Microsoft Patch Tuesday – July 9th 2024

Two ‘0-Days’ Being Actively Exploited in the Wild Are Among 49 Vulnerabilities This Month in Microsoft Windows

 

“Patch Tuesday” is an unofficial term used to refer to the second Tuesday of each month, when Microsoft, Adobe, Oracle, Google and other vendors regularly release software patches for their software products. Critical security updates are occasionally released outside of the normal Patch Tuesday cycle, but these are known as “Out-of-band” releases.

You can access the Microsoft list of Security Updates for July 2024 directly at msrc.microsoft.com/update-guide/releaseNote/2024-Jul

 

Known Exploited Vulnerabilities

The list of “Known Exploited” vulnerabilities below have been reported by the CISA, America’s Cyber Defense Agency, to be known to be currently being exploited in the wild and at scale. These represent the absolute highest priority for patching for many organisations.

The AppCheck Scanner is able to detect these known exploited vulnerabilities – please click each CVE below to visit our entry on our public-facing detections database.

 

CVE-2024-38112: URI Spoofing Exploitation in MS Windows Trident Rendering Engine

A vulnerability exists in the MSHTML (Trident) rendering engine, which is pivotal for rendering web content in Internet Explorer. The primary flaw stems from inadequate sanitisation within the MSHTML library of URL links to malicious content originates from a trusted source. Attackers are exploiting the vulnerability to employ phishing tactics, sending emails with malicious attachments or links leading to spoofed websites. Upon interaction, malicious content is rendered in a trusted context, misleading users to divulge sensitive information like login credentials or to install malware.

See more details in the AppCheck Detections Service at https://detections.appcheck-ng.com/vulnerabilities/view/307067

 

CVE-2024-38080: Unauthorised Elevation of Privilege via Integer Overflow in MS Windows Hyper-V Component

An integer overflow vulnerability in Microsoft’s Hyper-V hypervisor allows for the unauthorised elevation of privileges from low-security to high-security context. Microsoft reports that in this instance, an attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

See more details in the AppCheck Detections Service at https://detections.appcheck-ng.com/vulnerabilities/view/307050

 

Critical (CVSS 9+) Patches to Prioritise

The list of “Critical” vulnerabilities below are all those with a “CVSS” score of 9 or greater. This generally reflects a vulnerability that is critical risk, being both trivial to exploit, likely to be exploited, and which could cause great harm and damage if exploited:

 

 

‘Highly Exploitable’ Vulnerabilities

The list of “Highly Exploitable” vulnerabilities below are all those which Microsoft has determined are relatively trivial to exploit:

Product CVE CVSS Score
Microsoft Office CVE-2024-38021 8.8
Microsoft Office SharePoint CVE-2024-38023 7.2
Microsoft Office SharePoint CVE-2024-38024 7.2
Microsoft Streaming Service CVE-2024-38052 7.8
Microsoft Streaming Service CVE-2024-38054 7.8
Windows Win32K – ICOMP CVE-2024-38059 7.8
Microsoft Windows Codecs Library CVE-2024-38060 8.8
Windows Win32K – GRFX CVE-2024-38066 7.8
Microsoft Graphics Component CVE-2024-38079 7.8
Role: Windows Hyper-V CVE-2024-38080 7.8
Windows Win32 Kernel Subsystem CVE-2024-38085 7.8
Microsoft Office SharePoint CVE-2024-38094 7.2
Windows Remote Desktop Licensing Service CVE-2024-38099 5.9
Windows COM Session CVE-2024-38100 7.8

Other Critical Patches

In addition to the above, Microsoft released 139 important security patches in total.

Products affected by this Patch Tuesday’s updates include:

  • SQL Server
  • Windows Secure Boot
  • Windows Remote Desktop Licensing Service
  • .NET and Visual Studio
  • Microsoft Office SharePoint
  • Windows Internet Connection Sharing (ICS)
  • Windows Performance Monitor
  • Windows Online Certificate Status Protocol (OCSP)
  • Windows PowerShell
  • Microsoft Streaming Service

 

You can see the full list on Microsoft’s Security Update Guide page (https://msrc.microsoft.com/update-guide/en-us), along with the associated KB articles and security vulnerability details.

 

Statistics

Total Microsoft CVEs: 139

Currently exploited: 1

Highly Exploitable: 14

By Severity:

  1. Critical: 5
  2. Important: 132
  3. Moderate: 1

 

 

How to Protect Your Organisation with AppCheck

As with every month, if you don’t want to wait for your system to download Microsoft critical updates on pre-determined schedule, you can download them immediately from the Windows Update Catalog website at https://www.catalog.update.microsoft.com/Home.aspx and searching by Microsoft KB ID.

We also recommend scanning your entire estate using the AppCheck vulnerability scanner regularly – including end-user machines running desktop operating systems. Contact your account manager now if you are not already licensed for internal scan hubs to cover your whole estate.

 

Next Patch Tuesday

The next Patch Tuesday will be on 13th August 2024 – add it to your calendar now!

 

About AppCheck

AppCheck is a software security vendor based in the UK, offering a leading security scanning platform that automates the discovery of security flaws within organisations websites, applications, network, and cloud infrastructure. AppCheck are authorized by the Common Vulnerabilities and Exposures (CVE) Program as a CVE Numbering Authority (CNA).

Get started with Appcheck

No software to download or install.

Contact us or call us 0113 887 8380

Start your free trial

Your details
IP Addresses
URLs

Get in touch

Please enable JavaScript in your browser to complete this form.
Name