Third Party Patching

August 2024 Third-Party Patches

Topics: Third Party Patching

In August 2024, Application Workspace (formerly Liquit) Setup Store addressed 124 vulnerabilities through released updates, enhancing security across 65 different applications. This number includes multiple major versions for certain applications. For example, there were 6 updated versions for Microsoft Visual Studio, both Enterprise and Pro versions, for 2017, 2019, and 2022. There were 90 total updates and new version numbers for the applications, which means that multiple applications were updated more than once during the last month.

Notable Vulnerabilities in August 2024 Third-Party Patches

One vulnerability rose above others last month. CVE-2024-7971 is a type of confusion vulnerability in the V8 JavaScript and WebAssembly engine, impacting versions of Chromium prior to 128.0.6613.84. Exploiting this vulnerability could allow threat actors to gain remote code execution (RCE) in the sandboxed Chromium renderer process. Virtually all Chromium-based browsers are affected by this zero-day vulnerability. More information about this vulnerability can be found in Microsoft Threat Intelligence

CVE-2024-7965 zero-day vulnerability is due to an inappropriate implementation in V8, the JavaScript engine used in Google Chrome and other Chromium based browsers. A remote attacker could potentially exploit heap corruption by tricking a user into visiting a malicious website. If successfully exploited, this vulnerability could allow an attacker to bypass security restrictions and potentially execute arbitrary code on the victim’s system. More information can be found in the National Vulnerability Database

CVE-2024-38189 is a zero-day vulnerability for Microsoft Office Project. Exploitation requires the victim to open a malicious Microsoft Office Project file on a system where the Block macros from running in Office files from the Internet policy is disabled and VBA Macro Notification Settings are not enabled allowing an attacker to perform remote code execution. More information can be found in MSRC

Detailed Analysis of Critical Vulnerabilities 

Update 7.55.03 for Datadog Agent fixes a critical vulnerability CVE-2024-41110. A security vulnerability was detected in certain versions of Docker Engine, which could allow an attacker to bypass authorization plugins (AuthZ) under specific circumstances. The base likelihood of this being exploited is low. More information can be found in NVD. This vulnerability was also introduced in last month’s blog post

Another critical vulnerability CVE-2024-37051 affects multiple products by JetBrains. The vulnerability is now patched in the following products: 

  • CLion 
  • DataSpell 
  • GoLand 2024.2 
  • IntelliJ IDEA Community 
  • IntelliJ IDEA Ultimate 
  • PhpStorm 
  • PyCharm Community 
  • PyCharm Professional 
  • RubyMine 2024 
  • TeamCity 

More detailed information can be found in the security advisory by JetBrains

August 2024 Third-Party Patches

Browser Security Updates in August 2024 

August 2024 was no different when it comes to browser vulnerabilities. Microsoft Edge was updated five times patching 55 vulnerabilities in total. Brave Browser received updates four times, and these updates patched 41 vulnerabilities. Google Chrome released three versions patching 30 vulnerabilities. Vivaldi was updated twice and patched two vulnerabilities. Both Firefox and Firefox ESR were only updated once fixing 13 and 9 vulnerabilities. Opera One released only one update patching two vulnerabilities. 

Here is a brief comparison of how quickly the two zero-day vulnerabilities were patched in the browsers. CVE-2024-7971 and CVE-2024-7965 were published in 2024-08-21. Google Chrome was the only browser that was patched that very same day when the vulnerability was made public. Most browsers received the remediating update within 3 days of the disclosure. The only exception was Opera One which was patched for CVE-2024-7965 12 days after the disclosure. 

BrowserVersionRelease DateVulnerabilities
Brave Browser 1.69.153 2024-08-22  CVE-2024-7971 & CVE-2024-7965 
Chrome for Business 128.0.6613.85 2024-08-21  CVE-2024-7971 & CVE-2024-7965 
Microsoft Edge Beta (x64) 128.0.2739.42  2024-08-22   CVE-2024-7971 & CVE-2024-7965 
Opera One 113.0.5230.32  2024-08-23   CVE-2024-7971  
Opera One 113.0.5230.55 2024-09-02 CVE-2024-7965 
Vivaldi 6.8.3381.55  2024-08-21   CVE-2024-7971  
Vivaldi 6.8.3381.57  2024-08-24  CVE-2024-7965 

Microsoft Product Updates Included in August 2024 Third-Party Patches

In addition to Edge, Microsoft released updates for the following product families. 

  • Microsoft .NET Runtime 8.0 
  • Microsoft .NET SDK 8.0 
  • Microsoft 365 Apps 
  • Microsoft ASP.NET Core Runtime 8.0 
  • Microsoft ASP.NET Core Runtime Hosting Bundle 8.0 
  • Microsoft Azure CLI 
  • Microsoft Remote Desktop 
  • Microsoft Visual Studio 2017 Enterprise 
  • Microsoft Visual Studio 2017 Professional 
  • Microsoft Visual Studio 2019 Enterprise 
  • Microsoft Visual Studio 2019 Professional 
  • Microsoft Visual Studio 2022 Enterprise 
  • Microsoft Visual Studio 2022 Professional 
  • Microsoft Visual Studio Feedback Client 2017 
  • Microsoft Visual Studio Team Explorer 2017 
  • Microsoft Windows Desktop Runtime 8.0 

Detailed List of August 2024 Third-Party Patches

For complete list of applications, versions, and remediated vulnerabilities see the following list generated by using Setup Store data.  

Product Version Vulnerabilities 
Adobe Acrobat DC 24.002.21005 12 
Adobe Acrobat DC Pro and Standard 2020 Classic Track 20.005.30655 12 
Adobe Acrobat Reader 2020 MUI – Classic Track 20.005.30655 12 
Adobe Acrobat Reader DC 24.002.21005 12 
Brave Browser 1.68.134 
Brave Browser 1.68.137 
Brave Browser 1.69.153 20 
Brave Browser 1.69.160 
Chef Workstation for Windows 24.8.1068 
Datadog Agent 7.55.03 
Datadog Agent 7.56.00 
Dell Power Manager Service 3.16.00 
EnterpriseDB Corporation PostgreSQL 12 12.20.01 
EnterpriseDB Corporation PostgreSQL 13 13.16.01 
EnterpriseDB Corporation PostgreSQL 14 14.13.01 
EnterpriseDB Corporation PostgreSQL 15 15.08.01 
EnterpriseDB Corporation PostgreSQL 16 16.04.01 
Foxit PDF Editor 13 13.1.3.22478 
Foxit PDF Editor 2024 2024.2.3.25184 
Foxit PDF Editor Pro 13 13.1.3.22478 
Foxit PDF Reader 2024.2.3.25184 
Google Chrome for Business 127.0.6533.100 
Google Chrome for Business 128.0.6613.114 
Google Chrome for Business 128.0.6613.85 20 
CLion 2024.02.00 
DataSpell 2024.02.00 
GoLand 2024.2 2024.02.00 
IntelliJ IDEA Community 2024.02.00 
IntelliJ IDEA Ultimate 2024.02.00 
PhpStorm 2024.02.00 
PyCharm Community 2024.02.00 
PyCharm Professional 2024.02.00 
RubyMine 2024 2024.02.00 
TeamCity 2024.07.01 
MariaDB Server 10.11 10.11.09 
Microsoft .NET Runtime 8.0 8.0.8.33916 
Microsoft .NET Runtime 8.0 8.00.08 
Microsoft .NET SDK 8.0 8.4.124.41202 
Microsoft .NET SDK 8.0 8.4.24.37502 
Microsoft 365 Apps 16.88.24081116 
Microsoft 365 Apps 2407 (Build 16.0.17830.20166) 
Microsoft 365 Apps 2406 (Build 16.0.17726.20206) 
Microsoft 365 Apps 2402 (Build 16.0.17328.20550) 
Microsoft ASP.NET Core Runtime 8.0 8.0.8.24369 
Microsoft ASP.NET Core Runtime Hosting Bundle 8.0 8.0.8.24369 
Microsoft Azure CLI 0,127083333 
Microsoft Edge for Business 127.0.2651.105 
Microsoft Edge for Business 127.0.2651.86 
Microsoft Edge for Business 127.0.2651.98 
Microsoft Edge for Business 128.0.2739.42 42 
Microsoft Edge for Business 128.0.2739.54 
Microsoft Edge Webview2 Runtime 127.0.2651.86 
Microsoft Remote Desktop 1.2.5620.0 
Microsoft Visual Studio 2017 Enterprise 15.9.35201.75 
Microsoft Visual Studio 2017 Professional 15.9.35201.75 
Microsoft Visual Studio 2019 Enterprise 16.11.35130.168 
Microsoft Visual Studio 2019 Professional 16.11.35130.168 
Microsoft Visual Studio 2022 Enterprise 17.10.35201.131 
Microsoft Visual Studio 2022 Enterprise 17.6.35201.154 
Microsoft Visual Studio 2022 Enterprise 17.8.35201.163 
Microsoft Visual Studio 2022 Professional 17.10.35201.131 
Microsoft Visual Studio 2022 Professional 17.6.35201.154 
Microsoft Visual Studio 2022 Professional 17.8.35201.163 
Microsoft Visual Studio Feedback Client 2017 15.9.35201.75 
Microsoft Visual Studio Team Explorer 2017 15.9.35201.75 
Microsoft Windows Desktop Runtime 8.0 8.0.8.33916 
Pale Moon 33.03.00 
Mozilla Firefox 129.00.00 13 
Mozilla Firefox ESR 128 128.01.00 
Mozilla Thunderbird 115.14.00 
Mozilla Thunderbird ESR 128 128.01.00 10 
Electron 29.04.06 10 
Electron 30.04.00 10 
Electron 31.04.00 
Opera One 113.0.5230.32 
Vivaldi 6.8.3381.55 
Vivaldi 6.8.3381.57 
Waterfox G6.0.18 
Wireshark 4.0 4.00.17 
Zoom Rooms 6.01.05 

Conclusion: August 2024 Third-Party Patches

Maintaining the security and performance of your IT environment hinges on timely third-party patching. The August 2024 updates addressed significant vulnerabilities across various applications, underscoring the importance of staying vigilant. By prioritizing these patches, you help safeguard your systems against potential exploits and ensure continued operational stability.

To deepen your understanding of third-party patching and its impact on your security posture, explore our eBook Reduce Your Attack Footprint. Additionally, don’t miss our analysis of the September 2024 Microsoft Patch Tuesday here.

Back to Top