Cross-site Scripting (XSS), Information Disclosure, Security Feature Bypass, and Remote Code Execution (RCE). The August 2024 Microsoft vulnerabilities are classified as follows: Vulnerability CategoryQuantitySeveritiesSpoofing Vulnerability5Important: 5Denial of Service Vulnerability6Important: 6Elevation of Privilege Vulnerability34Critical: 1Important: 33Information Disclosure Vulnerability7Critical: 1Important: 6Remote Code Execution Vulnerability28Critical: 4Important: 24Security Feature Bypass Vulnerability4Important: 2Cross-site Scripting Vulnerability1Critical: 1
Tenable: CVE-2024-38199 | Windows Line Printer Daemon (LPD) Service Remote Code Execution Vulnerability
Tenable: CVE-2024-38199 is a RCE vulnerability in Windows Line Printer Daemon (LPD) Service. The flaw was assigned a CVSSv3 score of 9.8 and rated “Exploitation Less Likely” by Microsoft. A remote attacker could exploit this across a network by dispatching a specially crafted print task to Windows LPD Service, if successful it would result in RCE on the server. Microsoft has also noted that it was publicly disclosed prior to a patch being available.
Rapid7: Line Printer Daemon (LPD) vulnerabilities are like buses: you wait ages for one, and then two come along in quick succession. Last month’s denial of service vulnerability is now joined by CVE-2024-38199, a publicly-disclosed RCE vulnerability. Exploitation requires that an attacker sends a malicious print task to a shared vulnerable Windows Line Printer Daemon service across the network. Many admins won’t need to worry about this vulnerability, since Microsoft has been encouraging everyone to migrate away from LPD for almost a decade, and it isn’t installed by default on Windows products newer than Server 2012. Still, patches are available for Windows Server 2008 SP2, Server 2022 23H2, and everything in between.
Qualys: CVE-2024-38140: Windows Reliable Multicast Transport Driver (RMCAST) Remote Code Execution Vulnerability Reliable multicast transport is a computer networking protocol that sends messages from one sender to multiple receivers in a distributed system, ensuring that all intended recipients receive the message accurately and in the correct order. An unauthenticated attacker may exploit the vulnerability by sending specially crafted packets to a Windows Pragmatic General Multicast (PGM) open socket on the server. Exploitation of the vulnerability does not require any user interaction.
Qualys: CVE-2024-38159 & CVE-2024-38160: Windows Network Virtualization Remote Code Execution Vulnerability Windows Network Virtualization (WNV) allows developers to send on-demand policy requests to a data center management server or orchestrator. These requests can respond to virtual machine life cycle events, such as provisioning and live migration. An attacker may exploit the vulnerability by leveraging the unchecked return value in the wnv.sys component of Windows Server 2016. An attacker may cause unauthorized memory writes or even free a valid block currently in use by manipulating the Memory Descriptor List (MDL) content. Successful exploitation of the vulnerability may lead to a critical guest-to-host escape.
MS PT Extended: CVE-2024-38219 was published before August 2024 Patch Tuesday from 2024-07-10 to 2024-08-12
MS PT Extended: CVE-2024-39379 was published before August 2024 Patch Tuesday from 2024-07-10 to 2024-08-12
Qualys: CVE-2022-3775: Heap-based out-of-bounds write when rendering certain Unicode sequences Microsoft has not released any information about the vulnerability.
Authentication Bypass (5)MS PT Extended: CVE-2024-38202 was published before August 2024 Patch Tuesday from 2024-07-10 to 2024-08-12
Qualys: Microsoft Patch Tuesday for August 2024 Microsoft Patch’s Tuesday, August 2024 edition addressed 102 vulnerabilities, including nine critical and 77 important severity vulnerabilities. In this month’s updates, Microsoft has addressed six actively exploited vulnerabilities, along with three publicly disclosed zero-day vulnerabilities (CVE-2024-21302, CVE-2024-38202, and CVE-2024-38199). There is a tenth publicly disclosed zero-day vulnerability (CVE-2024-38200) for which Microsoft has not released any patch. Microsoft has addressed 12 vulnerabilities in Microsoft Edge (Chromium-based), which were patched earlier this month. Microsoft Patch Tuesday, August edition includes updates for vulnerabilities in Microsoft Office and Components, Microsoft Windows DNS, Windows TCP/IP, Microsoft Teams, Windows Secure Boot, Windows Secure Kernel Mode, Windows Security Center, Windows SmartScreen, Windows App Installer, Windows Scripting, and more. Microsoft has fixed several flaws in multiple software, including Spoofing, Denial of Service (DoS), Elevation of Privilege (EoP), Cross-site Scripting (XSS), Information Disclosure, Security Feature Bypass, and Remote Code Execution (RCE). The August 2024 Microsoft vulnerabilities are classified as follows: Vulnerability CategoryQuantitySeveritiesSpoofing Vulnerability5Important: 5Denial of Service Vulnerability6Important: 6Elevation of Privilege Vulnerability34Critical: 1Important: 33Information Disclosure Vulnerability7Critical: 1Important: 6Remote Code Execution Vulnerability28Critical: 4Important: 24Security Feature Bypass Vulnerability4Important: 2Cross-site Scripting Vulnerability1Critical: 1
Tenable: CVE-2024-38163 and CVE-2024-38202 | Windows Update Stack Elevation of Privilege Vulnerability
Tenable: CVE-2024-38163 and CVE-2024-38202 are both EoP vulnerabilities in Windows Update Stack and were assigned CVSSv3 scores of 7.8 and 7.3 respectively. CVE-2024-38163, if successfully exploited could result in gaining SYSTEM privileges. Microsoft has noted that users don’t need to take any action for this vulnerability as it is only exploitable at run time and the impacted version of WinRE has been superseded by a new version.
