On the second Tuesday of July 2024, Microsoft Corporation issued its latest round of security updates, marking another Patch Tuesday update. This month’s release addresses a total of 139 vulnerabilities across various Microsoft products, including Windows operating systems and other software. Among these vulnerabilities, Microsoft has identified at least four zero-day exploits, underlining the critical nature of this update.
Two of the zero-day vulnerabilities patched in July 2024 have been actively exploited in the wild, emphasizing the urgency of applying these updates promptly. One such vulnerability is CVE-2024-38080, affecting the Windows Hyper-V component found in both Windows 11 and Windows Server 2022.
This flaw allows attackers to elevate their privileges on a compromised system. Microsoft has confirmed active exploitation of this vulnerability but has not disclosed specific details regarding the attacks.
Microsoft Patch Tuesday Fixes Zero-Day Vulnerabilities
The 2023 Microsoft Patch Tuesday fixes several vulnerabilities existing within the Microsoft ecosystem. These vulnerabilities range from denial of service, elevation of privilege, and remote code execution.
In a conversation with The Cyber Express, Satnam Narang, Senior Staff Research Engineer at Tenable, shared his opinions on Microsoft Patch Tuesday and the vulnerabilities associated with this update.
“CVE-2024-38080 is an elevation of privilege flaw in Windows Hyper-V. A local, authenticated attacker could exploit this vulnerability to elevate privileges to the SYSTEM level following an initial compromise of a targeted system”, said Narang.
The second zero-day, CVE-2024-38112, targets MSHTML, Microsoft’s proprietary engine used in Internet Explorer. This vulnerability involves spoofing, where an attacker could deceive a user into opening a malicious file, leading to potential exploitation. Similar to CVE-2024-38080, Microsoft has acknowledged the exploitation of this vulnerability in the wild without providing specific details.
Narang further commented on CVE-2024-38112, stating, “Successful exploitation of this vulnerability requires an attacker to take additional actions prior to exploitation to prepare the target environment.”
Microsoft’s July 2024 Patch Tuesday addresses a total of 139 vulnerabilities, including five critical ones known for their potential to allow remote code execution (RCE). These vulnerabilities cover a range of exploit categories, including 26 elevations of privilege issues, 24 security feature bypass vulnerabilities, 59 instances of remote code execution risks, 9 information disclosure flaws, 17 denial of service vulnerabilities, and 7 spoofing vulnerabilities.
Fixing Vulnerabilities and New Windows Enhancements
Satnam Narang further provided valuable insights into the severity and implications of these vulnerabilities. Regarding the broader impact of such patches, Narang stated, “Since 2022, there have been 44 vulnerabilities in Windows Hyper-V, though this is the first one to have been exploited in the wild to our knowledge.”
He also highlighted another critical vulnerability, CVE-2024-38021, affecting Microsoft Office, which allows attackers to leak NTLM credentials. This flaw underscores ongoing challenges in securing Microsoft’s software suite against sophisticated cyber threats.
In addition to the actively exploited zero-days, Microsoft’s July 2024 Patch Tuesday release addresses two other publicly disclosed vulnerabilities: CVE-2024-35264, a remote code execution flaw in .NET and Visual Studio, and CVE-2024-37985, a side-channel attack on Arm processors known as “FetchBench” that could compromise sensitive information. While these vulnerabilities were not actively exploited at the time of the patch release, they highlight the critical importance of proactive patch management to mitigate potential risks effectively.
Beyond security updates, Microsoft’s July 2024 Patch Tuesday includes several enhancements and new features for Windows 11. Notably, the update introduces a controversial Game Pass advertisement within the Settings app, visible to users engaged in gaming activities. This addition aims to promote Microsoft’s gaming subscription service directly within the operating system environment.