Microsoft Fixes 89 Security Vulnerabilities Today, Including Multiple Zero-Day Vulnerabilities Already Exploited by Hackers - Users Urged to Update Systems Promptly

Today marks Microsoft's routine update day for August 2024, where Microsoft has rolled out regular security updates for systems including Windows 10/11 and Windows Server, addressing various known security vulnerabilities.

In this update, Microsoft has addressed a total of 89 security vulnerabilities, including 6 that have been actively exploited by hackers and 3 publicly disclosed zero-day vulnerabilities. A patch has not yet been released for the 10th zero-day vulnerability, and specific details remain unclear.

These vulnerabilities relate to elevation of privilege, remote code execution, and information disclosure in Windows, including 36 elevation of privilege vulnerabilities and 28 remote code execution vulnerabilities.

Users of Windows 10/11 and Windows Server systems are advised to download and install the updates as soon as possible.

Critical Security Vulnerability CVE-2024-38063: Windows TCP/IP Remote Code Execution Vulnerability

Attackers can trigger remote code execution by sending specially crafted IPv6 packets to the target device. There are not many details about this vulnerability, but Microsoft mentioned that disabling IPv6 can mitigate the vulnerability, as it cannot be exploited once disabled.

Critical Security Vulnerability CVE-2022-3775:

Submitted by Red Hat, rendering certain Unicode sequences is a stack-based out-of-bounds write, with more details about this vulnerability not yet disclosed.

Critical Security Vulnerability CVE-2023-40547:

Submitted by Red Hat, remote code execution in HTTP boot support could lead to bypassing secure boot, with more details about this vulnerability not yet disclosed.

Actively Exploited Zero-Day Vulnerability CVE-2024-38178: Script Engine Memory Corruption Vulnerability

To trigger this vulnerability, hackers need to induce an authenticated client to click on a link, thereby initiating remote code execution without needing authentication. This vulnerability must be clicked on a hacker's specially crafted link in Microsoft Edge browser's IE mode. Nevertheless, the Korean National Cyber Security Center NCSC and security firm AhnLab have found that this vulnerability has been exploited by hackers.

Actively Exploited Zero-Day Vulnerability CVE-2024-38193: WinSock Elevation of Privilege Vulnerability

With this vulnerability, attackers can gain SYSTEM privileges on Windows systems, one of the highest privileges that allow executing various commands including taking complete control of the system.

The vulnerability was discovered and submitted by Gen Digital's Luigino Camastra and Milánek, though Microsoft has not yet disclosed more details and exploitation scenarios.

Actively Exploited Zero-Day Vulnerability CVE-2024-38213: Bypassing File Origin Mark

This vulnerability has been actively exploited by hackers who create specially crafted, erroneous LNK shortcut files, leading Windows Explorer to correct and remove the file's network origin mark.

Thus, when users open the file, the system no longer pops up a security warning. This vulnerability was discovered and submitted by Trend Micro's Peter Girnus.

Actively Exploited Zero-Day Vulnerability CVE-2024-38106: Windows Kernel Elevation of Privilege Vulnerability

With this vulnerability, attackers can gain SYSTEM privileges through the Windows NT kernel. Microsoft states that exploiting this vulnerability requires winning a race condition, which makes it somewhat difficult to exploit, though the details of the vulnerability have not been disclosed yet.

Actively Exploited Zero-Day Vulnerability CVE-2024-38107: Windows Power Dependency Coordinator Elevation of Privilege

This vulnerability also allows attackers to gain SYSTEM privileges, though Microsoft has not disclosed more details.

Actively Exploited Zero-Day Vulnerability CVE-2024-38189: Microsoft Project Remote Code Execution Vulnerability

Microsoft Project, part of the Office suite (though sold separately), can execute arbitrary code remotely after an attacker induces a user to open a malicious Project file with security policies disabled.

The security policy refers to VBA macros, which Microsoft has already disabled by default, and attempts to load macros will prompt a security alert. However, if users enable macros and ignore the warning, they will be vulnerable.