CVE-2024-38168

Uncontrolled Resource Consumption (CWE-400)

Published: Aug 13, 2024 / Updated: 3mo ago

Classification: Critical, Solution: Official Fix, Exploit Maturity: High, CVSSv3.1: 9.8, CVEs: CVE-2024-21302, CVE-2024-29995, CVE-2024-37968, CVE-2024-38063, CVE-2024-38084, CVE-2024-38098, CVE-2024-38106, CVE-2024-38107, CVE-2024-38108, CVE-2024-38109, CVE-2024-38114, CVE-2024-38115, CVE-2024-38116, CVE-2024-38117, CVE-2024-38118, CVE-2024-38120, CVE-2024-38121, CVE-2024-38122, CVE-2024-38123, CVE-2024-38125 (+82 other associated CVEs), Summary: https://www.bleepingcomputer.com/news/microsoft/microsoft-august-2024-patch-tuesday-fixes-9-zero-days-6-exploited/ Today is Microsoft's August 2024 Patch Tuesday, which includes security updates for 89 flaws, including six actively exploited and three publicly disclosed zero-days. Microsoft is still working on an update for a tenth publicly disclosed zero-day. This Patch Tuesday fixed eight critical vulnerabilities, which were a mixture of elevation of privileges, remote code execution, and information disclosure. The number of bugs in each vulnerability category is listed below:

Note: There are no new security updates for .NET Framework this month. To help streamline and help you keep up to date with the latest service releases we have decided to combine our update posts around both .NET & .NET Framework so you can find all the information in one convenient location on the blog.

While updates for CVE-2024-38200 were released as part of the August Patch Tuesday drop, Microsoft had already enabled a fix for this issue on July 30, meaning that all users of supported versions of Office were protected. This vulnerability, a privilege escalation in the Windows Kernel, requires that the attacker win a race condition to successfully exploit it.

Microsoft addressed 79 vulnerabilities in September 2024 Patch Tuesday, with 7 critical flaws in components like Windows, Office, and SharePoint. Microsoft released yesterday the September 2024 Patch Tuesday updates for all supported versions of Windows 10 and Windows 11.

