Microsoft Issues Patches for 90 Flaws, Including 10 Critical Zero-Days
14-August-24
Microsoft’s August Patch Tuesday release addressed 90 security flaws, including 10 zero-days, with six currently being exploited. Notable vulnerabilities include CVE-2024-38189 (Remote Code Execution in Microsoft Project) and CVE-2024-38178 (Windows Scripting Engine Memory Corruption), among others. CVE-2024-38213, a significant vulnerability affecting SmartScreen protections, was exploited by DarkGate malware operators. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has included these flaws in its Known Exploited Vulnerabilities catalog, mandating federal agencies to apply the fixes by September 3, 2024. Microsoft also addressed multiple issues in its Edge browser and noted that some vulnerabilities, like CVE-2024-38202 and CVE-2024-21302, are still pending updates.
