Microsoft’s latest security update for July has certainly kept administrators on their toes, addressing a staggering 139 unique CVEs, with two actively exploited vulnerabilities and one that is known publicly but remains unexploited for now.
The July update has tackled more vulnerabilities than the combined total of the two previous monthly releases, providing fixes for issues that, if left unchecked, could result in remote code execution, privilege escalation, data theft, security feature bypass, and other malicious activities. Additionally, the update includes patches for four non-Microsoft CVEs, with one of them being a publicly known Intel microprocessor vulnerability.
One of the zero-day vulnerabilities addressed in this update is CVE-2024-38080, affecting Microsoft’s Windows Hyper-V virtualization technology. This flaw permits an authenticated attacker to execute code with system-level privileges on affected systems, despite being rated only as moderately severe by Microsoft. Given that attackers are already actively exploiting this vulnerability, experts recommend immediate patching to prevent potential compromises.
Another zero-day bug, CVE-2024-38112, impacts the Windows MSHTML Platform, commonly known as the Trident browser engine. With a similar moderate severity rating, this vulnerability requires user interaction in the form of clicking on a malicious link for exploitation. However, the lack of detailed information on the nature of the threat has raised concerns among experts, emphasizing the need for clearer guidance from Microsoft.
Moving on to other high-priority bugs, two flaws that were publicly known prior to the July update, CVE-2024-35264 and CVE-2024-37985, are also considered zero-day vulnerabilities. Notably, Microsoft has rated only four vulnerabilities in this update as critical, with three of them affecting the Windows Remote Desktop Licensing Service and enabling remote code execution.
In light of these critical vulnerabilities, Microsoft advises organizations to disable the Remote Desktop Licensing Service if it is not in use and to promptly install the patches for the identified flaws, as exploitation could be straightforward and pose significant risks. Additionally, the update highlights a significant number of unique vulnerabilities affecting Microsoft SQL Server, emphasizing the importance of patching to maintain security.
With 20 elevation of privilege bugs and 18 remote code execution vulnerabilities included in the update, security experts stress the need for equal attention to both categories of flaws. Despite a common perception that privilege escalation bugs are less severe, they can still result in complete administrative control for attackers and must be addressed diligently to minimize potential security risks.
Overall, Microsoft’s July security update presents a comprehensive effort to address a wide range of vulnerabilities, underscoring the ongoing importance of timely patching and proactive security measures to safeguard against potential cyber threats. It is crucial for organizations to prioritize these updates and stay vigilant in the face of evolving security challenges.