Third-Party Software Update Catalog Release History – August 2024 In August 2024, our third-party software update catalog for Microsoft SCCM contained 1039 bug, feature, and security-related updates. Below you will find a full list of relevant updates and new products for August 2024. 1039 Total Updates 179 Security Updates 131 of the 179 security updates include CVE-IDs 110 New Products New Products: AbaClient 3.2.996.0 (MSI-x86) ACE Service Installer 3.6.16.0 (MSI-x86) All-in-One Messenger 2.5.0.0 (User-x64) Anywhere365 Integrator 1.0.0.1 (MSI-x86) Appeee 1.83.0.0 (User-x64) ApSIC Xbench 3.0.0.1593 (EXE-x64) Autodesk AutoCAD 2025 25.0.116.0 (EXE-x64) Autodesk AutoCAD Architecture 2024 8.6.62.0 (EXE-x64) Autodesk AutoCAD Electrical 2022 19.0.81.0 (EXE-x64) Autodesk AutoCAD Electrical 2023 20.0.73.0 (EXE-x64) Autodesk AutoCAD Electrical 2024 21.0.73.0 (EXE-x64) Autodesk AutoCAD Electrical 2025 22.0.71.0 (EXE-x64) Autodesk AutoCAD LT 2025 25.0.116.0 (EXE-x64) Autodesk Civil 3D 2025 13.7.161.0 (EXE-x64) Autodesk Single Sign On Component 13.8.6.1806 (MSI-x64) Axure RP 10.0.0.3924 (EXE-x86) Azure Connected Machine Agent 1.45.02769.1796 (MSI-x64) BelfiusConnector 3.7.15.0 (MSI-x64) BelfiusConnector 3.7.15.0 (MSI-x86) Bitwarden 2024.7.1.0 (User-x64) BlackBull Markets cBroker Live 9.1.2.58572 (User-x64) BlueBird Connector 3.0.0.0 (MSI-x64) Bria 67.12.4830.0 (MSI-x86) Bria Enterprise 64.10.7302.0 (MSI-x86) Brinno Connect 1.1.9810.0 (EXE-x86) Brother iPrint and Scan 12.0.2.3 (EXE-x86) BrowserStackLocal 3.6.4.0 (MSI-x86) Bytello Share 5.8.0.3788 (EXE-x86) CalDavSynchronizer 4.4.1.0 (MSI-x86) Caption.Ed 2.6.3.0 (User-x64) ClickShare Extension Pack 1.2.0.6 (MSI-x86) Clockify 1.7.92.0 (MSI-x64) Coligo DESKTOP 1.34.10.0 (MSI-x64) Coligo DESKTOP 1.34.10.0 (User-x64) Contour Pointing Devices 3.1.0.0 (MSI-x64) Contour Shuttle 2.13.5.0 (MSI) CSViewer 2.4.0.0 (User-x64) Dalux 3.0.9000.25264 (MSI-x64) Dell Power Manager Service 3.15.0.0 Digiexam 15.0.20.0 (User-x64) DNSFilter Agent 1.13.2.0 (MSI-x64) Docusign Edit 2.7.0.0 (EXE-x64) Docusign Edit 2.7.0.0 (User-x64) DuctZone 1.4.9.0 (EXE-x86) EasyMorph Desktop 5.8.0.6 (User-x64) EasyMorph Server 5.8.0.6 (EXE-x64) FBX Game Recorder 3.20.0.2301 (EXE) Ferdium 6.7.6.0 (EXE-x64) Ferdium 6.7.6.0 (User-x64) Filius 2.6.1.0 (EXE-x64) Fing Desktop 3.7.0.0 (EXE-x64) Franz 5.10.0.0 (User-x64) Fundels 3.2.6.0 (EXE-x86) Google Web Designer 14.0.1.0 (EXE-x64) Google Web Designer 14.0.1.0 (EXE-x86) Hash Tool 1.2.1.0 (EXE-x86) IAP Desktop 2.42.1564.0 (MSI-x64) IAP Desktop 2.42.1564.0 (MSI-x86) Inno Setup 6.3.3.0 (EXE-x86) Inno Setup 6.3.3.0 (User-x86) IVPN Client 3.14.16.0 (EXE-x64) JamLogic 3.139.0.0 (User-x64) JPEGView 1.3.46.0 (MSI-x64) JPEGView 1.3.46.0 (MSI-x86) KNIME Analytics Platform 5.3.0.0 (EXE-x64) KNIME Analytics Platform 5.3.0.0 (User-x64) Kofax Power PDF 5.1 Advanced 5.1.0.3 Macabacus 9.7.1.0 (MSI-x86) ManicTime 24.2.0.6 (MSI-x64) ManicTime 24.2.0.6 (MSI-x86) MirrorOp 2.5.4.70 (MSI-x86) NETworkManager 24.6.15.0 (MSI-x64) NXLog Community Edition 3.2.2329.0 (MSI) OpenBoard 1.7.1.240 (EXE) pCon.planner ME 8.10.0.104 (EXE-x64) pCon.planner PRO 8.10.0.104 (EXE-x64) pCon.planner STD 8.10.0.104 (EXE-x64) PDF Studio 2024 2024.0.1.0 (EXE-x64) PDF Studio 2024 2024.0.1.0 (EXE-x86) PDF Studio Latest 2024.0.1.0 (EXE-x64) PDF Studio Latest 2024.0.1.0 (EXE-x86) PDF Studio Viewer 2024.0.1.0 (EXE-x64) PDF Studio Viewer 2024.0.1.0 (EXE-x86) PDF Studio Viewer Latest 2024.0.1.0 (EXE-x64) PDF Studio Viewer Latest 2024.0.1.0 (EXE-x86) Profit Communication Center 2.9.1400.103 (EXE) QAWeb Enterprise Agent 2.15.0.0 (EXE-x64) QTextPad 1.11.0.0 (EXE-x64) RenderDoc 1.34.0.0 (MSI-x64) RenderDoc 1.34.0.0 (MSI-x86) Splunk ACS CLI 2.14.0.0 (EXE-x64) Splunk Universal Forwarder 9.3 9.3.0.0 (MSI-x64) Splunk Universal Forwarder 9.3 9.3.0.0 (MSI-x86) Sweet Home 3D 7.5.0 (EXE-x64) Tableau Reader Latest 24.2.801.0 (EXE-x64) TalkType 3.1.0 (User-x64) Todoist 9.7.2.0 (User-x64) TurboVNC 3.1.2.0 (EXE-x64) TurboVNC 3.1.2.0 (EXE-x86) Vagrant 2.4.1 (MSI-x64) Vagrant 2.4.1 (MSI-x86) Vagrant VMware Utility 1.0.22.0 (MSI-x64) Visual Paradigm Project Viewer 17.2.0.0 (EXE-x64) Windows Subsystem for Linux 2.2.4.0 (MSI-x64) Write 3.0.1489.0 (MSI-x64) Zotero 7.0.1.0 (EXE-x64) Zscaler Client Connector 4.5 v4.5.0.286 (MSI-x64) Zscaler Client Connector 4.5 v4.5.0.286 (MSI-x86) Zulu JRE 21.36.17.0 (MSI-x64) Zulu JRE Latest 21.36.17.0 (MSI-x64) Updates Added: (Oldest to Newest) 8×8 Work 8.15.2.7 (MSI-x64) Release Notes for 8×8 Work 8.15.2.7 (MSI-x64) Release Type: ⬤ ⬤ Scan Detection Ratio 0/61 VirusTotal Latest Scan Results (MSI-x64) AWS Command Line Interface v2 2.17.21.0 (x64) Release Notes for AWS Command Line Interface v2 2.17.21.0 (x64) Release Type: ⬤ ⬤ Scan Detection Ratio 0/52

近日，微软官方发布了多个安全漏洞的公告，其中微软产品本身漏洞84个，影响到微软产品的其他厂商漏洞5个。

On August 14, NSFOCUS CERT detected that Microsoft released a security update patch for August, which fixed 90 security issues involving widely used products such as Windows, Microsoft Office, Visual Studio and Azure, including high-risk vulnerabilities such as privilege escalation and remote code execution. Due to an error in the Windows Power Dependency Coordinator after release, local attackers authenticated by ordinary users can exploit this vulnerability by running special programs to obtain SYSTEM permissions of the target system.

Nessus Plugin ID 205591 with Medium Severity Synopsis The Microsoft Visual Studio Products are affected by multiple vulnerabilities. Description The Microsoft Visual Studio Products are missing security updates. They are, therefore, affected by multiple vulnerabilities, including: - .NET and Visual Studio Information Disclosure Vulnerability. (CVE-2024-38167) - .NET Core and Visual Studio Denial of Service Vulnerability. (CVE-2024-38168) Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. Solution Microsoft has released the following security updates to address this issue: - Update 17.6.18 for Visual Studio 2022 - Update 17.8.13 for Visual Studio 2022 - Update 17.10.6 for Visual Studio 2022 Read more at https://www.tenable.com/plugins/nessus/205591