** 2 Weeks After Patch Tuesday **
Nothing too crazy after two weeks of installs.
Microsoft has acknowledged this month’s updates can cause our previously reported performance issues and suggest using Known Issue Rollback to resolve them as well as impacting Linux boot on dual-boot setup devices on all version of Windows (11, 10, Server 2022, 2019, and 2016).
A few odd reports about August’s updates not available through Windows Update Agent (WUA), which some have reported. Both Action1 and trackd users have corroborated this. However, trackd’s users are starting to see this month’s updates available the last couple of days.
Now sit back and relax for the next two weeks, enjoying the relatively calm August KBs…
** 72 Hours After Patch Tuesday **
All clear on the patching front after last month’s fun? Almost…
Although there’s no reports of Blue Screen of Death (hooray!) we’ve got a couple of Server 2019 bumps, RD gateway services still not fixed yet, and one report of users not being able to roll back after installing this month’s updates
Windows 11
Server 2019
- Performance issues on Server 2019 after installing
- Group Policy item level targeting broken on Server 2019
August 2024 – Another Patch Tuesday has arrived
7 early security updates were released before today’s main update, one of which is a zero day affecting the Windows Update Stack (CVE-2024-38202) known to be exploited and with existing Proof of Concept exploit code. As of this writing there is no software update addressing the vulnerability but a few “Recommended Actions” are detailed on Microsoft’s dedicated page for the vulnerability.
Microsoft’s August Patch Tuesday addresses 90 vulnerabilities, 7 criticals, 8 zero days all of which have available exploit code (2 Proof of Concepts, 6 Functional).
Zero Days (all have exploit code):
- CVE-2024-37968 – Windows DNS Spoofing Vulnerability
- CVE-2024-38202 – Windows Update Stack Elevation of Privilege Vulnerability
- CVE-2024-38106 – Windows Kernel Elevation of Privilege Vulnerability
- CVE-2024-38107 – Windows Power Dependency Coordinator Elevation of Privilege Vulnerability
- CVE-2024-38178 – Scripting Engine Memory Corruption Vulnerability
- CVE-2024-38189 – Microsoft Project Remote Code Execution Vulnerability
- CVE-2024-38193 – Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
- CVE-2024-38213 – Windows Mark of the Web Security Feature Bypass Vulnerability
Follow the conversation on LinkedIn!
Check out all of the details surrounding Microsoft’s August updates Sources on their Release Notes page