patch Tuesday header
,

Patch now! July Patch Tuesday fixes two actively exploited vulnerabilities

Microsoft’s Patch Tuesday covers two actively exploited vulnerabilities, one Office Remote Code Execution (RCE) flaw, and many other CVEs

Microsoft’s July Patch Tuesday covers 142 CVEs, including two exploited zero-days.

The Cybersecurity & infrastructure Security Agency (CISA) has added 2 of the patched vulnerabilities to its catalog of Known Exploited Vulnerabilities.

The Common Vulnerabilities and Exposures (CVE) database lists publicly disclosed computer security flaws. The actively exploited CVEs from Microsoft’s July Patch Tuesday include:

  • CVE-2024-38112 (CVSS score 7.5 out of 10):  Microsoft Windows MSHTML Platform (the browser engine) spoofing vulnerability.
    • Successful exploitation of this vulnerability requires an attacker to take additional actions prior to exploitation to prepare the target environment, specifically by sending a malicious file that the victim would have to execute.
    • With this vulnerability, an attacker could also use a Windows internet shortcut file (.url) to load a malicious site in Internet Explorer (IE).
  • CVE-2024-38080 (CVSS score 7.8 out of 10): Microsoft Windows Hyper-V Privilege Escalation vulnerability. An attacker who successfully exploited this vulnerability could gain system privileges.
    • Hyper-V is a hardware virtualization product that allows you to run multiple operating systems as virtual machines (VMs) on Windows. A virtual machine is a computer program that emulates a physical computer. A physical “host” computer can run multiple separate “guest” VMs that are isolated from each other, and from the host. The physical resources of the host are allocated to the VMs by a software layer called the hypervisor, which acts as an intermediary between the host and guests.

Another vulnerability we think deserves some extra attention is CVE-2024-38021 (CVSS score 8.8 out of 10). This is a Microsoft Office Remote Code Execution (RCE) vulnerability which requires a user to allow blocked content sent from an external attacker to initiate remote code execution. An attacker who successfully exploited this vulnerability could gain high privileges, which include read, write, and delete functionality.

Other vendors

Other vendors have synchronized their periodic updates with Microsoft. Here are a few major ones that you may find in your environment.

Adobe has released security updates for Premiere Pro, InDesign, and Bridge.

Citrix fixed flaws in Windows Virtual Delivery Agent and the Citrix Workspace app.

Google released July system updates for Android.

Mozilla fixed several security vulnerabilities in Firefox.

OpenSSH made a patch available for the RegreSSHion vulnerability.

Streamlining Vulnerability Response with ThreatDown

ThreatDown takes care of vulnerability management all from one console. With ThreatDown Vulnerability Assessment and Patch Management, organizations can create a schedule to install all system and third-party software updates regularly. Learn more.

To apply patches en masse, check the boxes for the systems or applications on endpoints you wish to update and click Actions > Update Software.
To apply patches en masse, check the boxes for the systems or applications on endpoints you wish to update and click Actions > Update Software.