Attackers Exploit Flaws in Microsoft’s July Security Update
Share
Microsoft’s July security update reveals significant vulnerabilities, with attackers already exploiting flaws in the system. The update addresses a staggering 139 CVEs in Microsoft products and four in non-Microsoft products. The July update necessitates prompt action from administrators, given the patching requirements for 139 unique CVEs. Among these, two are actively exploited by attackers, and one remains publicly known but unexploited. This update surpasses the combined number of vulnerabilities in the previous two months and includes fixes for potential remote code execution, privilege escalation, data theft, security feature bypasses, and more. Notably, it also patches a publicly known Intel microprocessor vulnerability.
Zero-Day Vulnerabilities: Immediate Action Required
One critical zero-day vulnerability (CVE-2024-38080) affects Microsoft’s Windows Hyper-V virtualization technology, allowing an authenticated attacker to execute code with system-level privileges. Despite Microsoft rating its severity as moderate (6.8 on the CVSS scale), the ease of exploitation and active exploitation by attackers heightens the urgency for immediate patching. Kev Breen, senior director of threat research at Immersive Labs, emphasized the need for more details to assist threat hunters in assessing potential compromises.
Another zero-day bug (CVE-2024-38112) impacts the Windows MSHTML Platform, with a moderate CVSS severity rating of 7.0. Described as a spoofing vulnerability, its nature remains somewhat unclear. Dustin Childs from Trend Micro’s Zero Day Initiative questioned the exact threat, noting the ambiguity in Microsoft’s description. Rob Reeves, principal cybersecurity engineer at Immersive Labs, suggested that exploitation might involve complex attack chains, requiring more information for precise guidance.
Additional High-Priority Vulnerabilities
Two additional publicly known vulnerabilities (CVE-2024-35264 and CVE-2024-37985) are also addressed in the update. CVE-2024-35264 is a remote code execution vulnerability in .Net and Visual Studio, while CVE-2024-37985 pertains to an Intel CVE integrated into Microsoft’s release.
Among the numerous flaws, four are rated as critical. Notably, CVE-2024-38076, CVE-2024-38077, and CVE-2024-38089, all affecting the Windows Remote Desktop Licensing Service, have near-maximum severity ratings of 9.8. These vulnerabilities enable remote code execution and should be prioritized. Microsoft advises disabling the Remote Desktop Licensing Service if not in use and immediately installing the patches.
A significant number of CVEs (39) affect Microsoft SQL Server, though none are deemed critical based on CVSS scores. Despite being labeled as “Exploitation Less Likely,” many have CVSS scores of 8.8, requiring attention from SQL Server customers.
The update continues the trend of numerous elevation of privilege (EoP) bugs, slightly outnumbering remote code execution vulnerabilities. Security researchers stress the importance of addressing EoP bugs, as they can grant attackers admin control over systems, enabling severe disruptions similar to those caused by remote code execution vulnerabilities. Microsoft’s extensive July update underscores the ongoing need for vigilant security practices and prompt patching to mitigate the risks posed by these vulnerabilities.