Microsoft’s July 2024 Patch Tuesday has brought a significant wave of updates, addressing a total of 139 vulnerabilities across various products and components.
This release includes 139 new CVEs in Windows, Office, .NET, Azure, SQL Server, Hyper-V, and even Xbox, with an additional three third-party CVEs documented this month. Among these, five vulnerabilities are rated as Critical, 133 as Important, and three as Moderate in severity.
Key Vulnerabilities Under Active Exploitation
CVE-2024-38080 – Windows Hyper-V Elevation of Privilege Vulnerability
This zero-day vulnerability allows an authenticated attacker to execute code with SYSTEM privileges. It is particularly concerning for environments running Hyper-V, as it could facilitate ransomware attacks. Immediate testing and deployment of this update are recommended.
Join our free webinar to learn about combating slow DDoS attacks, a major threat today.
CVE-2024-38112 – Windows MSHTML Platform Spoofing Vulnerability
Another zero-day, this spoofing vulnerability affects the MSHTML browser engine. Exploitation requires user interaction, such as clicking a malicious link, making it a significant threat given the ease of user manipulation.
CVE-2024-35264: .NET and Visual Studio Remote Code Execution Vulnerability
CVE-2024-35264 is a remote code execution (RCE) vulnerability affecting .NET and Visual Studio. It is notable for being Microsoft’s third zero-day vulnerability patched in July 2024. Although it was not exploited in the wild, details about the vulnerability were disclosed publicly before a patch was available.
CVE-2024-37985: ARM-based Operating Systems Vulnerability
CVE-2024-37985 is another significant vulnerability, but Intel rather than Microsoft assigned it. This vulnerability affects certain ARM-based operating systems, and Microsoft has issued an update specifically for the ARM version of Windows 11 to mitigate the issue.
CVE-2024-38077 – Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability
This vulnerability, rated with a CVSS score of 9.8, allows unauthenticated attackers to execute code by sending a malicious message to an affected server. If immediate patching is not possible, temporarily disabling the Licensing Service is suggested.
CVE-2024-38060 – Microsoft Windows Codecs Library Remote Code Execution Vulnerability
This vulnerability requires an authenticated user to upload a specially crafted TIFF image, making it a potential method for lateral movement within a network. There are no workarounds, so prompt patching is necessary.
CVE-2024-38023 – Microsoft SharePoint Server Remote Code Execution Vulnerability
Any SharePoint user can exploit this vulnerability with Site Owner permissions. SharePoint’s default configuration allows authenticated users to create sites, increasing the risk of exploitation. Microsoft’s CVSS rating of 7.2 is considered conservative, with a more accurate rating of 8.8.
Other Notable Vulnerabilities
- SQL Server Vulnerabilities: 38 code execution vulnerabilities related to SQL Server, requiring a user to connect to a malicious database. These are primarily post-exploitation techniques for lateral movement.
- Windows Multipoint Service: An interesting bug that requires service restart for an attack to succeed.
- Azure Kinect SDK and Xbox: Vulnerabilities in these components allow code execution through malicious USB drives and networking packets, respectively. These require physical proximity for exploitation.
Elevation of Privilege (EoP) and Security Feature Bypass (SFB) Bugs
- EoP Bugs: Many of these lead to SYSTEM-level code execution or administrative privileges. Notable bugs include those in the Text Services Framework and Defender for IoT, which can be used for sandbox or AppContainer escapes.
- SFB Bugs: This release includes numerous SFB vulnerabilities, particularly in Secure Boot, which is being humorously referred to as “Protected Boot” due to the frequency of these issues. The SFB bug in BitLocker is particularly concerning as it requires physical access, undermining its core security purpose.
Information Disclosure and Denial-of-Service (DoS) Bugs
- Information Disclosure: Most of these bugs result in leaks of unspecified memory contents, with notable exceptions in Dynamics 365 and SharePoint, which could expose sensitive information.
- DoS Bugs: These include vulnerabilities in the iSCSI service, Layer-2 Bridge Network driver, and Remote Desktop Licensing Service, among others. Details on the exact nature of these DoS attacks are sparse.
Microsoft’s July 2024 Patch Tuesday is a substantial update that addresses critical vulnerabilities across a wide range of products and services. Organizations are urged to prioritize patching, especially for critical and actively exploited vulnerabilities, to mitigate potential security risks.
The detailed analysis of each vulnerability underscores the importance of staying current with security patches to protect against evolving threats.
"Is Your System Under Attack? Try Cynet XDR: Automated Detection & Response for Endpoints, Networks, & Users!"- Free Demo