Here's the complete list of all the vulnerabilities addressed with the Patch Tuesday August 2024 updates

Update your device as soon as possible.

Reading time icon 8 min. read


Readers help support Windows Report. We may get a commission if you buy through our links. Tooltip Icon

Read our disclosure page to find out how can you help Windows Report sustain the editorial team. Read more

Patch Tuesday August 2024

Microsoft’s latest Patch Tuesday for August 2024 addressed 90 vulnerabilities, including six zero-day exploits. Fortunately, the six actively exploited vulnerabilities were neutralized just in time.

Among the patched vulnerabilities, a mix of elevation of privilege, remote code execution, and information disclosure issues were addressed. The elevation of privilege flaws is particularly sneaky, allowing attackers to gain unauthorized access and control over a system, escalating from a mere visitor to having the same rights as the house owner. Remote code execution vulnerabilities, on the other hand, are like allowing someone to remotely control your computer, turning it into a puppet to perform malicious activities.

One of the zero-days, CVE-2024-38178, involved the Microsoft Edge browser in Internet Explorer Mode, a setting that brings users back to the days of Internet Explorer for compatibility reasons. This flaw could let attackers run malicious code on a victim’s computer just by visiting a compromised website.

Another critical issue, CVE-2024-38213, allowed malware to bypass Windows’ Mark of the Web security feature. This feature is like the digital equivalent of a “Beware of Dog” sign, warning users about the potential danger of files downloaded from the internet. Bypassing this could trick users into thinking a malicious file is safe, leading to trouble.

The updates didn’t stop at just fixing vulnerabilities. Microsoft also addressed issues in various products, including Office, .NET, Visual Studio, and Azure. It’s like conducting a full-scale operation to ensure every nook and cranny of your digital home is safe and secure.

Below is the complete list of all the vulnerabilities addressed with the Patch Tuesday, August 2024 pack:

