Hey there, Microsoft users! It’s that time again to update your devices with the latest security fixes. Microsoft has just released its Patch Tuesday update bundle for July 2024, and this one is a biggie. With a total of 142 vulnerabilities addressed across various products, including some zero-day flaws, it’s crucial to ensure your devices are up to date.
Four Zero-Day Flaws Fixed With Microsoft Patch Tuesday July 2024
This month’s update focuses on fixing four zero-day vulnerabilities:
- CVE-2024-35264 (CVSS 8.1): A critical remote code execution flaw affecting .NET and Visual Studio. Though not actively exploited, the vulnerability was publicly known prior to the patch. Attackers could exploit it to achieve RCE by winning a race condition.
- CVE-2024-38080 (CVSS 7.8): Another important vulnerability of high severity, disclosed publicly before the patch. It’s a privilege escalation flaw within Windows Hyper-V, allowing attackers to gain SYSTEM privileges.
- CVE-2024-38112 (CVSS 7.5): A significant spoofing vulnerability affecting Windows MSHTML Platform, actively exploited prior to public disclosure. Exploiting this flaw involves sending a malicious file to the victim.
- CVE-2024-37985 (CVSS 5.9): Known as “FetchBench” side-channel attack, this vulnerability impacts ARM chips, enabling data theft. While not directly related to Microsoft, the company included a fix for ARM-based systems in this update.
Other Important Patch Tuesday Fixes
In addition to the zero-day flaws, Microsoft addressed 5 critical remote code execution vulnerabilities affecting Microsoft SharePoint Server (CVE-2024-38023; CVSS 7.2), Windows Imaging Component (CVE-2024-38060; CVSS 8.8), and Windows Remote Desktop Licensing Service (CVE-2024-38074, CVE-2024-38076, CVE-2024-38077; CVSS 9.8).
The update bundle also tackled 129 moderate-severity vulnerabilities and one low-severity issue in Microsoft Outlook (CVE-2024-38020). These vulnerabilities include denial of service, privilege escalation, information disclosure, remote code execution, security feature bypass, and spoofing issues.
Remember, staying updated with this Patch Tuesday release is essential for all Microsoft users. Make sure to patch your systems promptly.
We’d love to hear your thoughts in the comments below!