Microsoft Releases July 2024 Patches

Cybersecurity
Written By RF Wave

Microsoft has released software updates as part of its July 2024 Patch Tuesday. The updates fix 142 security vulnerabilities in total, including four zero-day vulnerabilities, two of which are being actively exploited.

The breakdown of the vulnerabilities are as follows:

  • 26 privilege escalation

  • 24 security feature bypass

  • 59 remote code execution

  • 9 information disclosure

  • 17 denial of service

  • 7 spoofing

The zero-day vulnerabilities are as follows:

  • CVE-2024-38080 - elevation of privilege in Hyper-V

  • CVE-2023-36761 - Windows MSHTML platform spoofing

  • CVE-2023-36025 - remote code execution in .NET and Visual Studio

  • CVE-2024-37985 - information disclosure in ARM-based Windows

Why You Should Care?

Zero-day vulnerabilities are vulnerabilities where a flaw has been identified but there is no fix for the flaw, which means attackers will try to exploit as many targets as possible before users fix the vulnerability. This makes it extra dangerous, and needs to be addressed as soon as possible.

In this case, two of the zero-days are already being exploited, which means it is only a matter of time before the attackers compromise your business.

What Should You Do?

  • Test the patches ASAP at your organization, and make sure it does not break any business applications

  • Prioritize patching against the two actively exploited zero-days

  • Next priority are the other two zero-days

  • Roll out the rest of the Patch Tuesday updates

References

  • https://www.bleepingcomputer.com/news/microsoft/microsoft-july-2024-patch-tuesday-fixes-142-flaws-4-zero-days/

RF Wave
Previous

Weekly Security Roundup - July 14, 2024
Next

Weekly Security Roundup - July 7, 2024