Skip to main content
To Customer Support To Customer Support

August 2024 Security Updates
This release consists of the following 90 Microsoft CVEs:
Tag CVE Base Score CVSS Vector Exploitability FAQs? Workarounds? Mitigations?

Windows Secure Kernel Mode CVE-2024-21302
Windows Kerberos CVE-2024-29995
Microsoft Windows DNS CVE-2024-37968
Windows TCP/IP CVE-2024-38063
Microsoft Office CVE-2024-38084
Azure Connected Machine Agent CVE-2024-38098
Windows Kernel CVE-2024-38106
Windows Power Dependency Coordinator CVE-2024-38107
Azure Stack CVE-2024-38108
Azure Health Bot CVE-2024-38109
Windows IP Routing Management Snapin CVE-2024-38114
Windows IP Routing Management Snapin CVE-2024-38115
Windows IP Routing Management Snapin CVE-2024-38116
Windows NTFS CVE-2024-38117
Microsoft Local Security Authority Server (lsasrv) CVE-2024-38118
Windows Routing and Remote Access Service (RRAS) CVE-2024-38120
Windows Routing and Remote Access Service (RRAS) CVE-2024-38121
Microsoft Local Security Authority Server (lsasrv) CVE-2024-38122
Microsoft Bluetooth Driver CVE-2024-38123
Microsoft Streaming Service CVE-2024-38125
Windows Network Address Translation (NAT) CVE-2024-38126
Windows Kernel CVE-2024-38127
Windows Routing and Remote Access Service (RRAS) CVE-2024-38128
Windows Routing and Remote Access Service (RRAS) CVE-2024-38130
Windows Clipboard Virtual Channel Extension CVE-2024-38131
Windows Network Address Translation (NAT) CVE-2024-38132
Windows Kernel CVE-2024-38133
Microsoft Streaming Service CVE-2024-38134
Windows NT OS Kernel CVE-2024-38135
Windows Resource Manager CVE-2024-38136
Windows Resource Manager CVE-2024-38137
Windows Deployment Services CVE-2024-38138
Reliable Multicast Transport Driver (RMCAST) CVE-2024-38140
Windows Ancillary Function Driver for WinSock CVE-2024-38141
Windows Secure Kernel Mode CVE-2024-38142
Windows WLAN Auto Config Service CVE-2024-38143
Microsoft Streaming Service CVE-2024-38144
Windows Layer-2 Bridge Network Driver CVE-2024-38145
Windows Layer-2 Bridge Network Driver CVE-2024-38146
Windows DWM Core Library CVE-2024-38147
Windows Transport Security Layer (TLS) CVE-2024-38148
Windows DWM Core Library CVE-2024-38150
Windows Kernel CVE-2024-38151
Microsoft WDAC OLE DB provider for SQL CVE-2024-38152
Windows Kernel CVE-2024-38153
Windows Routing and Remote Access Service (RRAS) CVE-2024-38154
Windows Security Center CVE-2024-38155
Azure IoT SDK CVE-2024-38157
Azure IoT SDK CVE-2024-38158
Windows Network Virtualization CVE-2024-38159
Windows Network Virtualization CVE-2024-38160
Windows Mobile Broadband CVE-2024-38161
Azure Connected Machine Agent CVE-2024-38162
Windows Update Stack CVE-2024-38163
Windows Compressed Folder CVE-2024-38165
Microsoft Dynamics CVE-2024-38166
.NET and Visual Studio CVE-2024-38167
.NET and Visual Studio CVE-2024-38168
Microsoft Office Visio CVE-2024-38169
Microsoft Office Excel CVE-2024-38170
Microsoft Office PowerPoint CVE-2024-38171
Microsoft Office Excel CVE-2024-38172
Microsoft Office Outlook CVE-2024-38173
Windows App Installer CVE-2024-38177
Windows Scripting CVE-2024-38178
Windows SmartScreen CVE-2024-38180
Windows Kernel-Mode Drivers CVE-2024-38184
Windows Kernel-Mode Drivers CVE-2024-38185
Windows Kernel-Mode Drivers CVE-2024-38186
Windows Kernel-Mode Drivers CVE-2024-38187
Microsoft Office Project CVE-2024-38189
Windows Kernel-Mode Drivers CVE-2024-38191
Windows Ancillary Function Driver for WinSock CVE-2024-38193
Azure CycleCloud CVE-2024-38195
Windows Common Log File System Driver CVE-2024-38196
Microsoft Teams CVE-2024-38197
Windows Print Spooler Components CVE-2024-38198
Line Printer Daemon Service (LPD) CVE-2024-38199
Microsoft Office CVE-2024-38200
Azure Stack CVE-2024-38201
Windows Update Stack CVE-2024-38202
Microsoft Copilot Studio CVE-2024-38206
Microsoft Dynamics CVE-2024-38211
Windows Mark of the Web (MOTW) CVE-2024-38213
Windows Routing and Remote Access Service (RRAS) CVE-2024-38214
Windows Cloud Files Mini Filter Driver CVE-2024-38215
Microsoft Edge (Chromium-based) CVE-2024-38218
Microsoft Edge (Chromium-based) CVE-2024-38219
Microsoft Edge (Chromium-based) CVE-2024-38222
Windows Initial Machine Configuration CVE-2024-38223

We are republishing 12 non-Microsoft CVEs:
CNA Tag CVE FAQs? Workarounds? Mitigations?
Red Hat, Inc. Windows Secure Boot CVE-2022-2601
Red Hat, Inc. Windows Secure Boot CVE-2022-3775
Red Hat, Inc. Windows Secure Boot CVE-2023-40547
Chrome Microsoft Edge (Chromium-based) CVE-2024-6990
Chrome Microsoft Edge (Chromium-based) CVE-2024-7255
Chrome Microsoft Edge (Chromium-based) CVE-2024-7256
Chrome Microsoft Edge (Chromium-based) CVE-2024-7532
Chrome Microsoft Edge (Chromium-based) CVE-2024-7533
Chrome Microsoft Edge (Chromium-based) CVE-2024-7534
Chrome Microsoft Edge (Chromium-based) CVE-2024-7535
Chrome Microsoft Edge (Chromium-based) CVE-2024-7536
Chrome Microsoft Edge (Chromium-based) CVE-2024-7550

Security Update Guide Blog Posts
Date Blog Post
June 27, 2024 Toward greater transparency: Unveiling Cloud Service CVEs
April 9, 2024 Toward greater transparency: Security Update Guide now shares CWEs for CVEs
January 6, 2023 Publishing CBL-Mariner CVEs on the Security Update Guide CVRF API
January 11, 2022 Coming Soon: New Security Update Guide Notification System
February 9, 2021 Continuing to Listen: Good News about the Security Update Guide API
January 13, 2021 Security Update Guide Supports CVEs Assigned by Industry Partners
December 8, 2020 Security Update Guide: Let’s keep the conversation going
November 9, 2020 Vulnerability Descriptions in the New Version of the Security Update Guide
Relevant Resources

  • The new Hotpatching feature is now generally available. Please see Hotpatching feature for Windows Server Azure Edition virtual machines (VMs) for more information.
  • Windows 10 and Windows 11 updates are cumulative. The monthly security release includes all security fixes for vulnerabilities that affect Windows 10 and Windows 11, in addition to non-security updates. The updates are available via the Microsoft Update Catalog. For information on lifecycle and support dates for Windows 10 and Windows 11 operating systems, please see Windows Lifecycle Facts Sheet.
  • Microsoft is improving Windows Release Notes. For more information, please see What's next for Windows release notes.
  • A list of the latest servicing stack updates for each operating system can be found in ADV990001. This list will be updated whenever a new servicing stack update is released. It is important to install the latest servicing stack update.
  • In addition to security changes for the vulnerabilities, updates include defense-in-depth updates to help improve security-related features.
  • Customers running Windows Server 2008 R2, or Windows Server 2008 need to purchase the Extended Security Update to continue receiving security updates. See 4522133 for more information.

Known Issues
You can see these in more detail from the Deployments tab by selecting Known Issues column in the Edit Columns panel.

For more information about Windows Known Issues, please see Windows message center (links to currently-supported versions of Windows are in the left pane).

KB Article Applies To
5041160 Windows Server 2022
5041571 Windows 11 version 24H2
5041578 Windows 10, version 1809, Windows Server 2019
5041580 Windows 10, version 21H2, Windows 10, version 22H2
5041592 Windows 11, version 21H2
5041773 Windows 10, version 1607, Windows Server 2016
5041828 Windows Server 2012 R2 (Monthly Rollup)
5041847 Windows Server 2008 (Security-only update)
5041850 Windows Server 2008 (Monthly Rollup)
5041851 Windows Server 2012 (Monthly Rollup)
Released: Aug 13, 2024
https://msrc.microsoft.com/update-guide/releaseNote/2024-Aug

Microsoft security update summary for August 2024

August 13, 2024

Here’s a summary of Microsoft security updates released on this date.

Critical security updates

  • Azure Health Bot
  • Dynamics CRM Service Portal Web Resource
  • Microsoft Copilot Studio
  • Windows 10 for 32-bit Systems
  • Windows 10 for x64-based Systems
  • Windows 10 Version 1607 for 32-bit Systems
  • Windows 10 Version 1607 for x64-based Systems
  • Windows 10 Version 1809 for 32-bit Systems
  • Windows 10 Version 1809 for ARM64-based Systems
  • Windows 10 Version 1809 for x64-based Systems
  • Windows 10 Version 21H2 for 32-bit Systems
  • Windows 10 Version 21H2 for ARM64-based Systems
  • Windows 10 Version 21H2 for x64-based Systems
  • Windows 10 Version 22H2 for 32-bit Systems
  • Windows 10 Version 22H2 for ARM64-based Systems
  • Windows 10 Version 22H2 for x64-based Systems
  • Windows 11 version 21H2 for ARM64-based Systems
  • Windows 11 version 21H2 for x64-based Systems
  • Windows 11 Version 22H2 for ARM64-based Systems
  • Windows 11 Version 22H2 for x64-based Systems
  • Windows 11 Version 23H2 for ARM64-based Systems
  • Windows 11 Version 23H2 for x64-based Systems
  • Windows 11 Version 24H2 for ARM64-based Systems
  • Windows 11 Version 24H2 for x64-based Systems
  • Windows Server 2008 for 32-bit Systems Service Pack 2
  • Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
  • Windows Server 2008 for x64-based Systems Service Pack 2
  • Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
  • Windows Server 2008 R2 for x64-based Systems Service Pack 1
  • Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
  • Windows Server 2012
  • Windows Server 2012 (Server Core installation)
  • Windows Server 2012 R2
  • Windows Server 2012 R2 (Server Core installation)
  • Windows Server 2016
  • Windows Server 2016 (Server Core installation)
  • Windows Server 2019
  • Windows Server 2019 (Server Core installation)
  • Windows Server 2022
  • Windows Server 2022 (Server Core installation)
  • Windows Server 2022, 23H2 Edition (Server Core installation)

Important security updates

  • .NET 8.0
  • App Installer
  • Azure Connected Machine Agent
  • Azure CycleCloud 80.0
  • Azure CycleCloud 80.1
  • Azure CycleCloud 80.2
  • Azure CycleCloud 81.0
  • Azure CycleCloud 81.1
  • Azure CycleCloud 82.0
  • Azure CycleCloud 82.1
  • Azure CycleCloud 82.2
  • Azure CycleCloud 83.0
  • Azure CycleCloud 84.0
  • Azure CycleCloud 84.1
  • Azure CycleCloud 84.2
  • Azure CycleCloud 85.0
  • Azure CycleCloud 86.0
  • Azure CycleCloud 86.1
  • Azure CycleCloud 86.2
  • Azure IoT Hub Device Client SDK
  • Azure Stack Hub
  • C SDK for Azure IoT
  • Microsoft 365 Apps for Enterprise for 32-bit Systems
  • Microsoft 365 Apps for Enterprise for 64-bit Systems
  • Microsoft Dynamics 365 (on-premises) version 9.1
  • Microsoft Edge (Chromium-based)
  • Microsoft Office 2016 (32-bit edition)
  • Microsoft Office 2016 (64-bit edition)
  • Microsoft Office 2019 for 32-bit editions
  • Microsoft Office 2019 for 64-bit editions
  • Microsoft Office LTSC 2021 for 32-bit editions
  • Microsoft Office LTSC 2021 for 64-bit editions
  • Microsoft Office LTSC for Mac 2021
  • Microsoft OfficePLUS
  • Microsoft Outlook 2016 (32-bit edition)
  • Microsoft Outlook 2016 (64-bit edition)
  • Microsoft PowerPoint 2016 (32-bit edition)
  • Microsoft PowerPoint 2016 (64-bit edition)
  • Microsoft Project 2016 (32-bit edition)
  • Microsoft Project 2016 (64-bit edition)
  • Microsoft Teams for iOS
  • Microsoft Visual Studio 2022 version 17.10
  • Microsoft Visual Studio 2022 version 17.6
  • Microsoft Visual Studio 2022 version 17.8
  • Remote Desktop client for Windows Desktop
  

 

Get complete information >
 

CVEs have been published or revised in the Security Update Guide

August 14, 2024

These common vulnerabilities and exposures (CVEs) were recently published or revised in the Microsoft Security Update Guide:

CVE-2024-29187

  • Title: GitHub: CVE-2024-29187 WiX Burn-based bundles are vulnerable to binary hijack when run as SYSTEM
  • Version: 2.0
  • Reason for revision: To comprehensively address CVE-2024-29187, Microsoft has released security updates on August 13, 2024 for Microsoft Visual Studio 2017 version 15.9, Microsoft Visual Studio 2019 version 16.11, and Microsoft Visual Studio 2022 version 17.6. Microsoft recommends customers install the updates to be fully protected from the vulnerability.
  • Originally released: June 11, 2024
  • Last updated: August 13, 2024
  • Aggregate CVE Severity Rating: Important

CVE-2024-38058

  • Title: BitLocker Security Feature Bypass Vulnerability
  • Version: 1.1
  • Reason for revision: Added an FAQ to explain that because of firmware incompatibility issues that were causing BitLocker to go into recovery mode on some devices, the fix for CVE-2024-38058 has been disabled with the release of the August 2024 security updates. Customers who want to be protected from the vulnerability can apply the mitigations described in [KB5025885](https://support.microsoft.com/help/5025885).
  • Originally released: July 9, 2024
  • Last updated: August 13, 2024
  • Aggregate CVE Severity Rating: Important

CVE-2024-38081

  • Title: .NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability
  • Version: 2.1
  • Reason for revision: Corrected Article and Download entries in the Affected Products table. This is an informational change only.
  • Originally released: July 9, 2024
  • Last updated: August 13, 2024
  • Aggregate CVE Severity Rating: Important
  

Long list!

CVEs have been published or revised in the Security Update Guide

August 16, 2024

These common vulnerabilities and exposures (CVEs) were recently published or revised in the Microsoft Security Update Guide:

CVE-2024-43472

  • Title: Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
  • Version: 1.0
  • Reason for revision: Information published.
  • Originally released: August 15, 2024
  • Last updated: August 15, 2024

Aggregate CVE Severity Rating: Moderate

CVEs have been published or revised in the Security Update Guide

August 20, 2024

These common vulnerabilities and exposures (CVEs) were recently published or revised in the Microsoft Security Update Guide:

CVE-2024-38175

  • Title: Azure Managed Instance for Apache Cassandra Elevation of Privilege Vulnerability
  • Version: 1.0
  • Reason for revision: Information published.
  • Originally released: August 20, 2024
  • Last updated: August 20, 2024

Aggregate CVE Severity Rating: Critical

CVEs have been published or revised in the Security Update Guide

August 22, 2024

These common vulnerabilities and exposures (CVEs) were recently published or revised in the Microsoft Security Update Guide:

CVE-2024-38178

  • Title: Scripting Engine Memory Corruption Vulnerability
  • Version: 1.1
  • Reason for revision: Updated acknowledgment. This is an informational change only
  • Originally released: August 13, 2024
  • Last updated: August 22, 2024
  • Aggregate CVE Severity Rating: Important

CVE-2024-38208

  • Title: Microsoft Edge for Android Spoofing Vulnerability
  • Version: 1.0
  • Reason for revision: Information published.
  • Originally released: August 22, 2024
  • Last updated: August 22, 2024
  • Aggregate CVE Severity Rating: Moderate

CVE-2024-38209

  • Title: Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
  • Version: 1.0
  • Reason for revision: Information published.
  • Originally released: August 22, 2024
  • Last updated: August 22, 2024
  • Aggregate CVE Severity Rating: Important

CVE-2024-38210

  • Title: Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
  • Version: 1.0
  • Reason for revision: Information published.
  • Originally released: August 22, 2024
  • Last updated: August 22, 2024
  • Aggregate CVE Severity Rating: Important

CVE-2024-41879

  • Title: Adobe: CVE-2024-41879 Adobe PDF Viewer Remote Code Execution Vulnerability
  • Version: 1.0
  • Reason for revision: Information published.
  • Originally released: August 22, 2024
  • Last updated: August 22, 2024
  • Aggregate CVE Severity Rating: Moderate

CVE-2024-43477

  • Title: Entra ID Elevation of Privilege Vulnerability
  • Version: 1.0
  • Reason for revision: Information published.
  • Originally released: August 22, 2024
  • Last updated: August 22, 2024
  • Aggregate CVE Severity Rating: Critical

CVE-2024-7964

  • Title: Chromium: CVE-2024-7964 Use after free in Passwords
  • Version: 1.0
  • Reason for revision: Information published.
  • Originally released: August 22, 2024
  • Last updated: August 22, 2024
  • Aggregate CVE Severity Rating:

CVE-2024-7965

  • Title: Chromium: CVE-2024-7965 Inappropriate implementation in V8
  • Version: 1.0
  • Reason for revision: Information published.
  • Originally released: August 22, 2024
  • Last updated: August 22, 2024
  • Aggregate CVE Severity Rating:

CVE-2024-7966

  • Title: Chromium: CVE-2024-7966 Out of bounds memory access in Skia
  • Version: 1.0
  • Reason for revision: Information published.
  • Originally released: August 22, 2024
  • Last updated: August 22, 2024
  • Aggregate CVE Severity Rating:

CVE-2024-7967

  • Title: Chromium: CVE-2024-7967 Heap buffer overflow in Fonts
  • Version: 1.0
  • Reason for revision: Information published.
  • Originally released: August 22, 2024
  • Last updated: August 22, 2024
  • Aggregate CVE Severity Rating:

CVE-2024-7968

  • Title: Chromium: CVE-2024-7968 Use after free in Autofill
  • Version: 1.0
  • Reason for revision: Information published.
  • Originally released: August 22, 2024
  • Last updated: August 22, 2024
  • Aggregate CVE Severity Rating:

CVE-2024-7969

  • Title: Chromium: CVE-2024-7969 Type Confusion in V8
  • Version: 1.0
  • Reason for revision: Information published.
  • Originally released: August 22, 2024
  • Last updated: August 22, 2024
  • Aggregate CVE Severity Rating:

CVE-2024-7971

  • Title: Chromium: CVE-2024-7971 Type confusion in V8
  • Version: 1.0
  • Reason for revision: Information published.
  • Originally released: August 22, 2024
  • Last updated: August 22, 2024
  • Aggregate CVE Severity Rating:

CVE-2024-7972

  • Title: Chromium: CVE-2024-7972 Inappropriate implementation in V8
  • Version: 1.0
  • Reason for revision: Information published.
  • Originally released: August 22, 2024
  • Last updated: August 22, 2024
  • Aggregate CVE Severity Rating:

CVE-2024-7973

  • Title: Chromium: CVE-2024-7973 Heap buffer overflow in PDFium
  • Version: 1.0
  • Reason for revision: Information published.
  • Originally released: August 22, 2024
  • Last updated: August 22, 2024
  • Aggregate CVE Severity Rating:

CVE-2024-7974

  • Title: Chromium: CVE-2024-7974 Insufficient data validation in V8 API
  • Version: 1.0
  • Reason for revision: Information published.
  • Originally released: August 22, 2024
  • Last updated: August 22, 2024
  • Aggregate CVE Severity Rating:

CVE-2024-7975

  • Title: Chromium: CVE-2024-7975 Inappropriate implementation in Permissions
  • Version: 1.0
  • Reason for revision: Information published.
  • Originally released: August 22, 2024
  • Last updated: August 22, 2024
  • Aggregate CVE Severity Rating:

CVE-2024-7976

  • Title: Chromium: CVE-2024-7976 Inappropriate implementation in FedCM
  • Version: 1.0
  • Reason for revision: Information published.
  • Originally released: August 22, 2024
  • Last updated: August 22, 2024
  • Aggregate CVE Severity Rating:

CVE-2024-7977

  • Title: Chromium: CVE-2024-7977 Insufficient data validation in Installer
  • Version: 1.0
  • Reason for revision: Information published.
  • Originally released: August 22, 2024
  • Last updated: August 22, 2024
  • Aggregate CVE Severity Rating:

CVE-2024-7978

  • Title: Chromium: CVE-2024-7978 Insufficient policy enforcement in Data Transfer
  • Version: 1.0
  • Reason for revision: Information published.
  • Originally released: August 22, 2024
  • Last updated: August 22, 2024
  • Aggregate CVE Severity Rating:

CVE-2024-7979

  • Title: Chromium: CVE-2024-7979 Insufficient data validation in Installer
  • Version: 1.0
  • Reason for revision: Information published.
  • Originally released: August 22, 2024
  • Last updated: August 22, 2024
  • Aggregate CVE Severity Rating:

CVE-2024-7980

  • Title: Chromium: CVE-2024-7980 Insufficient data validation in Installer
  • Version: 1.0
  • Reason for revision: Information published.
  • Originally released: August 22, 2024
  • Last updated: August 22, 2024
  • Aggregate CVE Severity Rating:

CVE-2024-7981

  • Title: Chromium: CVE-2024-7981 Inappropriate implementation in Views
  • Version: 1.0
  • Reason for revision: Information published.
  • Originally released: August 22, 2024
  • Last updated: August 22, 2024
  • Aggregate CVE Severity Rating:

CVE-2024-8033

  • Title: Chromium: CVE-2024-8033 Inappropriate implementation in WebApp Installs
  • Version: 1.0
  • Reason for revision: Information published.
  • Originally released: August 22, 2024
  • Last updated: August 22, 2024
  • Aggregate CVE Severity Rating:

CVE-2024-8034

  • Title: Chromium: CVE-2024-8034 Inappropriate implementation in Custom Tabs
  • Version: 1.0
  • Reason for revision: Information published.
  • Originally released: August 22, 2024
  • Last updated: August 22, 2024
  • Aggregate CVE Severity Rating:

CVE-2024-8035

  • Title: Chromium: CVE-2024-8035 Inappropriate implementation in Extensions
  • Version: 1.0
  • Reason for revision: Information published.
  • Originally released: August 22, 2024
  • Last updated: August 22, 2024

Aggregate CVE Severity Rating:

 

See more here:

 

Reply


Terms & Conditions