Microsoft Vulnerabilities

Code Execution and More

Key Details:

1. Number of Vulnerabilities:

   • 102 vulnerabilities addressed, including nine critical and 77 important severity vulnerabilities (Qualys Security Blog).

2. Zero-Day Vulnerabilities:

   • Six actively exploited zero-day vulnerabilities:

     • CVE-2024-38106: Windows Kernel Elevation of Privilege Vulnerability.

     • CVE-2024-38107: Windows Power Dependency Coordinator Elevation of Privilege Vulnerability.

     • CVE-2024-38178: Scripting Engine Memory Corruption Vulnerability.

     • CVE-2024-38189: Microsoft Project Remote Code Execution Vulnerability.

     • CVE-2024-38193: Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability.

     • CVE-2024-38213: Windows SmartScreen Security Feature Bypass Vulnerability (Krebs on SecurityBleepingComputer).

3. Critical Vulnerabilities:

   • CVE-2024-38206: Microsoft Copilot Studio Information Disclosure Vulnerability.

   • CVE-2024-38109: Azure Health Bot Elevation of Privilege Vulnerability (Tenable®).

4. Affected Products:

   • Windows, Microsoft Office, .NET, Visual Studio, Azure, Microsoft Dynamics, Teams, Secure Boot, and more (Qualys Security BlogCISA).

5. Update Installation:

   • Users are advised to install updates via Windows Update, Microsoft Update, or the Microsoft Update Catalog (Microsoft SupportMicrosoft Support).

Additional Information:

• Microsoft Office Updates:

  • Security updates for various Office products, including Office 2016, SharePoint Server, and more (Microsoft SupportMS Learn).

• Windows Server 2022:

  • Update KB5041160 addresses several security issues, including Remote Desktop Session Host (RDSH) connectivity issues and memory leaks in Windows Defender Application Control (WDAC) (Microsoft Support).

For more detailed information, refer to the Microsoft Security Update Guide and the CISA advisory.