Windows users must update by September 3, CISA says
Microsoft has released the monthly round of Patch Tuesday security updates, addressing a total of 90 vulnerabilities within the Windows ecosystem. The Microsoft Security Response Center has reported that five of these Windows vulnerabilities are currently under active cyber attacks. These critical zero-day security issues have prompted the U.S. Cybersecurity and Infrastructure Security Agency to list them in the Known Exploited Vulnerabilities Catalog, mandating an update compliance by September 3.
While the September 3 deadline from CISA, set three weeks after adding the Windows zero-day vulnerabilities to the KEV catalog, specifically targets certain federal civilian executive branch agencies as required by U.S. Government Binding Operational Directive 22-01, this does not exempt other groups, including the general public, from responsibility. CISA has made it clear that the KEV catalog is intended to assist the entire cybersecurity community and network defenders. This is a call to action for all organizations and individual users to update their systems to mitigate these vulnerabilities. For most individual consumers, this usually means applying the latest Patch Tuesday security updates promptly. Organizations, particularly those that need to conduct tests before updates can go live, should also pay close attention to the KEV catalog as part of their patch management prioritization process to avoid potential complications, such as the infamous CrowdStrike blue screens of death.
Prioritize patching for known exploits
CVE-2024-38178 is a Windows scripting engine memory corruption vulnerability which could allow an attacker to initiate remote code execution on the affected system. This zero-day is rated 7.6 with a severity of important, affecting Windows 10, Windows 11 as well as Windows Server 2012 and later. “The attacker would need to prepare the target so that it would use Edge in Internet Explorer Mode to execute a specially crafted file,” Chris Goettl, vice president of security product management at Ivanti, said, “risk-based guidance would treat this update as a higher severity than important and to remediate as soon as possible.”
CVE-2024-38213 is a Windows ‘Mark of the Web’ security feature bypass vulnerability that could enable an attacker to bypass SmartScreen user protection on Windows 10, Windows 11 as well as Windows Server 2012 and later. “This feature is designed as an extra layer of defence-in-depth by marking files that are downloaded from the internet as untrusted,” Kev Breen, senior director cyber threat research at Immersive Labs, said. “This vulnerability is not exploitable on its own,” Breen advised, “and is typically seen as part of an exploit chain, for example, modifying a malicious document or exe file to include this bypass before sending the file via email or distributing on compromised websites.”
CVE-2024-38193 is an elevation of privilege vulnerability in the Windows ancillary function driver for WinSock, affecting Windows 10, Windows 11 and Windows Server 2008 and later. “Successful exploitation is via a use-after-free memory management bug, and could lead to SYSTEM privileges,” Adam Barnett, lead software engineer with Rapid7, said. “The advisory doesn’t provide further clues, but with existing in-the-wild exploitation, low attack complexity, no user interaction involved, and low privileges required, this is one to patch immediately to keep malware at bay.”
CVE-2024-38106 is a Windows kernel elevation of privilege vulnerability affecting Windows 10, Windows 11 and Windows Server 2016 and later. “This vulnerability arises when sensitive data is stored in memory that lacks adequate protection,” Mike Walters, president and co-founder of Action1, said, “permitting a low-privileged attacker to manipulate the memory content and escalate their privileges to the SYSTEM level.” The good news is that there is quite a challenge in exploiting this one, that being “the necessity to exploit the race condition with precise timing,” Walters said, “aiming to gain control over the memory before it is securely locked or accessed.”
CVE-2024-38107 is a use-after-free elevation of privilege vulnerability affecting the Windows power dependency coordinator. Impacting Windows 10, Windows 11, and Windows 2012 or later, this zero-day vulnerability “occurs when a program continues to use a pointer to memory after it has been freed,” Walters said, “potentially leading to arbitrary code execution or system control.” An attacker would need local access to the target machine, with low privileges, but the impacts of successful exploitation are significant according to Walters: “This elevated access could be used to disable security mechanisms, deploy additional malware, or facilitate lateral movement within the network.”
One Community. Many Voices. Create a free account to share your thoughts.
Our community is about connecting people through open and thoughtful conversations. We want our readers to share their views and exchange ideas and facts in a safe space.
In order to do so, please follow the posting rules in our site’s Terms of Service. We’ve summarized some of those key rules below. Simply put, keep it civil.
Your post will be rejected if we notice that it appears to include:
User accounts will be blocked if we notice or believe that users are engaged in:
So, how can you be a power user?
Thanks for reading our community guidelines. Please read the full list of posting rules found in our site’s Terms of Service.
Hudson Valley Host is premier provider of cutting-edge hosting solutions, specializing in delivering a seamless online experience for businesses and individuals. We offer a comprehensive range of hosting services, including Shared Hosting, VPS, Dedicated Servers, and Colocation. With 24/7 technical support, robust security measures, and user-friendly control panels, we empower clients in managing their online presence effortlessly. Hudson Valley Host is your trusted partner in achieving online success.
For Inquiries or to receive a personalized quote, please reach out to us through our contact form here or email us at sales@hudsonvalleyhost.com.
