Microsoft Zero Day Vulnerabilities Exploited: Urgent Patch Required

Duane Mitchell • August 19, 2024

Microsoft’s August Patch Tuesday revealed significant security vulnerabilities. The update addressed 90 Common Vulnerabilities and Exposures (CVEs), some of which were already being exploited by attackers. This monthly security update is crucial for maintaining the integrity of Microsoft’s software ecosystem.

The patches covered a wide range of issues, including vulnerabilities in Microsoft Edge and other browsers based on the Chromium engine. These flaws highlight the importance of regular updates for all internet-connected devices and software. Users and system administrators should prioritize applying these patches to protect against potential cyber threats.

Key Takeaways

  • Microsoft’s August update fixed 90 security vulnerabilities
  • Some flaws were already being actively exploited by attackers
  • Browser-related vulnerabilities affect multiple platforms, emphasizing the need for prompt updates

Actively Exploited Security Flaws

 

Six critical security flaws in Windows systems were actively exploited by hackers. These zero-day vulnerabilities allowed attackers to gain elevated privileges, execute remote code, and bypass security measures.

 

The flaws affected various Windows components:

  • Windows kernel
  • Power Dependency Coordinator
  • Edge browser (Internet Explorer Mode)
  • Microsoft Office Project
  • Windows system privileges
  • SmartScreen protection

Attackers could potentially gain SYSTEM-level access, run malicious code remotely, and circumvent download warnings. The vulnerabilities ranged from privilege escalation to remote code execution.

 

Organizations should prioritize patching these flaws to protect against targeted attacks. Proper vulnerability management is crucial to mitigate risks from such exploits. IT teams must stay vigilant and apply security updates promptly to safeguard Windows systems and associated applications.

 

Two critical vulnerabilities identified by NIST

The National Institute of Standards and Technology (NIST) has labeled two vulnerabilities as critical in this month’s security update. These flaws pose significant risks and require immediate attention.

The first critical vulnerability allows remote code execution through a Pragmatic General Multicast port. This flaw could let attackers run malicious code on affected systems from a distance.

The second critical issue involves remote code execution via malicious IPv6 packets. Repeated sending of these packets could compromise system security.

A third noteworthy vulnerability lacks a patch currently. It deals with privilege escalation in Windows Update. Microsoft suggests auditing user access to objects, operations, and files as a temporary fix.

IT teams should:

  • Apply patches for the two critical flaws promptly
  • Follow Microsoft’s mitigation guidance for the unpatchable vulnerability
  • Use the Exchange Emergency Mitigation Service where applicable
  • Regularly check for updates on these and other security issues

 

Prompt action can help protect systems from potential exploits targeting these vulnerabilities.

 

Chromium-Based Flaws Affect Popular Browsers

Several vulnerabilities in Chromium, the open-source software that powers popular web browsers, have been identified. These flaws impact both Microsoft Edge and Google Chrome users worldwide.

The issues range from memory problems to implementation weaknesses:

  • Out-of-bounds memory access in ANGLE graphics engine
  • Use-after-free exploit on iOS Chrome
  • Heap buffer overflow in Layout
  • V8 engine vulnerabilities
  • WebAudio use-after-free exploit
  • HTML-based memory corruption in Edge
  • Remote code execution flaw in Edge

These vulnerabilities could allow attackers to run malicious code on affected systems. Proper detection and timely disclosure of such flaws are crucial for user safety.

To protect against these threats, users should:

  1. Update browsers regularly
  2. Enable automatic updates
  3. Be cautious when visiting unfamiliar websites
  4. Use security software for added protection

IT administrators should prioritize patching these vulnerabilities across their organizations to minimize risk exposure.

Keep Your Software Current

Staying on top of software updates is crucial for security. Install the latest patches for your browsers and operating systems right away. These fix known problems and protect against new threats.

 

For Microsoft Edge:

 

  1. Click the “…” menu
  2. Select “Help and feedback”
  3. Choose “About Microsoft Edge”

 

For Google Chrome:

 

  1. Click the three-dot menu
  2. Go to “Help”
  3. Select “About Google Chrome”

Both browsers will check for and install updates automatically.

 

Windows users should turn on automatic updates:

 

  1. Open Settings
  2. Go to “Windows Update”
  3. Enable “Automatic Updates”

This ensures you get critical fixes as soon as they’re available. Keeping software current is one of the easiest ways to improve your digital security.

Common Questions About Microsoft Zero-Day Vulnerabilities

Ways to Lower Risks from New Microsoft Security Flaws

Microsoft suggests updating software right away. Turn on automatic updates. Use antivirus programs. Be careful with email attachments and links. Back up important files often. IT teams should check for strange network activity.

Protecting Windows Systems from Unknown Threats

 

Install security patches quickly. Use Microsoft Defender Application Guard to isolate risky apps. Keep all software up-to-date. Use strong passwords and two-factor login. Be wary of suspicious emails or pop-ups.

 

Effects on Company Cybersecurity Plans

 

Companies must act fast when flaws are found. They need plans to patch systems quickly. Better network monitoring helps spot attacks. Employee training on cyber risks is key. Some firms may need outside security help .

 

Impact on Businesses and Home Users

Hackers may steal data or break into networks. Computers could run slow or crash. Important files might be lost. Online accounts could be at risk. Extra IT work is needed to protect systems. Some business tasks may be delayed for security fixes.

Key Points for IT Staff on Recent Security Updates

 

Check which systems need patches. Test updates before wide use. Watch for signs of attacks. Use Microsoft’s security guides. Keep an eye out for more info on the flaws. Plan for possible service disruptions during patching.

