In the July 2024 Patch Tuesday, Microsoft has released security updates addressing 142 vulnerabilities, including two actively exploited and two publicly disclosed zero-day flaws. Among these, five are critical remote code execution vulnerabilities.
Breakdown of Vulnerability Categories:
• 26 Elevation of Privilege Vulnerabilities
• 24 Security Feature Bypass Vulnerabilities
• 59 Remote Code Execution Vulnerabilities
• 9 Information Disclosure Vulnerabilities
• 17 Denial of Service Vulnerabilities
• 7 Spoofing Vulnerabilities
Highlighted Zero-Day Vulnerabilities
Actively Exploited Zero-Days:
1. CVE-2024-38080 - Windows Hyper-V Elevation of Privilege Vulnerability
This vulnerability allows attackers to gain SYSTEM privileges. Details on the exploit method or discovery have not been shared by Microsoft.
2. CVE-2024-38112 - Windows MSHTML Platform Spoofing Vulnerability
Exploitation requires an attacker to send and trick a victim into executing a malicious file. Specific exploitation methods remain undisclosed.
Publicly Disclosed Zero-Days:
1. CVE-2024-35264 - .NET and Visual Studio Remote Code Execution Vulnerability
Exploited via a race condition during the processing of an http/3 stream. The vulnerability was internally discovered by Microsoft’s Radek Zikmund.
2. CVE-2024-37985 - Systematic Identification and Characterisation of Proprietary Prefetchers (FetchBench)
A side-channel attack enabling an attacker to view heap memory from a privileged process. Specific steps for exploitation require environmental preparation.
Updates from Other Vendors
July 2024 also saw significant security updates and advisories from other vendors:
• Adobe: Updates for Premiere Pro, InDesign, and Bridge.
• Cisco: Disclosure of an NX-OS Software CLI command Injection vulnerability.
• Citrix: Fixes for Windows Virtual Delivery Agent and Citrix Workspace app.
• GhostScript: RCE flaw fixed in May 2024 is now actively exploited.
• Fortinet: Multiple vulnerabilities addressed in FortiOS and other products.
• Mozilla: Firefox 128 with fixes for multiple vulnerabilities.
• OpenSSH: Fixes for a regreSSHion RCE vulnerability and another similar issue tracked as CVE-2024-6409.
• VMware: Fixes an HTML injection vulnerability in Cloud Director.
For a detailed list of all resolved vulnerabilities in the July 2024 Patch Tuesday updates and affected systems, view the full report here.
