Beware, Microsoft users! It’s time to update your devices with the latest security updates, as Microsoft has rolled out its Patch Tuesday update bundle for July 2024. This month’s update is huge, as it addresses 142 vulnerabilities in various products. Additionally, it also addressed some zero-day vulnerabilities, highlighting the importance of prompt device updates.

Four zero-day flaws were fixed with the Microsoft patch on Tuesday, July 2024.

The most important security fixes with this month’s updates address four zero-day vulnerabilities. These include,

  • CVE-2024-35264 (CVSS 8.1): A critical severity remote code execution vulnerability affecting .NET and Visual Studio. Although the vulnerability escaped active exploitation, it became publicly known before a patch was released. An attacker can exploit this flaw by winning a race condition, resulting in an RCE.
  • CVE-2024-38080 (CVSS 7.8): This is another significant risk of high intensity appearing publicly before the patch. Microsoft describes this as an elevation of privilege vulnerability with Windows Hyper-V, which allows an adversary to gain SYSTEM privileges.
  • CVE-2024-38112 (CVSS 7.5): A critical severity spoofing vulnerability affecting the Windows MSHTML platform. Microsoft confirmed detection of an active exploit of the flaw without public disclosure and before the security patch. Exploiting this flaw requires an attacker to send a maliciously crafted file to the victim.
  • CVE-2024-37985 (CVSS 5.9): Identity asFetchBenchA side-channel attack, a vulnerability that typically affects ARM chips, allows an adversary to steal data. While the flaw does not affect any Microsoft components, the firm has released its own security fix with this update to ensure its customers patch any vulnerable ARM-based systems.

Other important Patch Tuesday fixes

In addition to these four zero-day vulnerabilities, Microsoft released Microsoft SharePoint Server (CVE-2024-38023; CVSS 7.2), Windows Imaging Component (CVE-2024-38060; CVSS 8.8), and Windows Remote Desktop Licensing Service (CVE-2024-38074, CVE-2024-38076, CVE-2024-38077; CVSS 9.8).

In addition, the update bundle addresses 129 moderate security vulnerabilities and one low-severity issue affecting Microsoft Outlook.CVE-2024-38020). Vulnerabilities of critical severity include 17 denial of service vulnerabilities, 23 privilege escalation issues, 8 information disclosure vulnerabilities, 53 remote code execution vulnerabilities, 24 security feature bypass issues, and 4 spoofing vulnerabilities.

As always, this Patch Tuesday The update is important for all Microsoft users.They require attention to patch their systems immediately.

Let us know your thoughts in the comments.

Source link