Microsoft July 2024 Patch Tuesday fixes 142 flaws, 4 zero-days

Microsoft's July 2024 Patch Tuesday includes security updates for 142 flaws, including two actively exploited and two publicly disclosed zero-days. This Patch Tuesday fixed five critical vulnerabilities, with all being remote code execution flaws. The number of bugs in each vulnerability category is listed below:

• 26 Elevation of Privilege Vulnerabilities
• 24 Security Feature Bypass Vulnerabilities
• 59 Remote Code Execution Vulnerabilities
• 9 Information Disclosure Vulnerabilities
• 17 Denial of Service Vulnerabilities
• 7 Spoofing Vulnerabilities

The two actively exploited zero-day vulnerabilities in today's updates are:

• CVE-2024-38080 - Windows Hyper-V Elevation of Privilege Vulnerability
• CVE-2024-38112 - Windows MSHTML Platform Spoofing Vulnerability

The two publicly disclosed vulnerabilities are:

• CVE-2024-35264 - .NET and Visual Studio Remote Code Execution Vulnerability
• CVE-2024-37985 - Arm: CVE-2024-37985 Systematic Identification and Characterization of Proprietary Prefetchers

Other vendors who released updates or advisories in July 2024 include Adobe, Cisco, Citrix, Fortinet, Mozilla, OpenSSH, and VMware.

Below is the complete list of resolved vulnerabilities in the July 2024 Patch Tuesday updates:

To access the full description of each vulnerability and the systems it affects, you can view the full report here.

Microsoft's July 2024 Patch Tuesday includes security updates for 142 flaws, including two actively exploited and two publicly disclosed zero-days. This Patch Tuesday fixed five critical vulnerabilities, all being remote code execution flaws. The number of bugs in each vulnerability category is listed below:

• 26 Elevation of Privilege Vulnerabilities
• 24 Security Feature Bypass Vulnerabilities
• 59 Remote Code Execution Vulnerabilities
• 9 Information Disclosure Vulnerabilities
• 17 Denial of Service Vulnerabilities
• 7 Spoofing Vulnerabilities

Four zero-days fixed:

1. CVE-2024-38080 - Windows Hyper-V Elevation of Privilege Vulnerability
2. CVE-2024-38112 - Windows MSHTML Platform Spoofing Vulnerability
3. CVE-2024-35264 - .NET and Visual Studio Remote Code Execution Vulnerability
4. CVE-2024-37985 - Arm: CVE-2024-37985 Systematic Identification and Characterization of Proprietary Prefetchers

Recent updates from other companies:

• Adobe releases security updates for Premiere Pro, InDesign, and Bridge.
• Cisco disclosed an NX-OS Software CLI command Injection vulnerability that was exploited in attacks.
• Citrix fixed flaws in Windows Virtual Delivery Agent and the Citrix Workspace app.
• A GhostScript RCE flaw fixed in May 2024 is now exploited in attacks.
• Fortinet fixes multiple vulnerabilities in FortiOS and other products.
• Mozilla releases Firefox 128 with fixes for multiple vulnerabilities.
• OpenSSH fixes new regreSSHion RCE vulnerability. A second similar vulnerability tracked as CVE-2024-6409 was disclosed yesterday as well.
• VMware fixes an HTML injection vulnerability in Cloud Director.

The July 2024 Patch Tuesday Security Updates:

Below is the complete list of resolved vulnerabilities in the July 2024 Patch Tuesday updates. To access the full description of each vulnerability and the systems it affects, you can view the full report here.