MS Family August 2024 Routine Security Update Advisory
Overview
Microsoft(https://www.microsoft.com) has released a security update that fixes vulnerabilities in products it has supplied. Users of affected products are advised to update to the latest version.
Affected Products
Apps family
App Installer
Azure Family
Azure Connected Machine Agent
Azure CycleCloud 8.0.0
Azure CycleCloud 8.0.1
Azure CycleCloud 8.0.2
Azure CycleCloud 8.1.0
Azure CycleCloud 8.1.1
Azure CycleCloud 8.2.0
Azure CycleCloud 8.2.1
Azure CycleCloud 8.2.2
Azure CycleCloud 8.3.0
Azure CycleCloud 8.4.0
Azure CycleCloud 8.4.1
Azure CycleCloud 8.4.2
Azure CycleCloud 8.5.0
Azure CycleCloud 8.6.0
Azure CycleCloud 8.6.1
Azure CycleCloud 8.6.2
Azure Health Bot
Azure Stack Hub
Developer Tools suite
.NET 8.0
Azure IoT Hub Device Client SDK
C SDK for Azure IoT
Microsoft Visual Studio 2022 version 17.10
Microsoft Visual Studio 2022 version 17.6
Microsoft Visual Studio 2022 version 17.8
ESU family
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
Windows Server 2012
Windows Server 2012 (Server Core installation)
Windows Server 2012 R2
Windows Server 2012 R2 (Server Core installation)
Mariner family
Azure Linux 3.0 ARM
Azure Linux 3.0 x64
CBL Mariner 1.0 ARM
CBL Mariner 1.0 x64
CBL Mariner 2.0 ARM
CBL Mariner 2.0 x64
Microsoft Dynamics Suite
Microsoft Dynamics 365 (on-premises) version 9.1
Microsoft Office Suite
Microsoft 365 Apps for Enterprise for 32-bit Systems
Microsoft 365 Apps for Enterprise for 64-bit Systems
Microsoft Office 2019 for 32-bit editions
Microsoft Office 2019 for 64-bit editions
Microsoft Office LTSC 2021 for 32-bit editions
Microsoft Office LTSC 2021 for 64-bit editions
Microsoft Office LTSC for Mac 2021
Microsoft OfficePLUS
Microsoft Outlook 2016 (32-bit edition)
Microsoft Outlook 2016 (64-bit edition)
Microsoft PowerPoint 2016 (32-bit edition)
Microsoft PowerPoint 2016 (64-bit edition)
Microsoft Project 2016 (32-bit edition)
Microsoft Project 2016 (64-bit edition)
Microsoft Teams for iOS
Windows Suite
Remote Desktop client for Windows Desktop
Windows 10 Version 1607 for 32-bit Systems
Windows 10 Version 1607 for x64-based Systems
Windows 10 Version 1809 for 32-bit Systems
Windows 10 Version 1809 for ARM64-based Systems
Windows 10 Version 1809 for x64-based Systems
Windows 10 Version 21H2 for 32-bit Systems
Windows 10 Version 21H2 for ARM64-based Systems
Windows 10 Version 21H2 for x64-based Systems
Windows 10 Version 22H2 for 32-bit Systems
Windows 10 Version 22H2 for ARM64-based Systems
Windows 10 Version 22H2 for x64-based Systems
Windows 10 for 32-bit Systems
Windows 10 for x64-based Systems
Windows 11 Version 22H2 for ARM64-based Systems
Windows 11 Version 22H2 for x64-based Systems
Windows 11 Version 23H2 for ARM64-based Systems
Windows 11 Version 23H2 for x64-based Systems
Windows 11 Version 24H2 for ARM64-based Systems
Windows 11 Version 24H2 for x64-based Systems
Windows 11 version 21H2 for ARM64-based Systems
Windows 11 version 21H2 for x64-based Systems
Windows Server 2016
Windows Server 2016 (Server Core installation)
Windows Server 2019
Windows Server 2019 (Server Core installation)
Windows Server 2022
Windows Server 2022 (Server Core installation)
Windows Server 2022, 23H2 Edition (Server Core installation)
Resolved Vulnerabilities
A total of 7 critical vulnerabilities and 76 important vulnerabilities have been discovered.
