Microsoft has taken significant steps to address 142 vulnerabilities in its latest Patch Tuesday update for July. Among these vulnerabilities were two zero-day flaws that were actively being exploited by malicious actors.
The first zero-day vulnerability, identified as CVE-2024-38080, is a privilege escalation flaw in Microsoft’s Hyper-V virtualization software that impacts both Windows 11 and Windows Server 2022. This flaw received a CVSS score of 7.8 and was classified as important by Microsoft. The software giant acknowledged that exploitation of this vulnerability has been observed, although the extent of the attacks remains uncertain. Interestingly, Microsoft was informed about this flaw by an anonymous individual.
The second zero-day bug, named CVE-2024-38112, is a spoofing vulnerability found in the Windows MSHTML platform. With a CVSS score of 7.5, this flaw was also deemed important by Microsoft. Exploitation of this vulnerability allows attackers to send malicious files through the network. However, Microsoft pointed out in their advisory that additional actions are required before full exploitation of the flaw.
According to Chris Goettl, Vice President of Security Product Management at Ivanti, attackers can exploit this particular vulnerability remotely if they are already present on the network, making it a significant threat across various Windows OS versions.
The individual credited with discovering and reporting CVE-2024-38112 is Haifei Li of Check Point Software Technologies. However, Li expressed frustration towards Microsoft for divulging and fixing the flaw earlier than expected, without informing Check Point about the altered schedule.
Apart from the zero-day vulnerabilities, Microsoft also addressed two other disclosed flaws in the Patch Tuesday update. The first one, CVE-2024-35264, is a remote code execution vulnerability affecting .NET version 8.0 and Visual Studio 2022. This flaw received an 8.1 CVSS score and was labeled as important by Microsoft. On the other hand, the second disclosed vulnerability, CVE-2024-37985, is an information disclosure flaw in Windows 11 versions for Arm64-based systems, with a 5.9 CVSS score and an important rating.
Furthermore, Microsoft patched CVE-2024-38060, an RCE flaw impacting the Windows Imaging Component, which is critical. This flaw could be exploited by uploading a malicious TIFF file to a targeted server.
The massive Patch Tuesday update also included 38 RCE vulnerabilities in SQL Server alone. While the number of vulnerabilities addressed might seem overwhelming, experts like Goettl assure users that focusing on addressing the critical ones promptly is crucial for safeguarding systems from potential threats.
In conclusion, Microsoft’s robust response in addressing these vulnerabilities underscores the importance of regular patching and maintenance of software systems to mitigate security risks and protect against cyber threats. Organizations are advised to stay vigilant and prioritize the installation of these updates to bolster their cybersecurity posture in an ever-evolving threat landscape.