This month, Microsoft rolled out its July 2024 Patch Tuesday updates, addressing a significant total of 142 security vulnerabilities. Notably, these updates include fixes for four zero-day vulnerabilities, two of which were actively exploited and two publicly disclosed prior to the release.
Among the addressed issues, five critical vulnerabilities were patched, all of which pertain to remote code execution flaws. The breakdown of the vulnerabilities fixed is as follows:
• 26 Elevation of Privilege Vulnerabilities
• 24 Security Feature Bypass Vulnerabilities
• 59 Remote Code Execution Vulnerabilities
• 9 Information Disclosure Vulnerabilities
• 17 Denial of Service Vulnerabilities
• 7 Spoofing Vulnerabilities
This month’s updates address two actively exploited zero-day vulnerabilities:
• CVE-2024-38080 - Windows Hyper-V Elevation of Privilege Vulnerability: This flaw allows attackers to gain SYSTEM privileges through a vulnerability in Hyper-V. While Microsoft confirmed its active exploitation, further details have not been disclosed.
• CVE-2024-38112 - Windows MSHTML Platform Spoofing Vulnerability: This vulnerability involves a spoofing issue in the Windows MSHTML platform. Exploitation requires the attacker to send a malicious file that the victim must execute. The flaw was disclosed by Haifei Li from Check Point Research.
Additionally, two other zero-day vulnerabilities, which were publicly disclosed, have been addressed:
• CVE-2024-35264 - .NET and Visual Studio Remote Code Execution Vulnerability: This flaw, discovered internally by Radek Zikmund of Microsoft Corporation, could lead to remote code execution through a race condition in handling HTTP/3 streams.
• CVE-2024-37985 - Arm "FetchBench" Side-Channel Attack: This vulnerability allows attackers to view heap memory from a privileged process on the server, potentially stealing sensitive information. Successful exploitation requires preparatory actions to set up the target environment.
In July 2024, several other major vendors also released security updates:
• Adobe: Security updates for Premiere Pro, InDesign, and Bridge.
• Cisco: Disclosure of an NX-OS Software CLI command injection vulnerability that has been exploited in attacks.
• Citrix: Fixes for flaws in Windows Virtual Delivery Agent and the Citrix Workspace app.
• GhostScript: A Remote Code Execution flaw fixed in May 2024 is now being exploited in attacks.
• Fortinet: Multiple vulnerabilities in FortiOS and other products addressed.
• Mozilla: Firefox 128 includes multiple security fixes.
• OpenSSH: A new "regreSSHion" RCE vulnerability fixed, with another similar vulnerability (CVE-2024-6409) disclosed.
• VMware: Fixes for an HTML injection vulnerability in Cloud Director.
For a full list and detailed descriptions of all the vulnerabilities addressed in the July 2024 Patch Tuesday updates, please visit the full report here.
Stay informed and ensure your systems are updated to protect against these critical vulnerabilities.