Tenable: CVE-2024-38202 was disclosed and presented at BlackHat USA 2024 and DEF CON 32 by SafeBreach Labs researcher Alon Leviev prior to the August 2024 Patch Tuesday release. The vulnerability which exists in Windows Backup, allows a user with basic privileges to “reintroduce previously mitigated vulnerabilities or circumvent some features of Virtualization Based Security (VBS)”. Leviev identified the vulnerability in the Windows Update mechanism that could allow unauthorized elevation of privileges by enforcing the downgrade of system components. This vulnerability exposes systems to previously patched exploits, making them susceptible to attacks that could leverage these old vulnerabilities. Microsoft has noted that “an attacker attempting to exploit this vulnerability requires additional interaction by a privileged user to be successful.” Microsoft issued an advisory in coordination with this disclosure at Black Hat.
Tenable: CVE-2024-21302 was disclosed at Black Hat USA 2024 by the previously mentioned security researcher, Alon Leviev. Leviev demonstrated that CVE-2024-21302 could be chained with CVE-2024-38202 to downgrade or roll back software versions without the need for interaction from a victim with elevated privileges. The result of this chained attack is the target device could be made susceptible to previously patched vulnerabilities, increasing the attack surface of the device. CVE-2024-21302 was also included in the previously mentioned Microsoft advisory released in coordination with the disclosure at Black Hat.
Rapid7: CVE-2024-38202 describes an elevation of privilege vulnerability in the Windows Update Stack, and exploitation requires that an attacker convinces an administrative user to perform a system restore — unusual, certainly, but social engineers can accomplish many things. Microsoft optimistically assesses exploitation of this vulnerability as less likely. The advisory does not explain how a user with basic privileges can modify the target asset’s System directory, which is required to plant the malicious system restore files, although the SafeBreach write-up does explain the flaw in significant detail. No patch is yet available, although the advisory states that a security update to mitigate this threat is under development. Microsoft provides several recommended actions, which do not mitigate the vulnerability, but can at least provide additional barriers to exploitation and put in place some useful additional visibility of the attack surface and exploitation attempts. One possible outcome of exploitation is that an attacker could modify the integrity and repair utility so that it will no longer detect corruptions in Windows system files.
MS PT Extended: CVE-2024-38182 was published before August 2024 Patch Tuesday from 2024-07-10 to 2024-08-12
MS PT Extended: CVE-2024-21302 was published before August 2024 Patch Tuesday from 2024-07-10 to 2024-08-12
Qualys: Microsoft Patch Tuesday for August 2024 Microsoft Patch’s Tuesday, August 2024 edition addressed 102 vulnerabilities, including nine critical and 77 important severity vulnerabilities. In this month’s updates, Microsoft has addressed six actively exploited vulnerabilities, along with three publicly disclosed zero-day vulnerabilities (CVE-2024-21302, CVE-2024-38202, and CVE-2024-38199). There is a tenth publicly disclosed zero-day vulnerability (CVE-2024-38200) for which Microsoft has not released any patch. Microsoft has addressed 12 vulnerabilities in Microsoft Edge (Chromium-based), which were patched earlier this month. Microsoft Patch Tuesday, August edition includes updates for vulnerabilities in Microsoft Office and Components, Microsoft Windows DNS, Windows TCP/IP, Microsoft Teams, Windows Secure Boot, Windows Secure Kernel Mode, Windows Security Center, Windows SmartScreen, Windows App Installer, Windows Scripting, and more. Microsoft has fixed several flaws in multiple software, including Spoofing, Denial of Service (DoS), Elevation of Privilege (EoP), Cross-site Scripting (XSS), Information Disclosure, Security Feature Bypass, and Remote Code Execution (RCE). The August 2024 Microsoft vulnerabilities are classified as follows: Vulnerability CategoryQuantitySeveritiesSpoofing Vulnerability5Important: 5Denial of Service Vulnerability6Important: 6Elevation of Privilege Vulnerability34Critical: 1Important: 33Information Disclosure Vulnerability7Critical: 1Important: 6Remote Code Execution Vulnerability28Critical: 4Important: 24Security Feature Bypass Vulnerability4Important: 2Cross-site Scripting Vulnerability1Critical: 1
Tenable: CVE-2024-21302 and CVE-2024-38142 | Windows Secure Kernel Mode Elevation of Privilege Vulnerability
Tenable: CVE-2024-21302 and CVE-2024-38142 are both elevation of privilege vulnerabilities in Windows Secure Kernel with an exploitability assessment by Microsoft as “Exploitation Less Likely”. CVE-2024-21302 carries a CVSSv3 score of 6.7 and CVE-2024-38142 a score of 7.8 with successful exploitation of either of these vulnerabilities resulting in an attacker gaining SYSTEM privileges.
