Connect with us

Tech News

Microsoft July 2024 Patch Tuesday Fixed 140+ Vulnerabilities

Published

on

Latest Hacking News

Attention all Microsoft users! Make sure to update your devices with the latest security updates from Microsoft’s Patch Tuesday for July 2024. This month’s update is extensive, addressing 142 vulnerabilities across various products. Additionally, it has patched some zero-day flaws, emphasizing the importance of promptly updating your devices.

Four Zero-Day Flaws Fixed With Microsoft Patch Tuesday July 2024

The most significant security fixes in this update focus on four zero-day vulnerabilities:

  • CVE-2024-35264 (CVSS 8.1): A critical remote code execution flaw affecting .NET and Visual Studio. Although not actively exploited, it was publicly known before the patch was released. Attackers could exploit this flaw to execute remote code by winning a race condition.
  • CVE-2024-38080 (CVSS 7.8): Another critical vulnerability of high severity publicly disclosed before the patch. It is a privilege escalation vulnerability in Windows Hyper-V, allowing attackers to gain SYSTEM privileges.
  • CVE-2024-38112 (CVSS 7.5): A significant spoofing vulnerability in Windows MSHTML Platform actively exploited without public disclosure prior to the security patch. Exploiting this flaw requires sending a maliciously crafted file to the victim.
  • CVE-2024-37985 (CVSS 5.9): Known as the “FetchBench” side-channel attack, impacting ARM chips and allowing data theft. Although not directly related to Microsoft, the security fix was included in the update to patch vulnerable ARM-based systems.

Other Important Patch Tuesday Fixes

In addition to the zero-day flaws, Microsoft addressed 5 critical remote code execution vulnerabilities affecting Microsoft SharePoint Server (CVE-2024-38023; CVSS 7.2), Windows Imaging Component (CVE-2024-38060; CVSS 8.8), and Windows Remote Desktop Licensing Service (CVE-2024-38074, CVE-2024-38076, CVE-2024-38077; CVSS 9.8).

The update also tackled 129 moderate-severity security vulnerabilities and a low-severity issue in Microsoft Outlook (CVE-2024-38020). These vulnerabilities include denial of service, privilege escalation, information disclosure, remote code execution, security feature bypass, and spoofing vulnerabilities.

It is crucial for all Microsoft users to pay attention to this Patch Tuesday update and patch their systems immediately.

We welcome your thoughts in the comments section.

See also  Mozilla Released Firefox 130 With AI Chatbot, Security Fixes

Trending