CVE-2024-37968

Insufficient Verification of Data Authenticity (CWE-345)

Published: Aug 13, 2024

For more information, see Windows Server End of Support: Key Dates . After installing the Windows update released on or after July 9, 2024, Windows Servers might affect Remote Desktop Connectivity across an organization.

Classification: Critical, Solution: Official Fix, Exploit Maturity: High, CVSSv3.1: 9.8, CVEs: CVE-2024-21302, CVE-2024-29995, CVE-2024-37968, CVE-2024-38063, CVE-2024-38084, CVE-2024-38098, CVE-2024-38106, CVE-2024-38107, CVE-2024-38108, CVE-2024-38109, CVE-2024-38114, CVE-2024-38115, CVE-2024-38116, CVE-2024-38117, CVE-2024-38118, CVE-2024-38120, CVE-2024-38121, CVE-2024-38122, CVE-2024-38123, CVE-2024-38125 (+82 other associated CVEs), Summary: https://www.bleepingcomputer.com/news/microsoft/microsoft-august-2024-patch-tuesday-fixes-9-zero-days-6-exploited/ Today is Microsoft's August 2024 Patch Tuesday, which includes security updates for 89 flaws, including six actively exploited and three publicly disclosed zero-days. Microsoft is still working on an update for a tenth publicly disclosed zero-day. This Patch Tuesday fixed eight critical vulnerabilities, which were a mixture of elevation of privileges, remote code execution, and information disclosure. The number of bugs in each vulnerability category is listed below:

Windows 8.1 reached the end of support (EOS) on January 10, 2023, at which point technical assistance and software updates are no longer provided. For more information, see Windows Server End of Support: Key Dates .

The preview includes new features like shared material in File Explorer Home, the Windows Sandbox Client Preview, and a new account manager. For new PCs or new user accounts on managed commercial devices (PCs running Windows 11 Enterprise, Education, or Pro logged in with an Entra ID (or domain), the Microsoft 365 app will be pinned to the taskbar for quick access to Copilot for Microsoft 365 .

To use this feature, simply open the File Explorer home page and click the Share tab. Based on feedback, Microsoft has made changes to the new account manager in the Start menu, bringing the Sign Out button back into the foreground, which should make it easier to sign out.

For new PCs or new user accounts on managed commercial devices (PCs running Windows 11 Enterprise, Education, or Pro logged in with an Entra ID (or domain), the Microsoft 365 app will be pinned to the taskbar for quick access to Copilot for Microsoft 365 . Based on feedback, we’ve made some updates to the new account manager on the Start menu making the sign out option directly visible, and adding a list of signed in users under “…” so it’s faster to switch accounts.

[caption id="attachment_177309" align="alignnone" width="628"] Windows Sandbox Client Preview with new dropdown showing clipboard redirection, audio/video input control, and the ability to share folders with the host.[/caption] Changes in Dev Channel builds and updates are documented in two buckets: new features, improvements, and fixes that are being gradually rolled out for Insiders who have turned on the toggle to get the latest updates as they are available (via Settings > Windows Update)* and then new features, improvements, and fixes rolling out to everyone in the Dev Channel.

The new build, Build 26120.1843 under KB5043185, brings multiple new changes and improvements like new media controls on the lock screen, access to Shared content in File Explorer Home, Account Manager switching improvements, and more. For new PCs or new user accounts on managed commercial devices (PCs running Windows 11 Enterprise, Education, or Pro logged in with an Entra ID (or domain), the Microsoft 365 app will be pinned to the taskbar for quick access to Copilot for Microsoft 365 .