 

Building better solutions for better business®

By Duane Mitchell April 4, 2025
Cisco has issued a critical security alert about a backdoor administrative account in its Smart Licensing Utility (CSLU) that hackers are actively exploiting. This vulnerability allows unauthorized users to gain administrative access to unpatched systems, potentially leading to serious security breaches. The critical flaw (CVE-2023-20198) involves undocumented static admin credentials that give attackers remote administrative […]
By Duane Mitchell April 2, 2025
The U.S. tariffs on Canadian goods have disrupted trade dynamics, but they also present opportunities for Canadian businesses to capitalize on emerging niche markets. Here are some of the most promising areas: 1. High-Quality Apparel Canadian exports of wool suits, jackets, and outerwear are now less competitive in the U.S. market due to the 25% tariff. However, Canada’s expertise in high-quality, wool-based garments and specialized outerwear creates an opportunity to pivot toward premium markets in Europe, Asia , or domestic sales. This could also include diversifying into synthetic or cotton-based premium apparel to meet changing global demands [1]. 2. Alternative Trade Partnerships With the U.S. imposing higher tariffs, Canadian businesses can take advantage of trade agreements like CETA (Europe) and CPTPP (Asia-Pacific) to diversify markets. Products like agricultural goods, packaged food, and textiles are especially well-suited for export to these regions [4][7]. 3. Sustainable Packaging and Materials Canadian producers specializing in sustainable paper, plastics, and packaging can leverage U.S. tariffs on these products to expand within Canada and into other global markets. For instance, demand for eco-friendly, reusable packaging is rising, creating a niche for Canadian manufacturers to cater to both domestic and international sustainability goals [10]. 4. Potash and Agricultural Products Despite the 10-25% U.S. tariffs on Canadian potash, the country’s dominance in global potash production, essential for fertilizers, allows it to explore markets outside the U.S., such as Latin America or Asia. Additionally, agricultural export diversification, including premium grains and produce, can target untapped regions [5][6]. 5. Renewable Energy and Critical Minerals The 10% tariff on Canadian critical minerals and energy products provides impetus for Canada to bolster its renewable energy sector and implement value-added processing for minerals domestically. By investing in solar, wind, and battery production, Canadian companies can develop less U.S.-dependent supply chains while capturing growing global demand for green resources [4][9]. 6. Local Manufacturing and Innovation With tariffs disrupting supply chains, businesses can focus on domestic manufacturing of goods like steel, aluminum, and automotive components . Localization of production and innovation in advanced manufacturing (e.g., robotics and automation) will appeal to Canadian industries aiming to reduce U.S. reliance [6][7]. 7. Luxury and Artisanal Consumer Goods Canadian producers can focus on luxury and artisanal goods, including craft spirits, premium foods, and high-end furniture. Tariffs on U.S. competing goods like wine, spirits, and peanut butter create an opportunity for Canadian brands to replace these products in the domestic market [2][4]. 8. Technology & Software Development Canadian tech companies can position themselves as key players in logistics, supply chain management, and compliance software. As businesses adapt to tariff complexities, there is significant demand for digital solutions that improve efficiency and help navigate trade barriers [6][7]. 9. Tourism and Local Experiences With tariffs fostering national pride and encouraging "buy Canadian" sentiments, Canadian tourism—from nature-based experiences to cultural festivals—can draw more domestic and international visitors, adding value to the local economy [2]. 10. Specialized Support Services Legal, trade consulting, and financial advisory services focused on tariff navigation, market diversification, and supply chain diversification have growing potential. Canadian businesses will require assistance in aligning with new trade policies and global expansion strategies [7][8]. 11. Canada has introduced substantial financial relief and support programs to help businesses affected by tariffs: Export Development Programs: The CAD 5 billion Trade Impact Program offers funding to businesses seeking to reach new international markets, enabling small companies to compete globally [10][12]. Incentives for Innovation: Funding for technology startups and clean energy projects can help businesses innovate and grow amid economic uncertainty [11]. References: www.fibre2fashion.com Disaggregated Analysis of US Tariffs on Canadian Apparel Exports www.canada.ca Canada's Response to US Tariffs www.wernerantweiler.ca Blog Post on Tariff Impacts www.bdo.ca Trade Turmoil: United States Tariffs and Canada's Next Moves www.thestarphoenix.com What You Need to Know About Tariffs on Potash www.doanegrantthornton.ca How New Tariffs Could Affect Canadian Businesses www.hicksmorley.com Tariffs Are Here: How Will They Impact Canadian Businesses? www.nationalpost.com Carney Pivots to Day of Meetings in Ottawa Before Latest Round of Trump Tariffs www.ey.com Canada Imposes New Tariffs on US Origin Products www.packagingdive.com Trump Tariffs on Canada, Mexico: Packaging, Paper, Plastic www.thepoultrysite.com Canada Commits Over C$6 Billion to Fight Impact of US Tariffs, Find New Markets www.canada.ca Canada's Response to US Tariffs www.sobirovs.com Tariffs' Impact on Business Opportunities in Canada
By Duane Mitchell March 8, 2025
The World of AI Ethics and Decision-Making Artificial intelligence has rapidly evolved from theoretical concepts to practical applications that impact our daily lives. Large language models (LLMs) like ChatGPT and other generative AI systems represent some of the most visible advancements in this field. These systems demonstrate impressive capabilities but also raise profound questions about […]