Tenable: CVE-2024-21302 was disclosed at Black Hat USA 2024 by the previously mentioned security researcher, Alon Leviev. Leviev demonstrated that CVE-2024-21302 could be chained with CVE-2024-38202 to downgrade or roll back software versions without the need for interaction from a victim with elevated privileges. The result of this chained attack is the target device could be made susceptible to previously patched vulnerabilities, increasing the attack surface of the device. CVE-2024-21302 was also included in the previously mentioned Microsoft advisory released in coordination with the disclosure at Black Hat.
Rapid7: CVE-2024-21302 is the second half of the downgrade attack pair discovered by SafeBreach. Exploitation allows an attacker with administrator privileges to replace updated Windows system files with older versions and thus reintroduce vulnerabilities to Virtualization-based security (VBS). Patches are available; however, defenders must note that the patch does not automatically remediate assets, but instead delivers an opt-in Microsoft-signed revocation policy, which brings with it the risk of a boot loop if applied and then improperly reverted. Significant guidance is available under KB5042562: Guidance for blocking rollback of Virtualization-based Security (VBS) related security updates.
MS PT Extended: CVE-2024-38176 was published before August 2024 Patch Tuesday from 2024-07-10 to 2024-08-12
MS PT Extended: CVE-2024-38164 was published before August 2024 Patch Tuesday from 2024-07-10 to 2024-08-12
Security Feature Bypass (7)MS PT Extended: CVE-2024-6995 was published before August 2024 Patch Tuesday from 2024-07-10 to 2024-08-12
MS PT Extended: CVE-2024-7003 was published before August 2024 Patch Tuesday from 2024-07-10 to 2024-08-12
MS PT Extended: CVE-2024-6772 was published before August 2024 Patch Tuesday from 2024-07-10 to 2024-08-12
MS PT Extended: CVE-2024-6773 was published before August 2024 Patch Tuesday from 2024-07-10 to 2024-08-12
MS PT Extended: CVE-2024-7004 was published before August 2024 Patch Tuesday from 2024-07-10 to 2024-08-12
MS PT Extended: CVE-2024-7005 was published before August 2024 Patch Tuesday from 2024-07-10 to 2024-08-12
Information Disclosure (8)MS PT Extended: CVE-2024-38103 was published before August 2024 Patch Tuesday from 2024-07-10 to 2024-08-12
Elevation of Privilege (30)Qualys: Other Microsoft Vulnerability Highlights CVE-2024-38196 is an elevation of privilege vulnerability in the Windows Common Log File System Driver. On successful exploitation, an attacker could gain SYSTEM privileges. CVE-2024-38198 is an elevation of privilege vulnerability in Windows Print Spooler. An attacker must win a race condition to exploit the vulnerability. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges. CVE-2024-38125 is an elevation of privilege vulnerability in Kernel Streaming WOW Thunk Service Driver. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges. CVE-2024-38133 is an elevation of privilege vulnerability in Windows Kernel. An attacker may exploit the vulnerability by convincing a user to send a request to a malicious server. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. CVE-2024-38141 is an elevation of privilege vulnerability in Windows Ancillary Function Driver for WinSock. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges. CVE-2024-38144 is an elevation of privilege vulnerability in Kernel Streaming WOW Thunk Service Driver. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. CVE-2024-38147 is an elevation of privilege vulnerability in Microsoft DWM Core Library. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. To exploit this vulnerability, an attacker must log on to the system. CVE-2024-38148 is a denial-of-service vulnerability in Windows Secure Channel. CVE-2024-38150 is an elevation of privilege vulnerability in Windows DWM Core Library. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges. CVE-2024-38163 is an elevation of privilege vulnerability in the Windows Update Stack. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges.