Apps family
Critical-rated spoofing vulnerability in Windows App Installer (CVE-2024-38177)
Azure family
Critical elevation of privilege vulnerabilities in Azure Connected Machine Agent (CVE-2024-38098, CVE-2024-38162)
Critical remote code execution vulnerability in Azure CycleCloud (CVE-2024-38195)
Urgent-grade privilege escalation vulnerability in Azure Health Bot (CVE-2024-38109)
Critical elevation of privilege vulnerability in Azure Stack (CVE-2024-38201)
Critical-grade spoofing vulnerability in Azure Stack (CVE-2024-38108)
Developer Tools suite
Critical Denial of Service Vulnerability in .NET and Visual Studio (CVE-2024-38168)
Critical information disclosure vulnerability in .NET and Visual Studio (CVE-2024-38167)
Critical remote code execution vulnerabilities in the Azure IoT SDK (CVE-2024-38157, CVE-2024-38158)
Mariner Family
Microsoft Dynamics Suite
Critical-grade spoofing vulnerability in Microsoft Dynamics (CVE-2024-38211)
Microsoft Office Suite
Critical remote code execution vulnerabilities in Microsoft Office Excel (CVE-2024-38172, CVE-2024-38170)
Critical remote code execution vulnerability in Microsoft Office Outlook (CVE-2024-38173)
Critical remote code execution vulnerability in Microsoft Office PowerPoint (CVE-2024-38171)
Critical remote code execution vulnerability in Microsoft Office Project (CVE-2024-38189)
Critical remote code execution vulnerability in Microsoft Office Visio (CVE-2024-38169)
Critical elevation of privilege vulnerability in Microsoft Office (CVE-2024-38084)
Critical spoofing vulnerability in Microsoft Teams (CVE-2024-38197)
Windows Family
Critical remote code execution vulnerability in the Line Printer Daemon Service (LPD) (CVE-2024-38199)
Critical information disclosure vulnerability in the Microsoft Bluetooth Driver (CVE-2024-38123)
Critical information disclosure vulnerabilities in Microsoft Local Security Authority Server (lsasrv) (CVE-2024-38118, CVE-2024-38122)
Critical elevation of privilege vulnerabilities in Microsoft Streaming Service (CVE-2024-38125, CVE-2024-38134, CVE-2024-38144)
Critical remote code execution vulnerability in Microsoft WDAC OLE DB provider for SQL (CVE-2024-38152)
Critical spoofing vulnerability in Microsoft Windows DNS (CVE-2024-37968)
Critical remote code execution vulnerability in Reliable Multicast Transport Driver (RMCAST) (CVE-2024-38140)
Critical-grade privilege escalation vulnerabilities in Windows Ancillary Function Driver for WinSock (CVE-2024-38193, CVE-2024-38141)
Critical remote code execution vulnerability in Windows Clipboard Virtual Channel Extension (CVE-2024-38131)
Critical elevation of privilege vulnerability in the Windows Cloud Files Mini Filter Driver (CVE-2024-38215)
Critical elevation of privilege vulnerability in Windows Common Log File System Driver (CVE-2024-38196)
Critical Tampering Vulnerability in Windows Compressed Folder (CVE-2024-38165)
Critical elevation of privilege vulnerabilities in Windows DWM Core Library (CVE-2024-38147, CVE-2024-38150)
Critical remote code execution vulnerability in Windows Deployment Services (CVE-2024-38138)
Critical remote code execution vulnerabilities in Windows IP Routing Management Snapin (CVE-2024-38114, CVE-2024-38115, CVE-2024-38116)
Critical elevation of privilege vulnerability in Windows Initial Machine Configuration (CVE-2024-38223)
Critical elevation of privilege vulnerability in Windows Kerberos (CVE-2024-29995)
Critical elevation of privilege vulnerabilities in Windows Kernel-Mode Drivers (CVE-2024-38184, CVE-2024-38191, CVE-2024-38185, CVE-2024-38186, CVE-2024-38187)
Critical elevation of privilege vulnerabilities in the Windows Kernel (CVE-2024-38106, CVE-2024-38127, CVE-2024-38133, CVE-2024-38153)
Critical information disclosure vulnerability in the Windows Kernel (CVE-2024-38151)
Critical-grade denial-of-service vulnerabilities in Windows Layer-2 Bridge Network Driver (CVE-2024-38145, CVE-2024-38146)
Moderate security feature bypass vulnerability in Windows Mark of the Web (MOTW) (CVE-2024-38213)
Critical remote code execution vulnerability in Windows Mobile Broadband (CVE-2024-38161)
Critical elevation of privilege vulnerability in the Windows NT OS Kernel (CVE-2024-38135)
Critical elevation of privilege vulnerability in Windows NTFS (CVE-2024-38117)
Critical-grade denial-of-service vulnerabilities in Windows Network Address Translation (NAT) (CVE-2024-38126, CVE-2024-38132)
Critical remote code execution vulnerabilities in Windows Network Virtualization (CVE-2024-38159, CVE-2024-38160)
Critical elevation of privilege vulnerability in Windows Power Dependency Coordinator (CVE-2024-38107)
Critical elevation of privilege vulnerability in Windows Print Spooler Components (CVE-2024-38198)
Critical elevation of privilege vulnerability in Windows Resource Manager (CVE-2024-38136, CVE-2024-38137)
Critical remote code execution vulnerabilities in Windows Routing and Remote Access Service (RRAS) (CVE-2024-38121, CVE-2024-38128, CVE-2024-38130, CVE-2024-38154, CVE-2024-38120)
Critical information disclosure vulnerability in Windows Routing and Remote Access Service (RRAS) (CVE-2024-38214)
Critical remote code execution vulnerability in Windows Scripting (CVE-2024-38178)
Critical security feature bypass vulnerability in Windows Secure Boot (CVE-2023-40547)
Critical remote code execution vulnerability in Windows Secure Boot (CVE-2022-3775)
Critical elevation of privilege vulnerability in Windows Secure Kernel Mode (CVE-2024-38142)
Critical information disclosure vulnerability in Windows Security Center (CVE-2024-38155)
Critical security feature bypass vulnerability in Windows SmartScreen (CVE-2024-38180)
Critical remote code execution vulnerability in Windows TCP/IP (CVE-2024-38063)
Critical denial of service vulnerability in Windows Transport Security Layer (TLS) (CVE-2024-38148)
Critical elevation of privilege vulnerability in the Windows Update Stack (CVE-2024-38163)
Critical elevation of privilege vulnerability in Windows WLAN Auto Config Service (CVE-2024-38143)
Vulnerability Patches
The following product-specific vulnerability patches were made available in the August 13, 2024 Update. Please use the Windows Update feature for automatic installation or refer to the URLs in the product information below to download and install.
