Attention all Microsoft users! It’s time to update your devices with the latest security updates from Microsoft’s Patch Tuesday release for July 2024. This month’s update is extensive, addressing 142 vulnerabilities across various products. Additionally, it includes fixes for zero-day flaws, emphasizing the importance of timely device updates.
Microsoft Patch Tuesday July 2024: Four Zero-Day Flaws Resolved
The highlight of this month’s updates is the resolution of four zero-day vulnerabilities:
- CVE-2024-35264 (CVSS 8.1): An important remote code execution flaw affecting .NET and Visual Studio. Although not actively exploited, it was publicly known prior to the patch release. Exploiting this flaw could result in remote code execution through a race condition.
- CVE-2024-38080 (CVSS 7.8): Another high-severity vulnerability involving privilege escalation in Windows Hyper-V. This flaw was publicly disclosed before the patch, enabling attackers to gain SYSTEM privileges.
- CVE-2024-38112 (CVSS 7.5): A spoofing vulnerability affecting Windows MSHTML Platform that was actively exploited before public disclosure. Attackers could exploit this flaw by sending a malicious file to the victim.
- CVE-2024-37985 (CVSS 5.9): Known as “FetchBench” side-channel attack, this vulnerability impacts ARM chips, allowing data theft. Despite not directly affecting Microsoft components, a security fix was included in this update to protect vulnerable ARM-based systems.
Additional Fixes in Patch Tuesday Update
Aside from the zero-day flaws, Microsoft addressed 5 critical remote code execution vulnerabilities in Microsoft SharePoint Server (CVE-2024-38023; CVSS 7.2), Windows Imaging Component (CVE-2024-38060; CVSS 8.8), and Windows Remote Desktop Licensing Service (CVE-2024-38074, CVE-2024-38076, CVE-2024-38077; CVSS 9.8).
The update bundle also addressed 129 moderate-severity security vulnerabilities and a low-severity issue in Microsoft Outlook (CVE-2024-38020). These vulnerabilities include denial of service, privilege escalation, information disclosure, remote code execution, security feature bypass, and spoofing issues.
Microsoft users are urged to prioritize this Patch Tuesday update to secure their systems promptly.
We welcome your thoughts in the comments section.