Tenable: CVE-2024-38106, CVE-2024-38133 and CVE-2024-38153 | Windows Kernel Elevation of Privilege Vulnerability
Tenable: CVE-2024-38106, CVE-2024-38133 and CVE-2024-38153 are EoP vulnerabilities affecting the Windows Kernel. CVE-2024-38133 and CVE-2024-38153 received CVSSv3 scores of 7.8, while CVE-2024-38106 was scored as a 7. Despite the lower severity and the exploitability requirements of the attacker needing to win a race condition for successful exploitation, CVE-2024-38106 was reportedly exploited in the wild as a zero-day. CVE-2024-38133 and CVE-2024-38153 were not listed as being exploited, however CVE-2024-38133 was rated as “Exploitation More Likely” according to the Microsoft Exploitability Index. Successful exploitation of these vulnerabilities could allow the attacker to elevate privileges to SYSTEM.
Qualys: Other Microsoft Vulnerability Highlights CVE-2024-38196 is an elevation of privilege vulnerability in the Windows Common Log File System Driver. On successful exploitation, an attacker could gain SYSTEM privileges. CVE-2024-38198 is an elevation of privilege vulnerability in Windows Print Spooler. An attacker must win a race condition to exploit the vulnerability. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges. CVE-2024-38125 is an elevation of privilege vulnerability in Kernel Streaming WOW Thunk Service Driver. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges. CVE-2024-38133 is an elevation of privilege vulnerability in Windows Kernel. An attacker may exploit the vulnerability by convincing a user to send a request to a malicious server. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. CVE-2024-38141 is an elevation of privilege vulnerability in Windows Ancillary Function Driver for WinSock. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges. CVE-2024-38144 is an elevation of privilege vulnerability in Kernel Streaming WOW Thunk Service Driver. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. CVE-2024-38147 is an elevation of privilege vulnerability in Microsoft DWM Core Library. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. To exploit this vulnerability, an attacker must log on to the system. CVE-2024-38148 is a denial-of-service vulnerability in Windows Secure Channel. CVE-2024-38150 is an elevation of privilege vulnerability in Windows DWM Core Library. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges. CVE-2024-38163 is an elevation of privilege vulnerability in the Windows Update Stack. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges.
Qualys: Other Microsoft Vulnerability Highlights CVE-2024-38196 is an elevation of privilege vulnerability in the Windows Common Log File System Driver. On successful exploitation, an attacker could gain SYSTEM privileges. CVE-2024-38198 is an elevation of privilege vulnerability in Windows Print Spooler. An attacker must win a race condition to exploit the vulnerability. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges. CVE-2024-38125 is an elevation of privilege vulnerability in Kernel Streaming WOW Thunk Service Driver. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges. CVE-2024-38133 is an elevation of privilege vulnerability in Windows Kernel. An attacker may exploit the vulnerability by convincing a user to send a request to a malicious server. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. CVE-2024-38141 is an elevation of privilege vulnerability in Windows Ancillary Function Driver for WinSock. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges. CVE-2024-38144 is an elevation of privilege vulnerability in Kernel Streaming WOW Thunk Service Driver. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. CVE-2024-38147 is an elevation of privilege vulnerability in Microsoft DWM Core Library. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. To exploit this vulnerability, an attacker must log on to the system. CVE-2024-38148 is a denial-of-service vulnerability in Windows Secure Channel. CVE-2024-38150 is an elevation of privilege vulnerability in Windows DWM Core Library. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges. CVE-2024-38163 is an elevation of privilege vulnerability in the Windows Update Stack. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges.
Tenable: CVE-2024-38141 and CVE-2024-38193 | Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
Tenable: CVE-2024-38141 and CVE-2024-38193 are EoP vulnerabilities affecting the Windows Ancillary Function Driver for Winsock (afd.sys). Both of these vulnerabilities were given CVSSv3 scores of 7.8 and can allow an attacker to escalate privileges to SYSTEM. CVE-2024-38141 is rated as “Exploitation More Likely” and CVE-2024-38193 was reported to have been exploited in the wild as a zero-day vulnerability.
