Welcome to the Patch Tuesday update for August 2024, which lists fixes for 89 vulnerabilities. This month, there are ten zero-day vulnerabilities, of which six are actively exploited while the other four have been publicly disclosed.

After an initial discussion about this month’s updates, we’ll offer our advice for devising a plan to handle patch management in a hybrid work environment. You can also register for our free Patch Tuesday webinar and listen to our experts break down Patch Tuesday updates in detail.

What is Patch Tuesday?

Patch Tuesday falls on the second Tuesday of every month. On this day, Microsoft releases security and non-security updates for its operating system and other related applications. Since Microsoft has upheld this process of releasing updates in a periodic manner, IT admins expect these updates and have time to gear up for them.

Why is Patch Tuesday important?

Important security updates and patches to fix critical bugs or vulnerabilities are released on Patch Tuesday. Usually, zero-day vulnerabilities are also fixed during Patch Tuesday unless the vulnerability is critical and highly exploited, in which case an out-of-band security update is released to address that particular vulnerability.

August 2024 Patch Tuesday

Security updates lineup 

Here is a breakdown of the vulnerabilities fixed this month:

  • CVE IDs: 89 (this count doesn’t include the republished CVE IDs)
  • Republished CVE IDs: 12 (more details on this below)

Security updates were released for the following products, features, and roles:

  • Windows Secure Kernel Mode

  • Windows Kerberos

  • Microsoft Windows DNS

  • Windows TCP/IP

  • Microsoft Office

  • Azure Connected Machine Agent

  • Windows Kernel

  • Windows Power Dependency Coordinator

  • Azure Stack

  • Azure Health Bot

  • Windows IP Routing Management Snapin

  • Windows NTFS

  • Microsoft Local Security Authority Server (lsasrv)

  • Windows Routing and Remote Access Service (RRAS)

  • Microsoft Bluetooth Driver

  • Microsoft Streaming Service

  • Windows Network Address Translation (NAT)

  • Windows Clipboard Virtual Channel Extension

  • Windows NT OS Kernel

  • Windows Resource Manager

  • Windows Deployment Services

  • Reliable Multicast Transport Driver (RMCAST)

  • Windows Ancillary Function Driver for WinSock

  • Windows WLAN Auto Config Service

  • Windows Layer-2 Bridge Network Driver

  • Windows DWM Core Library

  • Windows Transport Security Layer (TLS)

  • Microsoft WDAC OLE DB provider for SQL

  • Windows Security Center

  • Azure IoT SDK

  • Windows Network Virtualization

  • Windows Mobile Broadband

  • Windows Update Stack

  • Windows Compressed Folder

  • Microsoft Dynamics

  • .NET and Visual Studio

  • Microsoft Office Visio

  • Microsoft Office Excel

  • Microsoft Office PowerPoint

  • Microsoft Office Outlook

  • Windows App Installer

  • Windows Scripting

  • Windows SmartScreen

  • Windows Kernel-Mode Drivers

  • Microsoft Office Project

  • Azure CycleCloud

  • Windows Common Log File System Driver

  • Microsoft Teams

  • Windows Print Spooler Components

  • Line Printer Daemon Service (LPD)

  • Microsoft Copilot Studio

  • Windows Mark of the Web (MOTW)

  • Windows Cloud Files Mini Filter Driver

  • Microsoft Edge (Chromium-based)

  • Windows Initial Machine Configuration

Learn more in the MSRC’s release notes.

Details of the zero-day vulnerabilities

Vulnerable component: Windows Ancillary Function Driver for WinSock

Impact: Elevation of Privilege

CVSS 3.1: 7.8

Per Microsoft, an attacker could gain SYSTEM privileges on successful exploitation of this vulnerability.

Vulnerable component: Scripting Engine Memory Corruption Vulnerability

Impact: Remote Code Execution

CVSS: 3.1 7.5

For this zero-day vulnerability to be exploited, an authenticated victim should click on a specially crafted URL prepared by the attacker. Clicking the link enables the attacker to initiate remote code execution.

Vulnerable component: Windows Kernel

 Impact: Elevation of Privilege

CVSS:3.1 7.0

Microsoft states that the vulnerability can be exploited on winning a RACE condition and grants the attacker access to SYSTEM privileges.

Vulnerable component: Windows Mark of the Web

Impact: Security Feature Bypass Vulnerability  

 CVSS 3.1: 6.5

Successful exploitation of this vulnerability allows the attacker to bypass the SmartScreen experience. However, for the exploitation to occur, users must open a malicious file that has been generated and shared by the attacker.

Vulnerable component: Windows Power Dependency Coordinator

Impact: Elevation of Privilege Vulnerability   

CVSS 3.1: 7.8

A successful exploitation of this vulnerability enables access to SYSTEM privileges to the threat actor.

Vulnerable component: Microsoft Project

Impact: Remote Code Execution Vulnerability  

CVSS 3.1: 8.8

Per Microsoft, “Exploitation requires the victim to open a malicious Microsoft Office Project file on a system where the Block macros from running in Office files from the Internet policy is disabled and VBA Macro Notification Settings are not enabled, allowing the attacker to perform remote code execution.”

Hence, they strongly recommend that users do not disable the Block macros from running in Office files from the Internet policy. The detailed mitigation steps can be found here.

The six above-mentioned vulnerabilities are being actively exploited, so it is strongly recommended to deploy the updates or perform the recommended mitigation steps as soon as possible.

The CVE IDs mentioned below have been publicly disclosed. However, as per Microsoft, the exploitation of these vulnerabilities are either less likely or have not been exploited till now. The following CVE IDs are:

  • CVE-2024-38199

    Vulnerable component: Windows Line Printer Daemon (LPD) Service
    Impact: Remote Code Execution Vulnerability
    CVSS 3.1: 9.8

  • CVE-2024-21302
    Vulnerable component: Windows Secure Kernel Mode
    Impact: Elevation of Privilege Vulnerability
    CVSS 3.1: 6.7

  • CVE-2024-38200 
    Vulnerable component: Microsoft Office 
    Impact: Spoofing 
    CVSS 3.1: 6.5

  • CVE-2024-38202 
    Vulnerable component: Windows Update Stack
    Impact: Elevation of Privilege
    CVSS 3.1: 7.3

Republished CVE IDs

Besides the vulnerabilities fixed in this month’s Patch Tuesday, Microsoft has also republished four CVE IDs. These are as follows:

  • CVE-2022-2601

  • CVE-2022-3775

  • CVE-2023-40547

  • CVE-2024-6990

  • CVE-2024-7255

  • CVE-2024-7256

  • CVE-2024-7532

  • CVE-2024-7533

  • CVE-2024-7534

  • CVE-2024-7535

  • CVE-2024-7536

  • CVE-2024-7550

Third-party updates released after last month’s Patch Tuesday

Third-party vendors such as Android, Cisco, and Ivanti have also released updates this August.

Best practices to handle patch management in a hybrid work environment

Most organizations have opted to embrace remote work even after they have been cleared to return to the office. This decision poses various challenges to IT admins, especially in terms of managing and securing distributed endpoints.

Here are a few pointers to simplify the process of remote patching:

  • Disable automatic updates because one faulty patch could bring down the whole system. IT admins can educate end users on how to disable automatic updates on their machines. Patch Manager Plus and Endpoint Central also have a dedicated patch, 105427, that can be deployed to endpoints to ensure that automatic updates are disabled.
  • Create a restore point—a backup or image that captures the state of the machines—before deploying big updates like those from Patch Tuesday.
  • Establish a patching schedule and keep end users informed about it. It is recommended to set up a time for deploying patches and rebooting systems. Let end users know what needs to be done on their end for trouble-free patching.
  • Test the patches on a pilot group of systems before deploying them to the production environment. This will ensure that the patches do not interfere with the workings of other applications.
  • Since many users are working from home, they all might be working different hours; in this case, you can allow end users to skip deployment and scheduled reboots. This will give them the liberty to install updates at their convenience and avoid disrupting their work. Our patch management products come with options for user-defined deployment and reboot.
  • Most organizations are deploying patches using a VPN. To stop patch tasks from eating up your VPN bandwidth, install Critical patches and security updates first. You might want to hold off on deploying feature packs and cumulative updates since they are bulky updates and consume a lot of bandwidth.
  • Schedule the non-security updates and security updates that are not rated Critical to be deployed after Patch Tuesday, such as during the third or fourth week of the month. You can also choose to decline certain updates if you feel they are not required in your environment.
  • Run patch reports to get a detailed view of the health status of your endpoints.
  • For machines belonging to users returning to the office after working remotely, check if they are compliant with your security policies. If not, quarantine them. Install the latest updates and feature packs before deeming your back-to-office machines fit for production. Take inventory of and remove apps that are now obsolete for your back-to-office machines, like remote collaboration software.

With Endpoint Central, Patch Manager Plus, or Vulnerability Manager Plus, you can completely automate the entire process of patch management, from testing patches to deploying them. You can also tailor patch tasks according to your current needs. For a hands-on experience with either of these products, try a free, 30-day trial and keep thousands of applications patched and secure.

Want to learn more about Patch Tuesday updates? Join our experts as they break down this month’s Patch Tuesday updates and offer in-depth analysis. You can also ask our experts questions and get answers to all your Patch Tuesday questions. Register for our free Patch Tuesday webinar.

Ready, get set, patch!