Microsoft July 2024 Patch Tuesday update addresses four Zero-Day exploits, five critical vulnerabilities

In its July 2024 Patch Tuesday update, Microsoft has addressed a total of 142 security vulnerabilities, including two actively exploited zero-day vulnerabilities and two publicly disclosed zero-days.

The July update has addressed the highest number of total vulnerabilities this year, including the most remote code executions (RCEs) and zero days.

Apart from the two actively exploited zero-day vulnerabilities and two publicly disclosed zero-days, the July 2024 Patch Tuesday update has also resolved five critical vulnerabilities, all of which are remote code execution (RCE) flaws. 

The July Patch Tuesday update also addresses 26 elevations of privilege vulnerabilities, 24 security feature bypass vulnerabilities, 59 remote code execution vulnerabilities, 9 information disclosure vulnerabilities, 17 denial of service vulnerabilities, and 7 spoofing vulnerabilities.

The increasing speed of vulnerability exploitation often leaves end users unprepared. Understanding the vulnerabilities patched and their severity enables organizations to find and remediate threats before they become an incident.

July 2024 Patch Tuesday: The Zero-days 

The four zero-day vulnerabilities that were patched are particularly noteworthy. 

Two of these zero-days were actively exploited: CVE-2024-38080, a Windows Hyper-V elevation of privilege vulnerability, and CVE-2024-38112, a Windows MSHTML platform spoofing vulnerability. 

The other two zero-days, which were publicly disclosed, are CVE-2024-35264, a .NET and Visual Studio remote code execution vulnerability, and CVE-2024-37985, a side-channel attack identified as "FetchBench."

The actively exploited vulnerabilities are particularly concerning, as they pose an immediate risk to systems. 

CVE-2024-38080 could allow attackers to gain SYSTEM-level privileges on a Hyper-V host, impacting all virtual machines running on it. Organizations using Hyper-V for virtualization, including data centers and cloud service providers, should be particularly concerned. Immediate patching is essential to prevent unauthorized access and control over virtual machines, which could lead to data breaches, system downtime, and extensive service disruption.

CVE-2024-38112 enables attackers to spoof web content, deceiving users into interacting with malicious resources. Organizations and individuals using applications that rely on MSHTML, such as Internet Explorer, should be wary. Patching is critical to prevent phishing attacks that could result in credential theft and unauthorized access, leading to data breaches and financial losses.

CVE-2024-35264 allows attackers to execute arbitrary code within .NET and Visual Studio environments by exploiting a race condition during the processing of an http/3 stream. Developers and Organisations using these platforms should be particularly concerned, as it affects a wide range of software development activities. Immediate patching is crucial to prevent malicious code execution, which could compromise system integrity, lead to data theft, and grant unauthorized access to sensitive information.

CVE-2024-37985 allows attackers to view heap memory from a privileged process and potentially steal sensitive information. Organizations and users with affected processors, especially those handling sensitive data, should be wary. Patching is essential to prevent unauthorized access to confidential information, which could lead to data breaches, loss of privacy, and significant financial and reputational damage.

Understanding what hackers know about your attack surface and building and maintaining an accurate and complete picture of the attack surface is the first step in proactive security and an important component of vulnerability prioritization.

July 2024 Patch Tuesday: Notching a new high

Compared to the Patch Tuesday updates earlier this year, the July 2024 Patch Tuesday stands out with the highest number of total vulnerabilities addressed, including the most RCEs and zero-days. 

The five critical vulnerabilities addressed by the July 2024 Patch Tuesday update are as follows:CVE-2024-38077: Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability

This vulnerability allows an attacker to execute arbitrary code on a server running the Windows Remote Desktop Licensing Service. Organizations using Windows Remote Desktop services, particularly those relying on the licensing service, are at risk here. Immediate patching is critical because remote code execution (RCE) vulnerabilities can lead to complete system compromise, allowing attackers to deploy malware, steal data, or take control of the affected systems. If left unpatched, attackers could gain unauthorized access to network resources, leading to data breaches, service disruptions, and significant financial and reputational damage.

CVE-2024-38074: Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability

Similar to CVE-2024-38077, this vulnerability allows attackers to execute arbitrary code remotely on the server. Enterprises using Windows Remote Desktop services that include the licensing service component are at risk here. Patching this vulnerability prevents potential exploits that could allow attackers to execute harmful code remotely, potentially leading to system control and data theft. If left unpatched, this RCE vulnerability increases the risk of ransomware attacks, unauthorized access, and potential exploitation by cybercriminals for various malicious activities.

CVE-2024-38076: Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability

This critical RCE vulnerability affects any organization that utilizes Remote Desktop Licensing Services. Given its potential for remote exploitation, it is crucial to patch this vulnerability to prevent unauthorized access and code execution on servers. If left unpatched, this REC vulnerability can be used to complete control over the server by attackers, resulting in data loss, system downtimes, and potential propagation of attacks within the network.

CVE-2024-38060: Windows Imaging Component Remote Code Execution Vulnerability

This vulnerability allows attackers to execute arbitrary code via the Windows Imaging Component. Users and Organisations utilizing the Windows Imaging Component for processing image files are at risk here. Patching is essential to prevent attackers from using specially crafted images to exploit the system and execute malicious code. If left unpatched, this could result in unauthorized access, data corruption, or the installation of further malware on the compromised system.

CVE-2024-38023: Microsoft SharePoint Server Remote Code Execution Vulnerability

This vulnerability enables remote code execution on Microsoft SharePoint Server. Organizations using SharePoint Server for collaboration and document management are at risk here. Immediate patching is necessary to prevent attackers from taking control of SharePoint servers, potentially leading to data breaches and unauthorized access to sensitive information. If left unpatched, this could result in data exfiltration, site defacement, or further network penetration.

Here is the detailed list of the vulnerabilities addressed by the July 2024 Patch Tuesday update. Secure Share by Hadrian simplifies and accelerates vulnerability remediation by enabling seamless collaboration between security and development teams. Learn more about it here.