Published: August 24, 2024 on our newsletter Security Fraud News & Alerts Newsletter.
It was a busy month for Microsoft developers who focus on patching issues for the Patch Tuesday updates. The August 13, 2024, Microsoft Patch Tuesday was a critical update event, addressing between 87 and 90 security-related vulnerabilities across various Microsoft products. The precise number depends on the report you read, but what is not disputed is that ten of them are for zero-day issues.
There are fixes for three publicly disclosed zero-day vulnerabilities and six that were not, but are believed to be actively exploited. One zero-day is still being addressed by the company. That one is CVE-2024-38202 - Windows Update Stack Elevation of Privilege Vulnerability.
In addition to the zero-day vulnerabilities, the Patch Tuesday update addressed a wide array of other security flaws across various Microsoft products, including Windows operating systems, Microsoft Office, .NET Framework, and Azure. Among the security-related vulnerabilities, some were classified as critical, while others were marked as important. These updates spanned several components, such as Windows Kernel, Remote Desktop Protocol (RDP), and Microsoft Exchange Server, each addressing vulnerabilities that could be exploited by attackers to compromise systems. Two of the zero-day issues involved Microsoft Office, where an attacker can succeed if a user opens a compromised file, likely through a phishing attack.
Phishing remains common and is a very successful tactic for cybercriminals. Watch out for the common signs of phishing:
Messages in any form from unknown senders
Unexpected links or attachments, regardless of the file type
Typos, grammatical mistakes, punctuation errors, and blurred or outdated graphics and images
Messages attempting to get you to take a quick action or there will be consequences
Given the active exploitation of the zero-day vulnerabilities, Microsoft strongly recommended that users and administrators prioritize the installation of these updates. Keeping systems up to date with the latest patches is essential to mitigating risks and ensuring robust security in an increasingly threat-laden digital environment.
Keep up to date: Sign up for our Fraud alerts and Updates newsletter
Want to schedule a conversation? Please email us at advisor@nadicent.com
Comments