Microsoft Patch Tuesday July 2024 : 4 Zero-days, 59 Code Execution & 75 Flaws Patched
Microsoft’s July 2024 Patch Tuesday has introduced a valuable wave of updates, addressing a total of 139 vulnerabilities all over varied products and ingredients.
This free up entails 139 contemporary CVEs in Dwelling windows, Region of enterprise, .NET, Azure, SQL Server, Hyper-V, and even Xbox, with a further three third-occasion CVEs documented this month. Amongst these, five vulnerabilities are rated as Severe, 133 as Crucial, and three as Moderate in severity.
Key Vulnerabilities Underneath Energetic Exploitation
CVE-2024-38080 – Dwelling windows Hyper-V Elevation of Privilege Vulnerability
This zero-day vulnerability lets in an authenticated attacker to develop code with SYSTEM privileges. It’s especially pertaining to for environments working Hyper-V, as it might really maybe even facilitate ransomware assaults. Rapid testing and deployment of this update are urged.
CVE-2024-38112 – Dwelling windows MSHTML Platform Spoofing Vulnerability
One other zero-day, this spoofing vulnerability affects the MSHTML browser engine. Exploitation requires user interplay, corresponding to clicking a malicious link, making it a valuable risk given the ease of user manipulation.
CVE-2024-35264: .NET and Visible Studio Far off Code Execution Vulnerability
CVE-2024-35264 is a some distance off code execution (RCE) vulnerability affecting .NET and Visible Studio. It’s important for being Microsoft’s third zero-day vulnerability patched in July 2024. Even supposing it became as soon as no longer exploited in the wild, particulars in regards to the vulnerability have been disclosed publicly earlier than a patch became as soon as accessible.
CVE-2024-37985: ARM-primarily based mostly Operating Methods Vulnerability
CVE-2024-37985 is one other valuable vulnerability, nonetheless Intel as a alternative of Microsoft assigned it. This vulnerability affects particular ARM-primarily based mostly running programs, and Microsoft has issued an update specifically for the ARM version of Dwelling windows 11 to mitigate the difficulty.
CVE-2024-38077 – Dwelling windows Far off Desktop Licensing Provider Far off Code Execution Vulnerability
This vulnerability, rated with a CVSS accumulate of 9.8, lets in unauthenticated attackers to develop code by sending a malicious message to an affected server. If instant patching is no longer that you presumably can also imagine, temporarily disabling the Licensing Provider is recommended.
CVE-2024-38060 – Microsoft Dwelling windows Codecs Library Far off Code Execution Vulnerability
This vulnerability requires an authenticated user with the diagram to add a specially crafted TIFF image, making it a doable methodology for lateral lunge interior a network. There aren’t any workarounds, so suggested patching is serious.
CVE-2024-38023 – Microsoft SharePoint Server Far off Code Execution Vulnerability
Any SharePoint user can exploit this vulnerability with Region Owner permissions. SharePoint’s default configuration lets in authenticated users to assemble sites, increasing the risk of exploitation. Microsoft’s CVSS rating of 7.2 is believed to be conservative, with a more dazzling rating of 8.8.
Other Valuable Vulnerabilities
- SQL Server Vulnerabilities: 38 code execution vulnerabilities connected to SQL Server, requiring a user to connect with a malicious database. These are primarily submit-exploitation ways for lateral lunge.
- Dwelling windows Multipoint Provider: A provocative worm that requires service restart for an attack to be triumphant.
- Azure Kinect SDK and Xbox: Vulnerabilities in these ingredients allow code execution thru malicious USB drives and networking packets, respectively. These require physical proximity for exploitation.
Elevation of Privilege (EoP) and Safety Characteristic Bypass (SFB) Bugs
- EoP Bugs: Plenty of these lead to SYSTEM-stage code execution or administrative privileges. Valuable bugs consist of these in the Textual sing Products and companies Framework and Defender for IoT, that can also be outdated for sandbox or AppContainer escapes.
- SFB Bugs: This free up entails loads of SFB vulnerabilities, in particular in Stable Boot, which is being humorously typically known as “Safe Boot” due to the frequency of these complications. The SFB worm in BitLocker is mainly pertaining to as it requires physical catch admission to, undermining its core security aim.
Data Disclosure and Denial-of-Provider (DoS) Bugs
- Data Disclosure: Most of these bugs result in leaks of unspecified memory contents, with important exceptions in Dynamics 365 and SharePoint, which can also jabber sensitive records.
- DoS Bugs: These consist of vulnerabilities in the iSCSI service, Layer-2 Bridge Network driver, and Far off Desktop Licensing Provider, among others. Particulars on the true nature of these DoS assaults are sparse.
Microsoft’s July 2024 Patch Tuesday is a substantial update that addresses serious vulnerabilities all over a mighty series of products and companies and products. Organizations are urged to prioritize patching, especially for serious and actively exploited vulnerabilities, to mitigate doable security risks.
The detailed diagnosis of every and every vulnerability underscores the significance of staying unusual with security patches to present protection to in opposition to evolving threats.
Source credit : cybersecuritynews.com