Microsoft’s August 2024 Patch Tuesday Addresses 88 CVEs

On August 13, Microsoft released its August 2024 Patch Tuesday release which patched 88 CVEs with 7 rated as critical and 80 rated as important.

This month’s released included patches for CVE-2024-38206, a Microsoft Copilot Studio Information Disclosure Vulnerability and CVE-2024-38109, an Azure Health Bot Elevation of Privilege Vulnerability, both of which were discovered and reported to Microsoft by Tenable researchers.

With Black Hat USA 2024 and DEF CON 32 occurring a week before the August 2024 Patch Tuesday, a number of vulnerabilities addressed this month were publicly disclosed in coordination with Microsoft at the events. This included CVE-2024-38202 and CVE-2024-21302 disclosed at Black Hat, pair of elevation of privilege vulnerabilities in the Windows Update Stack and Windows Secure Kernel Mode, respectively, that could be used in a downgrade attack to roll back software versions. At DEF CON CVE-2024-38200, a spoofing vulnerability in Microsoft Office that could result in remote code execution was also disclosed.

This month’s update includes patches for:

• .NET and Visual Studio
• Azure Connected Machine Agent
• Azure CycleCloud
• Azure Health Bot
• Azure IoT SDK
• Azure Stack
• Line Printer Daemon Service (LPD)
• Microsoft Bluetooth Driver
• Microsoft Copilot Studio
• Microsoft Dynamics
• Microsoft Edge (Chromium-based)
• Microsoft Local Security Authority Server (lsasrv)
• Microsoft Office
• Microsoft Office Excel
• Microsoft Office Outlook
• Microsoft Office PowerPoint
• Microsoft Office Project
• Microsoft Office Visio
• Microsoft Streaming Service
• Microsoft Teams
• Microsoft WDAC OLE DB provider for SQL
• Microsoft Windows DNS
• Reliable Multicast Transport Driver (RMCAST)
• Windows Ancillary Function Driver for WinSock
• Windows App Installer
• Windows Clipboard Virtual Channel Extension
• Windows Cloud Files Mini Filter Driver
• Windows Common Log File System Driver
• Windows Compressed Folder
• Windows Deployment Services
• Windows DWM Core Library
• Windows Initial Machine Configuration
• Windows IP Routing Management Snapin
• Windows Kerberos
• Windows Kernel
• Windows Kernel-Mode Drivers
• Windows Layer-2 Bridge Network Driver
• Windows Mark of the Web (MOTW)
• Windows Mobile Broadband
• Windows Network Address Translation (NAT)
• Windows Network Virtualization
• Windows NT OS Kernel
• Windows NTFS
• Windows Power Dependency Coordinator
• Windows Print Spooler Components
• Windows Resource Manager
• Windows Routing and Remote Access Service (RRAS)
• Windows Scripting
• Windows Secure Kernel Mode
• Windows Secure Kernel Mode
• Windows Security Center
• Windows SmartScreen
• Windows TCP/IP
• Windows Transport Security Layer (TLS)
• Windows Update Stack
• Windows WLAN Auto Config Service

For more information, please visit our blog.