Qualys: Other Microsoft Vulnerability Highlights CVE-2024-38196 is an elevation of privilege vulnerability in the Windows Common Log File System Driver. On successful exploitation, an attacker could gain SYSTEM privileges. CVE-2024-38198 is an elevation of privilege vulnerability in Windows Print Spooler. An attacker must win a race condition to exploit the vulnerability. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges. CVE-2024-38125 is an elevation of privilege vulnerability in Kernel Streaming WOW Thunk Service Driver. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges. CVE-2024-38133 is an elevation of privilege vulnerability in Windows Kernel. An attacker may exploit the vulnerability by convincing a user to send a request to a malicious server. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. CVE-2024-38141 is an elevation of privilege vulnerability in Windows Ancillary Function Driver for WinSock. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges. CVE-2024-38144 is an elevation of privilege vulnerability in Kernel Streaming WOW Thunk Service Driver. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. CVE-2024-38147 is an elevation of privilege vulnerability in Microsoft DWM Core Library. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. To exploit this vulnerability, an attacker must log on to the system. CVE-2024-38148 is a denial-of-service vulnerability in Windows Secure Channel. CVE-2024-38150 is an elevation of privilege vulnerability in Windows DWM Core Library. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges. CVE-2024-38163 is an elevation of privilege vulnerability in the Windows Update Stack. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges.
Qualys: Other Microsoft Vulnerability Highlights CVE-2024-38196 is an elevation of privilege vulnerability in the Windows Common Log File System Driver. On successful exploitation, an attacker could gain SYSTEM privileges. CVE-2024-38198 is an elevation of privilege vulnerability in Windows Print Spooler. An attacker must win a race condition to exploit the vulnerability. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges. CVE-2024-38125 is an elevation of privilege vulnerability in Kernel Streaming WOW Thunk Service Driver. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges. CVE-2024-38133 is an elevation of privilege vulnerability in Windows Kernel. An attacker may exploit the vulnerability by convincing a user to send a request to a malicious server. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. CVE-2024-38141 is an elevation of privilege vulnerability in Windows Ancillary Function Driver for WinSock. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges. CVE-2024-38144 is an elevation of privilege vulnerability in Kernel Streaming WOW Thunk Service Driver. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. CVE-2024-38147 is an elevation of privilege vulnerability in Microsoft DWM Core Library. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. To exploit this vulnerability, an attacker must log on to the system. CVE-2024-38148 is a denial-of-service vulnerability in Windows Secure Channel. CVE-2024-38150 is an elevation of privilege vulnerability in Windows DWM Core Library. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges. CVE-2024-38163 is an elevation of privilege vulnerability in the Windows Update Stack. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges.
Qualys: Other Microsoft Vulnerability Highlights CVE-2024-38196 is an elevation of privilege vulnerability in the Windows Common Log File System Driver. On successful exploitation, an attacker could gain SYSTEM privileges. CVE-2024-38198 is an elevation of privilege vulnerability in Windows Print Spooler. An attacker must win a race condition to exploit the vulnerability. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges. CVE-2024-38125 is an elevation of privilege vulnerability in Kernel Streaming WOW Thunk Service Driver. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges. CVE-2024-38133 is an elevation of privilege vulnerability in Windows Kernel. An attacker may exploit the vulnerability by convincing a user to send a request to a malicious server. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. CVE-2024-38141 is an elevation of privilege vulnerability in Windows Ancillary Function Driver for WinSock. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges. CVE-2024-38144 is an elevation of privilege vulnerability in Kernel Streaming WOW Thunk Service Driver. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. CVE-2024-38147 is an elevation of privilege vulnerability in Microsoft DWM Core Library. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. To exploit this vulnerability, an attacker must log on to the system. CVE-2024-38148 is a denial-of-service vulnerability in Windows Secure Channel. CVE-2024-38150 is an elevation of privilege vulnerability in Windows DWM Core Library. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges. CVE-2024-38163 is an elevation of privilege vulnerability in the Windows Update Stack. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges.
Tenable: CVE-2024-21302 and CVE-2024-38142 | Windows Secure Kernel Mode Elevation of Privilege Vulnerability
Tenable: CVE-2024-21302 and CVE-2024-38142 are both elevation of privilege vulnerabilities in Windows Secure Kernel with an exploitability assessment by Microsoft as “Exploitation Less Likely”. CVE-2024-21302 carries a CVSSv3 score of 6.7 and CVE-2024-38142 a score of 7.8 with successful exploitation of either of these vulnerabilities resulting in an attacker gaining SYSTEM privileges.
