Microsoft Zero Day Vulnerabilities Exploited: Urgent Patch Required

Duane Mitchell • August 19, 2024

Microsoft’s August Patch Tuesday revealed significant security vulnerabilities. The update addressed 90 Common Vulnerabilities and Exposures (CVEs), some of which were already being exploited by attackers. This monthly security update is crucial for maintaining the integrity of Microsoft’s software ecosystem.

The patches covered a wide range of issues, including vulnerabilities in Microsoft Edge and other browsers based on the Chromium engine. These flaws highlight the importance of regular updates for all internet-connected devices and software. Users and system administrators should prioritize applying these patches to protect against potential cyber threats.

Key Takeaways

  • Microsoft’s August update fixed 90 security vulnerabilities
  • Some flaws were already being actively exploited by attackers
  • Browser-related vulnerabilities affect multiple platforms, emphasizing the need for prompt updates

Actively Exploited Security Flaws

 

Six critical security flaws in Windows systems were actively exploited by hackers. These zero-day vulnerabilities allowed attackers to gain elevated privileges, execute remote code, and bypass security measures.

 

The flaws affected various Windows components:

  • Windows kernel
  • Power Dependency Coordinator
  • Edge browser (Internet Explorer Mode)
  • Microsoft Office Project
  • Windows system privileges
  • SmartScreen protection

Attackers could potentially gain SYSTEM-level access, run malicious code remotely, and circumvent download warnings. The vulnerabilities ranged from privilege escalation to remote code execution.

 

Organizations should prioritize patching these flaws to protect against targeted attacks. Proper vulnerability management is crucial to mitigate risks from such exploits. IT teams must stay vigilant and apply security updates promptly to safeguard Windows systems and associated applications.

 

Two critical vulnerabilities identified by NIST

The National Institute of Standards and Technology (NIST) has labeled two vulnerabilities as critical in this month’s security update. These flaws pose significant risks and require immediate attention.

The first critical vulnerability allows remote code execution through a Pragmatic General Multicast port. This flaw could let attackers run malicious code on affected systems from a distance.

The second critical issue involves remote code execution via malicious IPv6 packets. Repeated sending of these packets could compromise system security.

A third noteworthy vulnerability lacks a patch currently. It deals with privilege escalation in Windows Update. Microsoft suggests auditing user access to objects, operations, and files as a temporary fix.

IT teams should:

  • Apply patches for the two critical flaws promptly
  • Follow Microsoft’s mitigation guidance for the unpatchable vulnerability
  • Use the Exchange Emergency Mitigation Service where applicable
  • Regularly check for updates on these and other security issues

 

Prompt action can help protect systems from potential exploits targeting these vulnerabilities.

 

Chromium-Based Flaws Affect Popular Browsers

Several vulnerabilities in Chromium, the open-source software that powers popular web browsers, have been identified. These flaws impact both Microsoft Edge and Google Chrome users worldwide.

The issues range from memory problems to implementation weaknesses:

  • Out-of-bounds memory access in ANGLE graphics engine
  • Use-after-free exploit on iOS Chrome
  • Heap buffer overflow in Layout
  • V8 engine vulnerabilities
  • WebAudio use-after-free exploit
  • HTML-based memory corruption in Edge
  • Remote code execution flaw in Edge

These vulnerabilities could allow attackers to run malicious code on affected systems. Proper detection and timely disclosure of such flaws are crucial for user safety.

To protect against these threats, users should:

  1. Update browsers regularly
  2. Enable automatic updates
  3. Be cautious when visiting unfamiliar websites
  4. Use security software for added protection

IT administrators should prioritize patching these vulnerabilities across their organizations to minimize risk exposure.

Keep Your Software Current

Staying on top of software updates is crucial for security. Install the latest patches for your browsers and operating systems right away. These fix known problems and protect against new threats.

 

For Microsoft Edge:

 

  1. Click the “…” menu
  2. Select “Help and feedback”
  3. Choose “About Microsoft Edge”

 

For Google Chrome:

 

  1. Click the three-dot menu
  2. Go to “Help”
  3. Select “About Google Chrome”

Both browsers will check for and install updates automatically.

 

Windows users should turn on automatic updates:

 

  1. Open Settings
  2. Go to “Windows Update”
  3. Enable “Automatic Updates”

This ensures you get critical fixes as soon as they’re available. Keeping software current is one of the easiest ways to improve your digital security.

Common Questions About Microsoft Zero-Day Vulnerabilities

Ways to Lower Risks from New Microsoft Security Flaws

Microsoft suggests updating software right away. Turn on automatic updates. Use antivirus programs. Be careful with email attachments and links. Back up important files often. IT teams should check for strange network activity.

Protecting Windows Systems from Unknown Threats

 

Install security patches quickly. Use Microsoft Defender Application Guard to isolate risky apps. Keep all software up-to-date. Use strong passwords and two-factor login. Be wary of suspicious emails or pop-ups.

 

Effects on Company Cybersecurity Plans

 

Companies must act fast when flaws are found. They need plans to patch systems quickly. Better network monitoring helps spot attacks. Employee training on cyber risks is key. Some firms may need outside security help .

 

Impact on Businesses and Home Users

Hackers may steal data or break into networks. Computers could run slow or crash. Important files might be lost. Online accounts could be at risk. Extra IT work is needed to protect systems. Some business tasks may be delayed for security fixes.

Key Points for IT Staff on Recent Security Updates

 

Check which systems need patches. Test updates before wide use. Watch for signs of attacks. Use Microsoft’s security guides. Keep an eye out for more info on the flaws. Plan for possible service disruptions during patching.

 

Building better solutions for better business®

By Duane Mitchell March 8, 2025
The World of AI Ethics and Decision-Making Artificial intelligence has rapidly evolved from theoretical concepts to practical applications that impact our daily lives. Large language models (LLMs) like ChatGPT and other generative AI systems represent some of the most visible advancements in this field. These systems demonstrate impressive capabilities but also raise profound questions about […]
By Duane Mitchell February 7, 2025
Current Privacy Battle The UK government ordered Apple to create a global encryption backdoor that would give access to all users’ iCloud data worldwide. This marks a major shift in the ongoing debate between tech companies and governments over encryption and privacy rights. British officials demanded access through a technical capability notice under the Investigatory […]
By Duane Mitchell January 29, 2025
Cloud security is a critical concern for modern businesses. As more companies move their operations to the cloud, protecting sensitive data becomes increasingly important. Cloud security involves the tools, processes, and practices used to safeguard data, applications, and infrastructure in cloud computing systems. Business owners need to understand the basics of cloud security to protect […]
Share by: