Weekly CVE Advisory

Weekly CVE Advisory

Report for August 16, 2024

ยท

4 min read

As we navigate through the evolving landscape of cybersecurity threats, this week's advisory highlights four critical CVE and a notable research finding from recent security updates. This information aims to help organizations prioritize their patching efforts and enhance their overall security posture.

CVE-2024-38199: Windows Line Printer Daemon Remote Code Execution Vulnerability

  • Description: This vulnerability affects the Windows Line Printer Daemon (LPD) service, allowing remote code execution (RCE) through specially crafted print tasks. Attackers can exploit this vulnerability over the network, potentially gaining unauthorized access to affected systems.

  • Category: Use After Free

  • Published Date: August 13, 2024

  • Severity Level: Critical

  • Industries: IT Services, Education, Government

  • Recommendation: When freeing pointers, be sure to set them to NULL once they are freed. However, the utilization of multiple or complex data structures may lower the usefulness of this strategy.

  • Remediation:

CVE-2024-38189: Microsoft Project Remote Code Execution Vulnerability

  • Description: Found in Microsoft Project, this RCE vulnerability can be exploited if a victim opens a malicious file or clicks a link. It is particularly concerning as it has been actively exploited in the wild, emphasizing the need for users to be cautious with macro settings.

  • Category: Improper Input Validation

  • Published Date: August 13, 2024

  • Severity Level: Critical

  • Industries: Software Development, Business Services

  • Recommendation :

    • Assume all input is malicious. Use an "accept known good" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.

    • When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, "boat" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as "red" or "blue."

    • Do not rely exclusively on looking for malicious or malformed inputs. This is likely to miss at least one undesirable input, especially if the code's environment changes. This can give attackers enough room to bypass the intended validation. However, deny lists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright.

  • Remediation:

CVE-2024-38063: Windows TCP/IP Remote Code Execution Vulnerability

  • Description: A critical RCE vulnerability in Windows TCP/IP, this flaw allows attackers to execute arbitrary code remotely. Microsoft recommends disabling IPv6 as a mitigation step, as the vulnerability specifically affects IPv6 packets.

  • Category: Integer Underflow (Wrap or Wraparound)

  • Published Date: August 13, 2024

  • Severity Level: Critical

  • Industries: Telecommunications, Finance

  • Recommendation:

    • Validate user input to ensure that it falls within the expected range for the target data type. Reject or sanitize input that could lead to an underflow condition

    • Ensure that numeric values fall within expected limits.

  • Remediation:

CVE-2024-38140: Windows Reliable Multicast Transport Driver Vulnerability

  • Description: This vulnerability impacts the Windows Reliable Multicast Transport Driver (RMCAST). Successful exploitation requires an active program listening on a Pragmatic General Multicast (PGM) port, but if exploited, it could lead to significant security breaches.

  • Category: Use After Free

  • Published Date: August 13, 2024

  • Severity Level: Critical

  • Industries: Media, Broadcasting, IT Services

  • Recommendation:

    • Monitor and control network traffic to prevent unauthorized access to PGM ports.
  • Remediation:

    • This vulnerability is only exploitable only if there is a program listening on a Pragmatic General Multicast (PGM) port. If PGM is installed or enabled but no programs are actively listening as a receiver, then this vulnerability is not exploitable.

    • PGM does not authenticate requests so it is recommended to protect access to any open ports at the network level

    • Follow this link for remediation

ย