Qualys: Other Microsoft Vulnerability Highlights CVE-2024-38196 is an elevation of privilege vulnerability in the Windows Common Log File System Driver. On successful exploitation, an attacker could gain SYSTEM privileges. CVE-2024-38198 is an elevation of privilege vulnerability in Windows Print Spooler. An attacker must win a race condition to exploit the vulnerability. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges. CVE-2024-38125 is an elevation of privilege vulnerability in Kernel Streaming WOW Thunk Service Driver. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges. CVE-2024-38133 is an elevation of privilege vulnerability in Windows Kernel. An attacker may exploit the vulnerability by convincing a user to send a request to a malicious server. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. CVE-2024-38141 is an elevation of privilege vulnerability in Windows Ancillary Function Driver for WinSock. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges. CVE-2024-38144 is an elevation of privilege vulnerability in Kernel Streaming WOW Thunk Service Driver. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. CVE-2024-38147 is an elevation of privilege vulnerability in Microsoft DWM Core Library. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. To exploit this vulnerability, an attacker must log on to the system. CVE-2024-38148 is a denial-of-service vulnerability in Windows Secure Channel. CVE-2024-38150 is an elevation of privilege vulnerability in Windows DWM Core Library. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges. CVE-2024-38163 is an elevation of privilege vulnerability in the Windows Update Stack. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges.
Tenable: CVE-2024-38163 and CVE-2024-38202 | Windows Update Stack Elevation of Privilege Vulnerability
Tenable: CVE-2024-38163 and CVE-2024-38202 are both EoP vulnerabilities in Windows Update Stack and were assigned CVSSv3 scores of 7.8 and 7.3 respectively. CVE-2024-38163, if successfully exploited could result in gaining SYSTEM privileges. Microsoft has noted that users don’t need to take any action for this vulnerability as it is only exploitable at run time and the impacted version of WinRE has been superseded by a new version.
Qualys: Other Microsoft Vulnerability Highlights CVE-2024-38196 is an elevation of privilege vulnerability in the Windows Common Log File System Driver. On successful exploitation, an attacker could gain SYSTEM privileges. CVE-2024-38198 is an elevation of privilege vulnerability in Windows Print Spooler. An attacker must win a race condition to exploit the vulnerability. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges. CVE-2024-38125 is an elevation of privilege vulnerability in Kernel Streaming WOW Thunk Service Driver. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges. CVE-2024-38133 is an elevation of privilege vulnerability in Windows Kernel. An attacker may exploit the vulnerability by convincing a user to send a request to a malicious server. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. CVE-2024-38141 is an elevation of privilege vulnerability in Windows Ancillary Function Driver for WinSock. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges. CVE-2024-38144 is an elevation of privilege vulnerability in Kernel Streaming WOW Thunk Service Driver. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. CVE-2024-38147 is an elevation of privilege vulnerability in Microsoft DWM Core Library. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. To exploit this vulnerability, an attacker must log on to the system. CVE-2024-38148 is a denial-of-service vulnerability in Windows Secure Channel. CVE-2024-38150 is an elevation of privilege vulnerability in Windows DWM Core Library. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges. CVE-2024-38163 is an elevation of privilege vulnerability in the Windows Update Stack. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges.
Spoofing (9)MS PT Extended: CVE-2024-38156 was published before August 2024 Patch Tuesday from 2024-07-10 to 2024-08-12
MS PT Extended: CVE-2024-38200 was published before August 2024 Patch Tuesday from 2024-07-10 to 2024-08-12
Qualys: Microsoft Patch Tuesday for August 2024 Microsoft Patch’s Tuesday, August 2024 edition addressed 102 vulnerabilities, including nine critical and 77 important severity vulnerabilities. In this month’s updates, Microsoft has addressed six actively exploited vulnerabilities, along with three publicly disclosed zero-day vulnerabilities (CVE-2024-21302, CVE-2024-38202, and CVE-2024-38199). There is a tenth publicly disclosed zero-day vulnerability (CVE-2024-38200) for which Microsoft has not released any patch. Microsoft has addressed 12 vulnerabilities in Microsoft Edge (Chromium-based), which were patched earlier this month. Microsoft Patch Tuesday, August edition includes updates for vulnerabilities in Microsoft Office and Components, Microsoft Windows DNS, Windows TCP/IP, Microsoft Teams, Windows Secure Boot, Windows Secure Kernel Mode, Windows Security Center, Windows SmartScreen, Windows App Installer, Windows Scripting, and more. Microsoft has fixed several flaws in multiple software, including Spoofing, Denial of Service (DoS), Elevation of Privilege (EoP), Cross-site Scripting (XSS), Information Disclosure, Security Feature Bypass, and Remote Code Execution (RCE). The August 2024 Microsoft vulnerabilities are classified as follows: Vulnerability CategoryQuantitySeveritiesSpoofing Vulnerability5Important: 5Denial of Service Vulnerability6Important: 6Elevation of Privilege Vulnerability34Critical: 1Important: 33Information Disclosure Vulnerability7Critical: 1Important: 6Remote Code Execution Vulnerability28Critical: 4Important: 24Security Feature Bypass Vulnerability4Important: 2Cross-site Scripting Vulnerability1Critical: 1
Tenable: CVE-2024-38200 | Microsoft Office Spoofing Vulnerability
Tenable: CVE-2024-38200 is a spoofing vulnerability affecting Microsoft Office with a CVSSv3 score of 6.5 and rated by Microsoft as “Exploitation Less Likely”. An attacker could leverage this vulnerability with a specially crafted file that a victim would need to interact with. This could be achieved by hosting it on a file server or website and convincing the victim to click on the file or similarly it could be included in a phishing email. Successful exploitation of the vulnerability could result in the victim exposing NTLM (New Technology Lan Manager) hashes to a remote attacker.
