Critical Windows licensing bugs – plus two others under attack – top Patch Tuesday
What is the CVSS rating of CVE-2024-38080?
The CVSS rating of CVE-2024-38080 is 7.8 out of 10. This Windows Hyper-V elevation of privilege vulnerability has been deemed "important" by Microsoft and is one of two zero-day vulnerabilities under active exploitation addressed in the July Patch Tuesday5.
How does CVE-2024-38112 exploit occur?
CVE-2024-38112 is a spoofing vulnerability in the Windows MSHTML Platform. The exploit occurs when an attacker sends a specially crafted HTML file to the victim, who then executes the malicious file5. The vulnerability resides in the MSHTML (Trident) rendering engine, which is used for rendering web content in Internet Explorer and other applications via embedded web browser controls1. Successful exploitation could lead to unauthorized exposure of resources or information.
What does CVE-2024-35264 allow attackers to achieve?
CVE-2024-35264 is a remote code execution vulnerability in .NET and Visual Studio. Successful exploitation of this vulnerability allows attackers to achieve remote code execution by closing an HTTP/3 stream while the request body is being processed, leading to a race condition. This vulnerability has a CVSS score of 8.1 and is classified as "Important" by Microsoft.