Microsoft releases critical July 2024 Patch Tuesday updates, addressing 142 vulnerabilities

Microsoft has rolled out its July 2024 Patch Tuesday updates, addressing a substantial 142 security vulnerabilities across its product lineup. This month’s update is particularly significant, with fixes for four zero-day vulnerabilities, including two that are actively being exploited in the wild.

Critical vulnerabilities and zero-days

Of the 142 flaws patched, five are classified as critical, all related to remote code execution vulnerabilities. The update also addresses 59 remote code execution vulnerabilities overall, highlighting the potential severity of these security issues.

Four actively exploited zero-day vulnerabilities have been fixed in this update:

1. CVE-2024-38080: A Windows Hyper-V elevation of privilege vulnerability.
2. CVE-2024-38112: A Windows MSHTML Platform spoofing vulnerability.
3. CVE-2024-35264: A .NET and Visual Studio remote code execution vulnerability.
4. CVE-2024-37985: A systematic identification and characterization of proprietary prefetchers security vulnerability.

The Hyper-V vulnerability (CVE-2024-38080) is particularly concerning as it could allow an attacker to gain SYSTEM privileges. Microsoft has not provided detailed information about how this vulnerability is being exploited, but its active exploitation status underscores its severity.

The MSHTML Platform spoofing vulnerability (CVE-2024-38112) requires the attacker to send a malicious file to the victim, which must then be executed. This vulnerability was disclosed by Haifei Li of Check Point Research.

Breakdown of vulnerabilities

The July 2024 Patch Tuesday update addresses vulnerabilities across various categories:

• 26 Elevation of Privilege vulnerabilities
• 24 Security Feature Bypass vulnerabilities
• 59 Remote Code Execution vulnerabilities
• 9 Information Disclosure vulnerabilities
• 17 Denial of Service vulnerabilities
• 7 Spoofing vulnerabilities

Affected Microsoft products

The security updates cover a wide range of Microsoft products, including:

• Windows
• Office
• Exchange Server
• .NET and Visual Studio
• Microsoft Message Queuing (MSMQ)
• Windows Hyper-V

Importance of timely updates

IT administrators are strongly advised to apply these updates promptly to protect systems from potential attacks. The presence of actively exploited zero-day vulnerabilities makes this month’s update particularly crucial for maintaining system security.

Additional updates

In addition to the security patches, Microsoft has also released non-security updates for Windows 11 and Windows 10. These updates introduce new features such as Game Pass recommendations, improvements in File Explorer, and support for Emoji 15.1.

The July 2024 Patch Tuesday underscores the ongoing importance of regular security updates in the face of evolving cyber threats. With 142 vulnerabilities addressed, including critical and actively exploited flaws, it’s crucial for users and administrators to apply these updates as soon as possible to maintain the security of their systems and networks.