IT administrators and security teams were in for a surprise this summer as Microsoft released a Patch Tuesday update addressing six zero-day vulnerabilities actively exploited by malicious actors. Alongside these critical issues, nine other flaws, including third-party vulnerabilities from Red Hat, were also disclosed.
While none of the critical flaws are zero-days, they still pose a significant risk. With over 100 fixes in this month’s update, including third-party patches, IT teams will be kept busy addressing these vulnerabilities.
Rapid7 lead software engineer, Adam Barnett, highlighted the severity of the situation, stating that Microsoft has evidence of in-the-wild exploitation or public disclosure for 10 of the vulnerabilities. This is a higher number than usual and includes critical remote code execution vulnerabilities.
Chris Goettl, Ivanti vice president of security products, emphasized the importance of updating Windows and Office to mitigate the risks associated with these vulnerabilities. He pointed out that while some vulnerabilities, like CVE-2024-38189, could be mitigated with proper security settings, updating software is crucial to reduce exposure.
Among the zero-days addressed in the update, CVE-2024-38189 stands out as it allows attackers to execute arbitrary code on victim systems. Goettl advised prioritizing the update for Office installations to reduce the risk.
Looking at the publicly disclosed vulnerabilities, Scott Caveza, staff research engineer at Tenable, highlighted CVE-2024-38202 and CVE-2024-21302 as particularly concerning. These vulnerabilities could potentially allow attackers to downgrade or rollback software updates, increasing the attack surface of devices.
CVE-2024-38200, another disclosed vulnerability, could expose NTLM hashes to remote attackers, potentially leading to NTLM relay attacks. Caveza warned of the risks associated with this vulnerability and the need for immediate attention.
Overall, this Patch Tuesday update presents significant challenges for IT teams, with a higher number of critical vulnerabilities than usual. Prioritizing patching and updating systems is crucial to mitigating the risks posed by these security flaws.
