Weekly CVE Advisory
Keshav AgrawalTable of contents
As we navigate through the evolving landscape of cybersecurity threats, this week's advisory highlights four critical CVE and a notable research finding from recent security updates. This information aims to help organizations prioritize their patching efforts and enhance their overall security posture.
CVE-2024-38199: Windows Line Printer Daemon Remote Code Execution Vulnerability
Description: This vulnerability affects the Windows Line Printer Daemon (LPD) service, allowing remote code execution (RCE) through specially crafted print tasks. Attackers can exploit this vulnerability over the network, potentially gaining unauthorized access to affected systems.
Category: Use After Free
Published Date: August 13, 2024
Severity Level: Critical
Industries: IT Services, Education, Government
Recommendation: When freeing pointers, be sure to set them to NULL once they are freed. However, the utilization of multiple or complex data structures may lower the usefulness of this strategy.
Remediation:
CVE-2024-38189: Microsoft Project Remote Code Execution Vulnerability
Description: Found in Microsoft Project, this RCE vulnerability can be exploited if a victim opens a malicious file or clicks a link. It is particularly concerning as it has been actively exploited in the wild, emphasizing the need for users to be cautious with macro settings.
Category: Improper Input Validation
Published Date: August 13, 2024
Severity Level: Critical
Industries: Software Development, Business Services
Recommendation :
Assume all input is malicious. Use an "accept known good" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.
When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, "boat" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as "red" or "blue."
Do not rely exclusively on looking for malicious or malformed inputs. This is likely to miss at least one undesirable input, especially if the code's environment changes. This can give attackers enough room to bypass the intended validation. However, deny lists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright.
Remediation:
CVE-2024-38063: Windows TCP/IP Remote Code Execution Vulnerability
Description: A critical RCE vulnerability in Windows TCP/IP, this flaw allows attackers to execute arbitrary code remotely. Microsoft recommends disabling IPv6 as a mitigation step, as the vulnerability specifically affects IPv6 packets.
Category: Integer Underflow (Wrap or Wraparound)
Published Date: August 13, 2024
Severity Level: Critical
Industries: Telecommunications, Finance
Recommendation:
Validate user input to ensure that it falls within the expected range for the target data type. Reject or sanitize input that could lead to an underflow condition
Ensure that numeric values fall within expected limits.
Remediation:
Disable IPv6 if not in use and apply the latest security patches.
CVE-2024-38140: Windows Reliable Multicast Transport Driver Vulnerability
Description: This vulnerability impacts the Windows Reliable Multicast Transport Driver (RMCAST). Successful exploitation requires an active program listening on a Pragmatic General Multicast (PGM) port, but if exploited, it could lead to significant security breaches.
Category: Use After Free
Published Date: August 13, 2024
Severity Level: Critical
Industries: Media, Broadcasting, IT Services
Recommendation:
- Monitor and control network traffic to prevent unauthorized access to PGM ports.
Remediation:
This vulnerability is only exploitable only if there is a program listening on a Pragmatic General Multicast (PGM) port. If PGM is installed or enabled but no programs are actively listening as a receiver, then this vulnerability is not exploitable.
PGM does not authenticate requests so it is recommended to protect access to any open ports at the network level
Subscribe to my newsletter
Read articles from Keshav Agrawal directly inside your inbox. Subscribe to the newsletter, and don't miss out.
Written by