Heads up, Microsoft users! It’s time to update your devices with the latest security updates, as Microsoft rolled out its Patch Tuesday update bundle for July 2024. This month’s update is huge, as it addressed 142 vulnerabilities across different products. Moreover, it also fixed some zero-day flaws, highlighting the significance of prompt device updates.
Four Zero-Day Flaws Fixed With Microsoft Patch Tuesday July 2024
The most significant security fixes with this month’s updates address four zero-day vulnerabilities. These include,
- CVE-2024-35264 (CVSS 8.1): An important severity remote code execution flaw affecting .NET and Visual Studio. While this vulnerability escaped active exploitation, it became publicly known before the patch arrived. An attacker could exploit the flaw by winning a race condition, resulting in RCE.
- CVE-2024-38080 (CVSS 7.8): This is another important vulnerability of high severity publicly disclosed before the patch. Microsoft described it as a privilege escalation vulnerability with Windows Hyper-V, allowing the adversary to gain SYSTEM privileges.
- CVE-2024-38112 (CVSS 7.5): An important severity spoofing vulnerability affecting Windows MSHTML Platform. Microsoft confirmed detecting active exploitation of the flaw sans public disclosure and before a security patch. Exploiting the flaw requires an attacker to send a maliciously crafted file to the victim.
- CVE-2024-37985 (CVSS 5.9): Identified as “FetchBench” side-channel attack, this vulnerability typically impacts ARM chips, allowing an adversary to steal data. While this flaw does not affect any Microsoft component, the firm still released its security fix with this update to ensure patching any vulnerable ARM-based systems with its users.
Other Important Patch Tuesday Fixes
Alongside these four zero-day flaws, Microsoft addressed 5 critical severity remote code execution vulnerabilities impacting Microsoft SharePoint Server (CVE-2024-38023; CVSS 7.2), Windows Imaging Component (CVE-2024-38060; CVSS 8.8), and Windows Remote Desktop Licensing Service (CVE-2024-38074, CVE-2024-38076, CVE-2024-38077; CVSS 9.8).
Besides, the update bundle addressed 129 moderate-severity security vulnerabilities and a single low-severity issue affecting Microsoft Outlook (CVE-2024-38020). The important severity vulnerabilities could include 17 denial of service vulnerabilities, 23 privilege escalation issues, 8 information disclosure vulnerabilities, 53 remote code execution flaws, 24 security feature bypass issues, and 4 spoofing vulnerabilities.
As always, this Patch Tuesday update is crucial for all Microsoft users, requiring their attention to patch their systems immediately.
Let us know your thoughts in the comments.