Heads up, Microsoft customers! It’s time to replace your units with the newest safety updates, as Microsoft rolled out its Patch Tuesday replace bundle for July 2024. This month’s replace is big, because it addressed 142 vulnerabilities throughout totally different merchandise. Furthermore, it additionally fastened some zero-day flaws, highlighting the importance of immediate system updates.
4 Zero-Day Flaws Fastened With Microsoft Patch Tuesday July 2024
Essentially the most important safety fixes with this month’s updates tackle 4 zero-day vulnerabilities. These embrace,
- CVE-2024-35264 (CVSS 8.1): An vital severity distant code execution flaw affecting .NET and Visible Studio. Whereas this vulnerability escaped lively exploitation, it turned publicly recognized earlier than the patch arrived. An attacker may exploit the flaw by successful a race situation, leading to RCE.
- CVE-2024-38080 (CVSS 7.8): That is one other vital vulnerability of excessive severity publicly disclosed earlier than the patch. Microsoft described it as a privilege escalation vulnerability with Home windows Hyper-V, permitting the adversary to realize SYSTEM privileges.
- CVE-2024-38112 (CVSS 7.5): An vital severity spoofing vulnerability affecting Home windows MSHTML Platform. Microsoft confirmed detecting lively exploitation of the flaw sans public disclosure and earlier than a safety patch. Exploiting the flaw requires an attacker to ship a maliciously crafted file to the sufferer.
- CVE-2024-37985 (CVSS 5.9): Recognized as “FetchBench” side-channel assault, this vulnerability sometimes impacts ARM chips, permitting an adversary to steal information. Whereas this flaw doesn’t have an effect on any Microsoft part, the agency nonetheless launched its safety repair with this replace to make sure patching any weak ARM-based methods with its customers.
Different Vital Patch Tuesday Fixes
Alongside these 4 zero-day flaws, Microsoft addressed 5 vital severity distant code execution vulnerabilities impacting Microsoft SharePoint Server (CVE-2024-38023; CVSS 7.2), Home windows Imaging Part (CVE-2024-38060; CVSS 8.8), and Home windows Distant Desktop Licensing Service (CVE-2024-38074, CVE-2024-38076, CVE-2024-38077; CVSS 9.8).
Apart from, the replace bundle addressed 129 moderate-severity safety vulnerabilities and a single low-severity difficulty affecting Microsoft Outlook (CVE-2024-38020). The vital severity vulnerabilities may embrace 17 denial of service vulnerabilities, 23 privilege escalation points, 8 data disclosure vulnerabilities, 53 distant code execution flaws, 24 safety function bypass points, and 4 spoofing vulnerabilities.
As all the time, this Patch Tuesday replace is essential for all Microsoft customers, requiring their consideration to patch their methods instantly.
Tell us your ideas within the feedback.