Tenable: CVE-2024-38200 was publicly disclosed on August 8 at DEF CON 32 by Jim Rush and Tomais Williamson, both Senior Security Consultants at PrivSec Consulting. Patches for this vulnerability were released today as part of the August 2024 Patch Tuesday released, however on August 10, Microsoft provided mitigations in coordination with this disclosure prior to the patch being released.
Rapid7: Published last week to acknowledge its public disclosure, and patched today for all current versions of Office, CVE-2024-38200 describes a spoofing vulnerability. Exploitation requires that the user click a malicious link. Although the advisory doesn’t describe the impact, the weakness is CWE-200: Exposure of Sensitive Information to an Unauthorized Actor, and the FAQ mentions outgoing NTLM traffic; reading between the lines, it’s highly likely that NTLM hashes are exposed upon successful exploitation.
MS PT Extended: CVE-2024-7001 was published before August 2024 Patch Tuesday from 2024-07-10 to 2024-08-12
MS PT Extended: CVE-2024-6999 was published before August 2024 Patch Tuesday from 2024-07-10 to 2024-08-12
MS PT Extended: CVE-2024-6996 was published before August 2024 Patch Tuesday from 2024-07-10 to 2024-08-12
Memory Corruption (22)MS PT Extended: CVE-2024-6988 was published before August 2024 Patch Tuesday from 2024-07-10 to 2024-08-12
MS PT Extended: CVE-2024-7534 was published before August 2024 Patch Tuesday from 2024-07-10 to 2024-08-12
MS PT Extended: CVE-2024-6774 was published before August 2024 Patch Tuesday from 2024-07-10 to 2024-08-12
MS PT Extended: CVE-2024-7536 was published before August 2024 Patch Tuesday from 2024-07-10 to 2024-08-12
MS PT Extended: CVE-2024-6998 was published before August 2024 Patch Tuesday from 2024-07-10 to 2024-08-12
MS PT Extended: CVE-2024-6775 was published before August 2024 Patch Tuesday from 2024-07-10 to 2024-08-12
MS PT Extended: CVE-2024-7533 was published before August 2024 Patch Tuesday from 2024-07-10 to 2024-08-12
MS PT Extended: CVE-2024-6776 was published before August 2024 Patch Tuesday from 2024-07-10 to 2024-08-12
MS PT Extended: CVE-2024-6990 was published before August 2024 Patch Tuesday from 2024-07-10 to 2024-08-12
MS PT Extended: CVE-2024-6997 was published before August 2024 Patch Tuesday from 2024-07-10 to 2024-08-12
MS PT Extended: CVE-2024-7550 was published before August 2024 Patch Tuesday from 2024-07-10 to 2024-08-12
MS PT Extended: CVE-2024-7255 was published before August 2024 Patch Tuesday from 2024-07-10 to 2024-08-12
MS PT Extended: CVE-2024-6779 was published before August 2024 Patch Tuesday from 2024-07-10 to 2024-08-12
MS PT Extended: CVE-2024-6989 was published before August 2024 Patch Tuesday from 2024-07-10 to 2024-08-12
MS PT Extended: CVE-2024-6991 was published before August 2024 Patch Tuesday from 2024-07-10 to 2024-08-12
MS PT Extended: CVE-2024-7532 was published before August 2024 Patch Tuesday from 2024-07-10 to 2024-08-12
MS PT Extended: CVE-2024-7535 was published before August 2024 Patch Tuesday from 2024-07-10 to 2024-08-12
MS PT Extended: CVE-2024-7000 was published before August 2024 Patch Tuesday from 2024-07-10 to 2024-08-12
MS PT Extended: CVE-2024-6777 was published before August 2024 Patch Tuesday from 2024-07-10 to 2024-08-12
MS PT Extended: CVE-2024-6994 was published before August 2024 Patch Tuesday from 2024-07-10 to 2024-08-12
MS PT Extended: CVE-2024-38218 was published before August 2024 Patch Tuesday from 2024-07-10 to 2024-08-12
Denial of Service (6)Qualys: Other Microsoft Vulnerability Highlights CVE-2024-38196 is an elevation of privilege vulnerability in the Windows Common Log File System Driver. On successful exploitation, an attacker could gain SYSTEM privileges. CVE-2024-38198 is an elevation of privilege vulnerability in Windows Print Spooler. An attacker must win a race condition to exploit the vulnerability. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges. CVE-2024-38125 is an elevation of privilege vulnerability in Kernel Streaming WOW Thunk Service Driver. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges. CVE-2024-38133 is an elevation of privilege vulnerability in Windows Kernel. An attacker may exploit the vulnerability by convincing a user to send a request to a malicious server. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. CVE-2024-38141 is an elevation of privilege vulnerability in Windows Ancillary Function Driver for WinSock. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges. CVE-2024-38144 is an elevation of privilege vulnerability in Kernel Streaming WOW Thunk Service Driver. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. CVE-2024-38147 is an elevation of privilege vulnerability in Microsoft DWM Core Library. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. To exploit this vulnerability, an attacker must log on to the system. CVE-2024-38148 is a denial-of-service vulnerability in Windows Secure Channel. CVE-2024-38150 is an elevation of privilege vulnerability in Windows DWM Core Library. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges. CVE-2024-38163 is an elevation of privilege vulnerability in the Windows Update Stack. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges.
Command Injection (2)MS PT Extended: CVE-2024-38206 was published before August 2024 Patch Tuesday from 2024-07-10 to 2024-08-12
Qualys: CVE-2024-38206: Microsoft Copilot Studio Information Disclosure Vulnerability Microsoft Copilot Studio is a graphical, low-code tool for creating and maintaining copilots. A copilot is an AI-powered conversational interface based on large language models (LLMs) and additional sources of knowledge. An authenticated attacker may bypass Server-Side Request Forgery (SSRF) protection in Microsoft Copilot Studio to disclose sensitive information over a network.
Tenable: CVE-2024-38206 | Microsoft Copilot Studio Information Disclosure Vulnerability
Tenable: CVE-2024-38206 is a critical severity information disclosure vulnerability affecting Microsoft’s Copilot Studio, an AI-powered chatbot. This vulnerability received a CVSSv3 score of 8.5 and could be abused by an authenticated attacker to bypass server-side request forgery (SSRF) protections in order to leak potentially sensitive information. The vulnerability was released by Microsoft on August 6, with the advisory noting that no user action is required as the issue has been patched by Microsoft. This vulnerability was discovered and reported to Microsoft by Tenable researcher Evan Grant.
Qualys: CVE-2024-38109: Azure Health Bot Elevation of Privilege Vulnerability An authenticated attacker may exploit a Server-Side Request Forgery (SSRF) vulnerability in Microsoft Azure Health Bot. On successful exploitation, an attacker may elevate privileges over a network.
Tenable: CVE-2024-38109 | Azure Health Bot Elevation of Privilege Vulnerability
Tenable: CVE-2024-38109 is a critical severity EoP vulnerability affecting Azure Health Bot. This vulnerability received a CVSSv3 score of 9.1 and is the result of a SSRF vulnerability in Azure Health Bot that can be abused to escalate privileges. This vulnerability was discovered by Tenable researcher Jimi Sebree and responsibly disclosed to Microsoft. The issue has been patched by Microsoft and no action is required for users of the Health Bot service. For more information on this vulnerability, please refer to Tenable Research Advisories TRA-2024-27 and TRA-2024-28, as well as our blog post.
Cross Site Scripting (2)MS PT Extended: CVE-2024-38166 was published before August 2024 Patch Tuesday from 2024-07-10 to 2024-08-12
Qualys: CVE-2024-38166: Microsoft Dynamics 365 Cross-site Scripting Vulnerability Microsoft Dynamics 365 is an integrated suite of enterprise resource planning and customer relationship management applications offered by Microsoft. It combines various functions such as sales, customer service, field service, operations, finance, marketing, and project service automation into a single platform. An unauthenticated attacker may exploit improper neutralization of input during web page generation in Microsoft Dynamics 365 to spoof over a network. An attacker must convince a user to click on a link to exploit the vulnerability successfully.
Tampering (1)Unknown Vulnerability Type (1)MS PT Extended: CVE-2024-6778 was published before August 2024 Patch Tuesday from 2024-07-10 to 2024-08-12