Breaking Down the Latest July 2024 Patch Tuesday Report

Microsoft has released its July 2024 Patch Tuesday security updates, addressing 142 vulnerabilities across Windows, Office, Exchange Server, Azure, Dynamics, and other products. This includes fixes for two zero-day vulnerabilities that are being actively exploited in the wild.

The two actively exploited zero-days are:

In total, Microsoft addressed 5 critical vulnerabilities and 137 important or moderate ones. The most common issues are remote code execution (59 bugs), elevation of privilege (26 bugs), and security feature bypass (24 bugs).

Key products receiving security updates include Windows, Office, Exchange Server, Azure, Dynamics 365, .NET Framework, Windows Hyper-V, and Microsoft Edge. Administrators should prioritize testing and deploying patches for the actively exploited zero-days and remote code execution flaws.

This Patch Tuesday is notable for the high number of vulnerabilities addressed, with 142 being on the higher end of typical monthly CVE counts. The presence of two actively exploited zero-days also increases the urgency of applying these updates.

Key Highlights - Patch Tuesday July 2024

In July's Patch Tuesday, Microsoft addressed 142 flaws, including two actively exploited zero-day vulnerabilities. This update included patches across categories like elevation of privilege, remote code execution, spoofing, denial of service, security feature bypass, and information disclosure.

Key highlights are:

Zero-day Vulnerabilities Patched in July 2024

Microsoft addressed two zero-day vulnerabilities in the July 2024 Patch Tuesday release. These vulnerabilities are notable because they were being actively exploited in the wild prior to the patches being made available. Let's examine each of these critical vulnerabilities:

CVE-2024-38080 - Windows Hyper-V Elevation of Privilege Vulnerability

This vulnerability allows an attacker with low-level authentication to elevate access and obtain SYSTEM privileges in Windows Hyper-V. Microsoft has not shared specific details on the exploitation, likely due to its active exploitation status.

"An attacker who successfully exploited this vulnerability could gain SYSTEM privileges," explains Microsoft.

The vulnerability affects more recent editions of Windows, including Windows 11 since version 21H2 and Windows Server 2022 (including Server Core). Patching should be prioritized due to its actively exploited status.

CVE-2024-38112 - Windows MSHTML Platform Spoofing Vulnerability

This spoofing vulnerability affects the Windows MSHTML Platform, which is used throughout Microsoft 365 and Microsoft Office products. Successful exploitation could potentially lead to partial data exposure.

"Successful exploitation of this vulnerability requires an attacker to take additional actions prior to exploitation to prepare the target environment," explains Microsoft. "An attacker would have to send the victim a malicious file that the victim would have to execute."

The vulnerability affects all versions of Windows, including Server editions. User interaction is required for exploitation, typically through social engineering tactics. While rated as Important, its active exploitation status makes it a priority for patching.

Microsoft has not shared extensive details on the exact nature of the spoofing or data exposure, likely to prevent further exploitation attempts.

Both of these zero-day vulnerabilities highlight the importance of prompt patching, especially for actively exploited flaws. Organizations should prioritize the deployment of these patches to mitigate the risk of ongoing attacks leveraging these vulnerabilities.

Critical Vulnerabilities Patched in July 2024

Five vulnerabilities with critical severity scores were addressed in the July 2024 Patch Tuesday report:

CVE-2024-38074, CVE-2024-38076, CVE-2024-38077 - Windows Remote Desktop Licensing Service Remote Code Execution Vulnerabilities

These three vulnerabilities affect the Windows Remote Desktop Licensing Service. An unauthenticated remote attacker could connect to the Remote Desktop Licensing Service and send a malicious message that may lead to remote code execution.

Microsoft notes: "An unauthenticated attacker could connect to the Remote Desktop Licensing Service and send a malicious message that may lead to remote code execution."

These vulnerabilities have the highest CVSS score of all patches this month, emphasizing their severity. Administrators should prioritize patching these, even if the service is currently disabled.