TagCVE IDCVE TitleSeverity
.NET and Visual StudioCVE-2024-38168.NET and Visual Studio Denial of Service VulnerabilityImportant
.NET and Visual StudioCVE-2024-38167.NET and Visual Studio Information Disclosure VulnerabilityImportant
Azure Connected Machine AgentCVE-2024-38162Azure Connected Machine Agent Elevation of Privilege VulnerabilityImportant
Azure Connected Machine AgentCVE-2024-38098Azure Connected Machine Agent Elevation of Privilege VulnerabilityImportant
Azure CycleCloudCVE-2024-38195Azure CycleCloud Remote Code Execution VulnerabilityImportant
Azure Health BotCVE-2024-38109Azure Health Bot Elevation of Privilege VulnerabilityCritical
Azure IoT SDKCVE-2024-38158Azure IoT SDK Remote Code Execution VulnerabilityImportant
Azure IoT SDKCVE-2024-38157Azure IoT SDK Remote Code Execution VulnerabilityImportant
Azure StackCVE-2024-38108Azure Stack Hub Spoofing VulnerabilityImportant
Azure StackCVE-2024-38201Azure Stack Hub Elevation of Privilege VulnerabilityImportant
Line Printer Daemon Service (LPD)CVE-2024-38199Windows Line Printer Daemon (LPD) Service Remote Code Execution VulnerabilityImportant
Microsoft Bluetooth DriverCVE-2024-38123Windows Bluetooth Driver Information Disclosure VulnerabilityImportant
Microsoft Copilot StudioCVE-2024-38206Microsoft Copilot Studio Information Disclosure VulnerabilityCritical
Microsoft DynamicsCVE-2024-38166Microsoft Dynamics 365 Cross-site Scripting VulnerabilityCritical
Microsoft DynamicsCVE-2024-38211Microsoft Dynamics 365 (on-premises) Cross-site Scripting VulnerabilityImportant
Microsoft Edge (Chromium-based)CVE-2024-7256Chromium: CVE-2024-7256 Insufficient data validation in DawnUnknown
Microsoft Edge (Chromium-based)CVE-2024-7536Chromium: CVE-2024-7550 Type Confusion in V8Unknown
Microsoft Edge (Chromium-based)CVE-2024-6990Chromium: CVE-2024-6990 Uninitialized Use in DawnUnknown
Microsoft Edge (Chromium-based)CVE-2024-7255Chromium: CVE-2024-7255 Out of bounds read in WebTransportUnknown
Microsoft Edge (Chromium-based)CVE-2024-7534Chromium: CVE-2024-7535 Inappropriate implementation in V8Unknown
Microsoft Edge (Chromium-based)CVE-2024-7532Chromium: CVE-2024-7533 Use after free in SharingUnknown
Microsoft Edge (Chromium-based)CVE-2024-7550Chromium: CVE-2024-7532 Out of bounds memory access in ANGLEUnknown
Microsoft Edge (Chromium-based)CVE-2024-7535Chromium: CVE-2024-7536 Use after free in WebAudioUnknown
Microsoft Edge (Chromium-based)CVE-2024-7533Chromium: CVE-2024-7534 Heap buffer overflow in LayoutUnknown
Microsoft Edge (Chromium-based)CVE-2024-38218Microsoft Edge (HTML-based) Memory Corruption VulnerabilityImportant
Microsoft Edge (Chromium-based)CVE-2024-38219Microsoft Edge (Chromium-based) Remote Code Execution VulnerabilityModerate
Microsoft Edge (Chromium-based)CVE-2024-38222Microsoft Edge (Chromium-based) Information Disclosure VulnerabilityUnknown
Microsoft Local Security Authority Server (lsasrv)CVE-2024-38118Microsoft Local Security Authority (LSA) Server Information Disclosure VulnerabilityImportant
Microsoft Local Security Authority Server (lsasrv)CVE-2024-38122Microsoft Local Security Authority (LSA) Server Information Disclosure VulnerabilityImportant
Microsoft OfficeCVE-2024-38200Microsoft Office Spoofing VulnerabilityImportant
Microsoft OfficeCVE-2024-38084Microsoft OfficePlus Elevation of Privilege VulnerabilityImportant
Microsoft Office ExcelCVE-2024-38172Microsoft Excel Remote Code Execution VulnerabilityImportant
Microsoft Office ExcelCVE-2024-38170Microsoft Excel Remote Code Execution VulnerabilityImportant
Microsoft Office OutlookCVE-2024-38173Microsoft Outlook Remote Code Execution VulnerabilityImportant
Microsoft Office PowerPointCVE-2024-38171Microsoft PowerPoint Remote Code Execution VulnerabilityImportant
Microsoft Office ProjectCVE-2024-38189Microsoft Project Remote Code Execution VulnerabilityImportant
Microsoft Office VisioCVE-2024-38169Microsoft Office Visio Remote Code Execution VulnerabilityImportant
Microsoft Streaming ServiceCVE-2024-38134Kernel Streaming WOW Thunk Service Driver Elevation of Privilege VulnerabilityImportant
Microsoft Streaming ServiceCVE-2024-38144Kernel Streaming WOW Thunk Service Driver Elevation of Privilege VulnerabilityImportant
Microsoft Streaming ServiceCVE-2024-38125Kernel Streaming WOW Thunk Service Driver Elevation of Privilege VulnerabilityImportant
Microsoft TeamsCVE-2024-38197Microsoft Teams for iOS Spoofing VulnerabilityImportant
Microsoft WDAC OLE DB provider for SQLCVE-2024-38152Windows OLE Remote Code Execution VulnerabilityImportant
Microsoft Windows DNSCVE-2024-37968Windows DNS Spoofing VulnerabilityImportant
Reliable Multicast Transport Driver (RMCAST)CVE-2024-38140Windows Reliable Multicast Transport Driver (RMCAST) Remote Code Execution VulnerabilityCritical
Windows Ancillary Function Driver for WinSockCVE-2024-38141Windows Ancillary Function Driver for WinSock Elevation of Privilege VulnerabilityImportant
Windows Ancillary Function Driver for WinSockCVE-2024-38193Windows Ancillary Function Driver for WinSock Elevation of Privilege VulnerabilityImportant
Windows App InstallerCVE-2024-38177Windows App Installer Spoofing VulnerabilityImportant
Windows Clipboard Virtual Channel ExtensionCVE-2024-38131Clipboard Virtual Channel Extension Remote Code Execution VulnerabilityImportant
Windows Cloud Files Mini Filter DriverCVE-2024-38215Windows Cloud Files Mini Filter Driver Elevation of Privilege VulnerabilityImportant
Windows Common Log File System DriverCVE-2024-38196Windows Common Log File System Driver Elevation of Privilege VulnerabilityImportant
Windows Compressed FolderCVE-2024-38165Windows Compressed Folder Tampering VulnerabilityImportant
Windows Deployment ServicesCVE-2024-38138Windows Deployment Services Remote Code Execution VulnerabilityImportant
Windows DWM Core LibraryCVE-2024-38150Windows DWM Core Library Elevation of Privilege VulnerabilityImportant
Windows DWM Core LibraryCVE-2024-38147Microsoft DWM Core Library Elevation of Privilege VulnerabilityImportant
Windows Initial Machine ConfigurationCVE-2024-38223Windows Initial Machine Configuration Elevation of Privilege VulnerabilityImportant
Windows IP Routing Management SnapinCVE-2024-38114Windows IP Routing Management Snapin Remote Code Execution VulnerabilityImportant
Windows IP Routing Management SnapinCVE-2024-38116Windows IP Routing Management Snapin Remote Code Execution VulnerabilityImportant
Windows IP Routing Management SnapinCVE-2024-38115Windows IP Routing Management Snapin Remote Code Execution VulnerabilityImportant
Windows KerberosCVE-2024-29995Windows Kerberos Elevation of Privilege VulnerabilityImportant
Windows KernelCVE-2024-38151Windows Kernel Information Disclosure VulnerabilityImportant
Windows KernelCVE-2024-38133Windows Kernel Elevation of Privilege VulnerabilityImportant
Windows KernelCVE-2024-38127Windows Hyper-V Elevation of Privilege VulnerabilityImportant
Windows KernelCVE-2024-38153Windows Kernel Elevation of Privilege VulnerabilityImportant
Windows KernelCVE-2024-38106Windows Kernel Elevation of Privilege VulnerabilityImportant
Windows Kernel-Mode DriversCVE-2024-38187Windows Kernel-Mode Driver Elevation of Privilege VulnerabilityImportant
Windows Kernel-Mode DriversCVE-2024-38191Kernel Streaming Service Driver Elevation of Privilege VulnerabilityImportant
Windows Kernel-Mode DriversCVE-2024-38184Windows Kernel-Mode Driver Elevation of Privilege VulnerabilityImportant
Windows Kernel-Mode DriversCVE-2024-38186Windows Kernel-Mode Driver Elevation of Privilege VulnerabilityImportant
Windows Kernel-Mode DriversCVE-2024-38185Windows Kernel-Mode Driver Elevation of Privilege VulnerabilityImportant
Windows Layer-2 Bridge Network DriverCVE-2024-38146Windows Layer-2 Bridge Network Driver Denial of Service VulnerabilityImportant
Windows Layer-2 Bridge Network DriverCVE-2024-38145Windows Layer-2 Bridge Network Driver Denial of Service VulnerabilityImportant
Windows Mark of the Web (MOTW)CVE-2024-38213Windows Mark of the Web Security Feature Bypass VulnerabilityModerate
Windows Mobile BroadbandCVE-2024-38161Windows Mobile Broadband Driver Remote Code Execution VulnerabilityImportant
Windows Network Address Translation (NAT)CVE-2024-38132Windows Network Address Translation (NAT) Denial of Service VulnerabilityImportant
Windows Network Address Translation (NAT)CVE-2024-38126Windows Network Address Translation (NAT) Denial of Service VulnerabilityImportant
Windows Network VirtualizationCVE-2024-38160Windows Network Virtualization Remote Code Execution VulnerabilityCritical
Windows Network VirtualizationCVE-2024-38159Windows Network Virtualization Remote Code Execution VulnerabilityCritical
Windows NT OS KernelCVE-2024-38135Windows Resilient File System (ReFS) Elevation of Privilege VulnerabilityImportant
Windows NTFSCVE-2024-38117NTFS Elevation of Privilege VulnerabilityImportant
Windows Power Dependency CoordinatorCVE-2024-38107Windows Power Dependency Coordinator Elevation of Privilege VulnerabilityImportant
Windows Print Spooler ComponentsCVE-2024-38198Windows Print Spooler Elevation of Privilege VulnerabilityImportant
Windows Resource ManagerCVE-2024-38137Windows Resource Manager PSM Service Extension Elevation of Privilege VulnerabilityImportant
Windows Resource ManagerCVE-2024-38136Windows Resource Manager PSM Service Extension Elevation of Privilege VulnerabilityImportant
Windows Routing and Remote Access Service (RRAS)CVE-2024-38130Windows Routing and Remote Access Service (RRAS) Remote Code Execution VulnerabilityImportant
Windows Routing and Remote Access Service (RRAS)CVE-2024-38128Windows Routing and Remote Access Service (RRAS) Remote Code Execution VulnerabilityImportant
Windows Routing and Remote Access Service (RRAS)CVE-2024-38154Windows Routing and Remote Access Service (RRAS) Remote Code Execution VulnerabilityImportant
Windows Routing and Remote Access Service (RRAS)CVE-2024-38121Windows Routing and Remote Access Service (RRAS) Remote Code Execution VulnerabilityImportant
Windows Routing and Remote Access Service (RRAS)CVE-2024-38214Windows Routing and Remote Access Service (RRAS) Information Disclosure VulnerabilityImportant
Windows Routing and Remote Access Service (RRAS)CVE-2024-38120Windows Routing and Remote Access Service (RRAS) Remote Code Execution VulnerabilityImportant
Windows ScriptingCVE-2024-38178Scripting Engine Memory Corruption VulnerabilityImportant
Windows Secure BootCVE-2022-3775Redhat: CVE-2022-3775 grub2 – Heap based out-of-bounds write when rendering certain Unicode sequencesCritical
Windows Secure BootCVE-2023-40547Redhat: CVE-2023-40547 Shim – RCE in HTTP boot support may lead to secure boot bypassCritical
Windows Secure BootCVE-2022-2601Redhat: CVE-2022-2601 grub2 – Buffer overflow in grub_font_construct_glyph() can lead to out-of-bound write and possible secure boot bypassImportant
Windows Secure Kernel ModeCVE-2024-21302Windows Secure Kernel Mode Elevation of Privilege VulnerabilityImportant
Windows Secure Kernel ModeCVE-2024-38142Windows Secure Kernel Mode Elevation of Privilege VulnerabilityImportant
Windows Security CenterCVE-2024-38155Security Center Broker Information Disclosure VulnerabilityImportant
Windows SmartScreenCVE-2024-38180Windows SmartScreen Security Feature Bypass VulnerabilityImportant
Windows TCP/IPCVE-2024-38063Windows TCP/IP Remote Code Execution VulnerabilityCritical
Windows Transport Security Layer (TLS)CVE-2024-38148Windows Secure Channel Denial of Service VulnerabilityImportant
Windows Update StackCVE-2024-38202Windows Update Stack Elevation of Privilege VulnerabilityImportant
Windows Update StackCVE-2024-38163Windows Update Stack Elevation of Privilege VulnerabilityImportant
Windows WLAN Auto Config ServiceCVE-2024-38143Windows WLAN AutoConfig Service Elevation of Privilege VulnerabilityImportant

All of these fixes were released with the latest Patch Tuesday pack of August 2024, which was released for the different versions of Windows. For instance, Windows 11 24H2 got the KB5041571 patch; Windows 11 23H2 and 22H2 got the KB5041585 patch; and Windows 10 got the KB5041580 patch.

More about the topics: microsoft, windows 10, Windows 11

User forum

0 messages