Microsoft has released its July 2024 Patch Tuesday security updates, addressing a total of 143 vulnerabilities. This includes fixes for two vulnerabilities that are currently being actively exploited in the wild. The breakdown of the vulnerabilities includes five rated as Critical, 136 as Important, and four as Moderate. Additionally, 33 vulnerabilities were addressed in the Chromium-based Edge browser over the past month. 

For full details on the updates, refer to Microsoft’s advisory here.

July 2024 Microsoft Security Updates Technical Overview

Actively Exploited Vulnerabilities:

CVE-2024-38080 – Windows Hyper-V Elevation of Privilege Vulnerability (CVSS score: 7.8)

This vulnerability allows a local, authenticated attacker to elevate privileges to SYSTEM level. It marks the first known exploitation of a Hyper-V flaw since 2022.
Exploitation requires an initial system compromise.
CVE-2024-38112 – Windows MSHTML Platform Spoofing Vulnerability (CVSS score: 7.5)

Exploitation involves sending a victim a malicious file that, when executed, redirects them to a malicious URL via Internet Explorer. This vulnerability leverages specially-crafted Windows Internet Shortcut files (.URL).

Publicly Disclosed Vulnerabilities:

CVE-2024-35264 – .NET and Visual Studio Remote Code Execution Vulnerability (CVSS score: 8.1)

An attacker can exploit this vulnerability by closing an HTTP/3 stream during request body processing, leading to a race condition and remote code execution.
CVE-2024-37985 – FetchBench Side-Channel Attack (CVSS score: 5.9)

This vulnerability allows an adversary to view heap memory from a privileged process running on Arm-based systems.

Other Notable Vulnerabilities:

CVE-2024-38021 – Microsoft Office Remote Code Execution Vulnerability (CVSS score: 8.8)

Exploited without requiring user interaction, allowing attackers to gain high privileges including read, write, and delete functionalities.
SQL Server Native Client OLE DB Provider Vulnerabilities

37 remote code execution flaws affecting SQL Server instances and client code running vulnerable versions of the connection driver.
CVE-2024-3596 – RADIUS Protocol Spoofing Vulnerability (BlastRADIUS)

A spoofing vulnerability impacting the RADIUS protocol.

What We Suggest for July 2024 Microsoft Security Updates

  • Apply Updates Promptly:
    • Ensure all systems are updated with the latest patches provided in this month’s update, prioritizing the critical and actively exploited vulnerabilities.
  • Review and Update SQL Server Instances:
    • Address vulnerabilities affecting SQL Server Native Client OLE DB provider by updating both the server instances and any client code using the vulnerable connection driver.
  • Monitor for Exploitation Attempts:
    • Implement monitoring to detect potential exploitation attempts related to the disclosed vulnerabilities, especially those actively exploited and publicly disclosed.
  • Evaluate Network and System Configurations:
    • Reassess security configurations to minimize the risk of exploitation, particularly for vulnerabilities requiring specific conditions for exploitation.
  • Educate and Train Employees:
    • Conduct training sessions to raise awareness about phishing and other social engineering tactics used to exploit vulnerabilities like CVE-2024-38112.
  • Implement Defense-in-Depth Strategies:
    • Utilize a multi-layered security approach to reduce the risk of successful exploitation and to quickly identify and mitigate attacks.

DIFEND WITH CONFIDENCE

Know The Threats That Matter Right Now—Get Advisories Direct to Your Inbox