The Microsoft July 2024 security update has been rolled out and is now live, and it addresses a total of 143 vulnerabilities. This month’s update includes fixes for critical issues, with two vulnerabilities actively exploited in the wild.
Actively Exploited Vulnerabilities
Among the vulnerabilities patched, two are actively exploited:
- CVE-2024-38080 (CVSS score: 7.8): Windows Hyper-V Elevation of Privilege Vulnerability
- CVE-2024-38112 (CVSS score: 7.5): Windows MSHTML Platform Spoofing Vulnerability
CVE-2024-38112 has been exploited using specially-crafted Windows Internet Shortcut files (.URL) to redirect victims to malicious URLs through Internet Explorer, taking advantage of the browser’s vulnerabilities.
Key Vulnerabilities and Fixes
- CVE-2024-38080: This vulnerability allows a local, authenticated attacker to elevate privileges to the SYSTEM level.
- CVE-2024-37985: A side-channel attack called FetchBench affects Arm-based systems, allowing adversaries to view heap memory from a privileged process.
- CVE-2024-35264: A remote code execution bug impacting .NET and Visual Studio, exploitable by closing an http/3 stream during request processing.
- SQL Server Flaws: Microsoft addressed 37 remote code execution flaws affecting the SQL Server Native Client OLE DB Provider, which could be exploited via social engineering tactics.
- CVE-2024-38021: A remote code execution vulnerability in Microsoft Office, permitting attackers to gain high privileges without user interaction.
Other Vendor Updates
In addition to the Microsoft July 2024 security update, several other vendors have released security updates, including Adobe, Apple, Amazon, Google, Nvidia, Samsung, and Zoom.
Impact on GreenBean IT Customers
For GreenBean IT customers, these updates are critical to maintaining secure systems. The active exploitation of some of these vulnerabilities highlights the importance of regular patching and security awareness. Our team is ready to assist with the Microsoft July 2024 security update to ensure your systems remain secure.