July 1, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
ICS: Siemens SINEC NMS Vulnerability
August 14, 2024Multiple Microsoft Products Zero-Day Vulnerabilities
August 14, 2024ICS: Siemens SINEC NMS Vulnerability
August 14, 2024Multiple Microsoft Products Zero-Day Vulnerabilities
August 14, 2024
Severity
High
Analysis Summary
CVE-2024-38189 CVSS:8.8
Microsoft Project could allow a remote attacker to execute arbitrary code on the system. By persuading a victim to open a specially crafted content, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2024-38178 CVSS:7.5
Microsoft Windows could allow a remote attacker to execute arbitrary code on the system, caused by a flaw in the Scripting Engine component. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2024-38213 CVSS:6.5
Microsoft Windows could allow a remote attacker to bypass security restrictions. By persuading a victim to open a specially crafted content, an attacker could exploit this vulnerability to bypass mark of the Web security feature to cause impact on integrity.
CVE-2024-38193 CVSS:7.8
Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, cause by a flaw in the Ancillary Function Driver for WinSock component. By executing a specially crafted program, an authenticated attacker could exploit this vulnerability to execute arbitrary code with higher privileges.
CVE-2024-38106 CVSS:7
Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in Kernel component. By executing a specially crafted program, an authenticated attacker could exploit this vulnerability to execute arbitrary code with higher privileges.
CVE-2024-38107 CVSS:7.8
Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw inPower Dependency Coordinator component. By executing a specially crafted program, an authenticated attacker could exploit this vulnerability to execute arbitrary code with higher privileges.
Impact
- Security Bypass
- Code Execution
- Privilege Escalation
Indicators of Compromise
CVE
- CVE-2024-38189
- CVE-2024-38178
- CVE-2024-38213
- CVE-2024-38193
- CVE-2024-38106
- CVE-2024-38107
Affected Vendors
Microsoft
Affected Products
- Microsoft Windows 10 for 32-bit Systems
- Microsoft Windows 10 for x64-based Systems
- Microsoft 365 Apps for Enterprise for 32-bit Systems
- Microsoft 365 Apps for Enterprise for 64-bit Systems
- Microsoft Office 2019 for 32-bit editions
- Microsoft Office 2019 for 64-bit editions
- Microsoft Office LTSC 2021 for 32-bit editions
- Microsoft Office LTSC 2021 for 64-bit editions
- Microsoft Windows 10 Version 1507 - 10.0.0
- Microsoft Windows 10 Version 1607 - 10.0.0
- Microsoft Windows 10 Version 1607 for 32-bit Systems - 1607
- Microsoft Windows 10 Version 1607 for x64-based Systems - 1607
- Microsoft Windows 10 Version 1809 - 10.0.0
- Microsoft Windows 10 Version 1809 for 32-bit Systems - 1809
- Microsoft Windows 10 Version 1809 for ARM64-based Systems - 1809
- Microsoft Windows 10 Version 1809 for x64-based Systems - 1809
- Microsoft 365 Apps for Enterprise - 16.0.1
- Microsoft Office 2019 - 19.0.0
- Microsoft Office LTSC 2021 - 16.0.1
- Microsoft Project 2016 (32-bit edition)
- Microsoft Project 2016 (64-bit edition)
- Microsoft Project 2016 - 16.0.0.0
Remediation
Use Microsoft Automatic Update to apply the appropriate patch for your system, or the Microsoft Security Update Guide to search for available patches.