.NET 8.0 version
https://dotnet.microsoft.com/en-us/download/dotnet/8.0
App Installer version
Azure Connected Machine Agent version
Azure CycleCloud 8.0.0 version
Azure CycleCloud 8.0.1 version
Azure CycleCloud 8.0.2 version
Azure CycleCloud 8.1.0 version
Azure CycleCloud 8.1.1 version
Azure CycleCloud 8.2.0 version
Azure CycleCloud 8.2.1 version
Azure CycleCloud 8.2.2 version
Azure CycleCloud 8.3.0 version
Azure CycleCloud 8.4.0 version
Azure CycleCloud 8.4.1 version
Azure CycleCloud 8.4.2 version
Azure CycleCloud 8.5.0 version
Azure CycleCloud 8.6.0 version
Azure CycleCloud 8.6.1 version
Azure CycleCloud version 8.6.2
Azure IoT Hub Device Client SDK version
https://msrc.microsoft.com/update-guide/
Azure Linux 3.0 ARM version
Azure Linux 3.0 x64 version
https://www.catalog.update.microsoft.com/Search.aspx?q=KBgrub2
Azure Stack Hub version
C SDK for Azure IoT version
https://msrc.microsoft.com/update-guide/
CBL Mariner 1.0 ARM version
CBL Mariner 1.0 x64 version
CBL Mariner 2.0 ARM version
CBL Mariner 2.0 x64 version
https://www.catalog.update.microsoft.com/Search.aspx?q=KBgrub2
Microsoft 365 Apps for Enterprise version
https://msrc.microsoft.com/update-guide/
Microsoft Dynamics 365 (on-premises) version 9.1 version
https://www.microsoft.com/downloads/details.aspx?familyid=465682e8-cade-44ca-8d28-8b36d43e60c3
Microsoft Office 2019 version
Microsoft Office LTSC 2021 version
https://msrc.microsoft.com/update-guide/
Microsoft Office LTSC for Mac 2021 version
Microsoft OfficePLUS version
https://msrc.microsoft.com/update-guide/
Microsoft Outlook 2016 version
https://www.microsoft.com/downloads/details.aspx?familyid=6c781311-854c-4350-9278-3988a3a3bafc
Microsoft PowerPoint 2016 version
https://www.microsoft.com/downloads/details.aspx?familyid=a183f057-0c32-40b9-a6f7-8cc34fa66b45
Microsoft Project 2016 version
https://www.microsoft.com/downloads/details.aspx?familyid=7fcd47a1-dced-4d0e-b4ff-a8812dd93ab5
Microsoft Teams for iOS version
Microsoft Visual Studio 2022 version 17.10 version
Microsoft Visual Studio 2022 version 17.6
Microsoft Visual Studio 2022 version 17.8
Remote Desktop client for Windows Desktop version
https://msrc.microsoft.com/update-guide/
Windows 10 version
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041782
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040448
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5039225
Windows 10 version 1607
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041773
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040434
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5039214
Windows 10 version 1809
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041578
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040430
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5039217
Windows 10 version 21H2
Windows 10 version 22H2
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041580
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040427
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5039211
https://support.microsoft.com/help/5042320
Windows 11 version 22H2
Windows 11 version 23H2
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041585
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040442
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5039212
Windows 11 version 24H2
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041571
Windows 11 version 21H2
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041592
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040431
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5039213
https://support.microsoft.com/help/5042321
Windows Server 2008 R2 Service Pack 1 version
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040497
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040498
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041838
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041823
Windows Server 2008 Service Pack 2 version
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040499
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040490
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041850
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041847
Windows Server 2012 version
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041851
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040485
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5039260
Windows Server 2012 R2 version
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041828
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041770
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040456
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5039294
Windows Server 2016 version
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041773
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040434
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5039214
Windows Server 2019 version
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041578
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040430
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5039217
Windows Server 2022 version
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041160
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040437
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5039227
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5039330
https://support.microsoft.com/help/5042322
Windows Server 2022, 23H2 version
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041573
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040438
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5039236