Microsoft July 2024 Security Update

Microsoft has released its monthly security updates, addressing a total of 143 security flaws. Out of these, five are rated Critical, 136 are Important, and four are Moderate. Additionally, Microsoft has fixed 33 vulnerabilities in the Chromium-based Edge browser over the past month.

Two Actively Exploited Vulnerabilities

Among the patched flaws, two are actively being exploited:
1. CVE-2024-38080 (CVSS score: 7.8): A Windows Hyper-V Elevation of Privilege Vulnerability. This flaw allows a local, authenticated attacker to elevate their privileges to SYSTEM level after compromising the system.
2. CVE-2024-38112 (CVSS score: 7.5): A Windows MSHTML Platform Spoofing Vulnerability. Exploiting this flaw requires the attacker to send a malicious file to the victim, who must then execute it. Attackers use specially-crafted Windows Internet Shortcut files (.URL) to redirect victims to a malicious URL by opening the retired Internet Explorer browser, bypassing modern security measures.

Other Noteworthy Patches

FetchBench (CVE-2024-37985): This side-channel attack with a CVSS score of 5.9 could enable attackers to view heap memory from a privileged process on Arm-based systems.
CVE-2024-35264 (CVSS score: 8.1): A remote code execution bug affecting .NET and Visual Studio. Exploiting this flaw involves closing an HTTP/3 stream during request processing, leading to a race condition.
SQL Server Native Client OLE DB Provider: 37 remote code execution flaws were fixed. Both SQL Server instances and client code using vulnerable versions of the connection driver need to be updated.
Secure Boot Bypass: 20 security feature bypass vulnerabilities were addressed.
PowerShell: Three privilege escalation bugs were fixed.
BlastRADIUS (CVE-2024-3596): A spoofing vulnerability in the RADIUS protocol.
CVE-2024-38021 (CVSS score: 8.8): A remote code execution flaw in Microsoft Office. This zero-click vulnerability allows attackers to gain high privileges without any user interaction.
Importance of Updating

These updates are crucial for maintaining security and protecting systems from potential exploits. The patches cover a wide range of vulnerabilities that could allow attackers to gain unauthorized access, execute arbitrary code, and cause significant damage.

The context menu is not allowed on this page.