Attention, Microsoft users! It’s time to update your devices with the latest security updates as Microsoft has rolled out its Patch Tuesday update bundle for July 2024. This month’s update is huge as it fixes 142 vulnerabilities across various products. Additionally, some zero-day errors have also been fixed, highlighting the importance of fast device updates.
Four Zero-Day bugs fixed with Microsoft patch Tuesday July 2024
Key security fixes in this month’s updates address four zero-day vulnerabilities. These include,
- CVE-2024-35264 (CVSS 8.1): A major remote code execution bug that affects .NET and Visual Studio. Although this vulnerability escaped active exploitation, it became publicly known before the patch arrived. An attacker could exploit the flaw by winning a race condition, resulting in RCE.
- CVE-2024-38080 (CVSS 7.8): This is another major high severity vulnerability that was publicly disclosed before the patch. Microsoft described it as a privilege escalation vulnerability with Windows Hyper-V, allowing the adversary to gain SYSTEM privileges.
- CVE-2024-38112 (CVSS 7.5): A major spoofing vulnerability affecting the Windows MSHTML platform. Microsoft confirmed that it has detected active exploitation of the flaw without public disclosure and before a security patch. To exploit the flaw, an attacker must send a maliciously crafted file to the victim.
- CVE-2024-37985 (CVSS 5.9): Identified as “CollectBenchIn a side-channel attack, this vulnerability typically affects ARM chips, allowing an adversary to steal data. Although this flaw does not affect any Microsoft components, the company has still released a security fix with this update to ensure that all vulnerable ARM-based systems with its users can be patched.
Other major Patch Tuesday fixes
In addition to these four zero-day flaws, Microsoft has addressed five critical remote code execution vulnerabilities that affect Microsoft SharePoint Server (CVE-2024-38023; CVSS 7.2), Windows Imaging Component (CVE-2024-38060; CVSS 8.8) and Windows Remote Desktop Licensing Service (CVE-2024-38074, CVE-2024-38076, CVE-2024-38077; CVSS 9.8).
Additionally, the update bundle resolved 129 medium-severity vulnerabilities and a single low-severity issue affecting Microsoft Outlook (CVE-2024-38020). Major vulnerabilities in severity may include: 17 denial-of-service vulnerabilities, 23 privilege escalation issues, 8 information disclosure vulnerabilities, 53 remote code execution flaws, 24 security feature bypass issues, and 4 spoofing vulnerabilities.
As always, this Patch Tuesday update is critical for all Microsoft users as it requires their attention to patch their systems immediately.
Let us know your thoughts in the comments.