CVE-2024-38060 - Windows Imaging Component Remote Code Execution Vulnerability

This vulnerability in the Windows Imaging Component is related to TIFF (Tagged Image File Format) image processing. An authenticated attacker could exploit this by uploading a specially crafted TIFF file to a server.

Microsoft explains: "An authenticated attacker could upload a malicious TIFF file to a server."

All supported versions of Windows (and likely unsupported versions as well) are vulnerable to this flaw.

CVE-2024-38023 - Microsoft SharePoint Server Remote Code Execution Vulnerability

This vulnerability could allow an authenticated attacker with Site Owner permissions or higher to execute arbitrary code on the SharePoint server. The attacker could upload a specially crafted file to a SharePoint Server and craft specialized API requests to trigger deserialization of the file's parameters.

Microsoft states: "An authenticated attacker with Site Owner permissions or higher could upload a specially crafted file to the targeted SharePoint Server and craft specialized API requests to trigger the deserialization of the file's parameters. This would enable the attacker to execute code remotely in the SharePoint Server context."

The lower CVSS score compared to the other critical vulnerabilities reflects the requirement of Site Owner privileges or higher to exploit the vulnerability.

These critical vulnerabilities underscore the importance of timely patching, especially for systems exposed to untrusted networks or users. Organizations should prioritize the deployment of these patches to mitigate the risk of potential attacks exploiting these vulnerabilities.

Vulnerabilities by Category

In total, 142 vulnerabilities were addressed in July's Patch Tuesday. Remote code execution being the most common vulnerability type patched by Microsoft this month, occurring 59 times. Elevation of privilege bugs also accounted for a significant portion of the flaws fixed, with 26 occurrences. The least common vulnerability category was spoofing, with 7 such flaws patched in July. Here's a breakdown of the vulnerabilities by category:

Here is a table with the vulnerability categories and associated CVE IDs from Microsoft's July 2024 Patch Tuesday:

List of Products Patched in July 2024 Patch Tuesday Report

Microsoft's July 2024 Patch Tuesday includes updates for a wide range of its products, applications, and services. Here are the key products and components that received patches:

Complete List of Vulnerabilities Patched in July 2024 Patch Tuesday

Download the complete list of vulnerabilities by products patched in July 2024 Patch Tuesday here. 

Azure vulnerabilities

Developer Tools vulnerabilities

ESU Windows vulnerabilities

Microsoft Dynamics vulnerabilities

Microsoft Office vulnerabilities

SQL Server vulnerabilities

System Center vulnerabilities

Windows vulnerabilities

Bottom Line

Microsoft's July 2024 Patch Tuesday release addressed 142 total vulnerabilities, headlined by fixes for two actively exploited zero-day flaws:

Additional key vulnerabilities included:

In total, 59 critical or high-severity remote code execution bugs were addressed this month along with 26 important elevation of privilege flaws. Security feature bypass, denial of service, information disclosure, and spoofing issues rounded out the rest.

Here's a summary table of the July 2024 Patch Tuesday vulnerabilities:

The extensive patch load stresses the importance of continuous monitoring, vulnerability management, and updating to counter sophisticated multi-stage attacks targeting enterprise networks. Prioritizing remediation efforts by potential business impact is crucial.

Key areas of focus for this Patch Tuesday include:

Organizations should prioritize these updates to mitigate the risk of potential attacks exploiting these vulnerabilities. As always, it's recommended to test patches in a controlled environment before deploying them widely across production systems.

We'll continue providing monthly Patch Tuesday analyses highlighting major security updates needing visibility. Stay tuned for next month's report to keep your systems secure and up-to-date.

We aim to keep readers informed each month in our Patch Tuesday reports. Please follow our website thesecmaster.com or subscribe to our social media pages on Facebook, LinkedIn, Twitter, Telegram, Tumblr, Medium & Instagram to receive similar updates.

You may also like these articles: