Microsoft Patch Tuesday for July 2024 fixed 2 actively exploited zero-days

Pierluigi Paganini July 10, 2024

Microsoft Patch Tuesday security updates for July 2024 addressed 139 flaws, including two actively exploited zero-days.

Microsoft Patch Tuesday security updates for July 2024 addressed 139 vulnerabilities in Windows and Windows Components; Office and Office Components; .NET and Visual Studio; Azure; Defender for IoT; SQL Server; Windows Hyper-V; Bitlocker and Secure(?) Boot; Remote Desktop; and Xbox (yes Xbox!). The updates also addressed additional three issues that reside in the third-party products.

Five vulnerabilities are rated Critical, 133 are rated Important, and three are rated Moderate in severity.

Two of these vulnerabilities are listed as publicly known, and two other bugs are actively exploited in attacks.

The two flaws actively exploited in the wild are:

CVE-2024-38080Windows Hyper-V Elevation of Privilege VulnerabilityImportant7.8NoYesEoP
CVE-2024-38112Windows MSHTML Platform Spoofing VulnerabilityImportant705NoYesSpoofing

CVE-2024-38080 (CVSS score of 7.8) – the flaw is an elevation of privilege vulnerability in Windows Hyper-V. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

CVE-2024-38112 (CVSS score of 7.5) – the flaw is a Windows MSHTML Platform Spoofing Vulnerability. Successful exploitation of this vulnerability requires an attacker to take additional actions prior to exploitation to prepare the target environment. An attacker can trigger the issue by sending the victim a malicious file that the victim would have to execute.

The two publicly known vulnerabilities are:

CVE-2024-37985 *Arm: CVE-2024-37985 Systematic Identification and Characterization of Proprietary PrefetchersImportant5.9YesNoInfo
CVE-2024-35264.NET and Visual Studio Remote Code Execution VulnerabilityImportant8.1YesNoRCE

The full list of vulnerabilities addressed by Microsoft are available here:

https://www.zerodayinitiative.com/blog/2024/7/9/the-july-2024-security-update-review

Pierluigi Paganini

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

(SecurityAffairs – hacking, Microsoft Patch Tuesday)



you might also like

leave a comment