Zero Patch Updates Tuesday | Microsoft | Neuways – Technologist

142 Vulnerabilities Addressed, Including Four Zero-Days and Five Critical Flaws

Microsoft’s July Tuesday Zero Patch updates bring a significant update for businesses that use Microsoft. The comprehensive security patch addresses 142 vulnerabilities, including four zero-day exploits, two actively targeted by malicious actors, and five critical flaws that demand immediate attention from a cyber security perspective.

Zero-Day Vulnerabilities and Zero Patch Updates

CVE-2024-38080—Elevation of Privilege in Hyper-V

This vulnerability affects Hyper-V on Windows 11 and Windows Server. Exploited in the wild, it poses a severe risk as it can grant SYSTEM-level access, enabling potential ransomware deployment and other malicious activities. Its low complexity and lack of user interaction make it a prime candidate for exploit kits.

CVE-2024-38112 – Spoofing Vulnerability in MSHTML Platform

This zero-day allows attackers to execute malicious files across a network through social engineering tactics. Actively exploited, it underscores the importance of user education on phishing and suspicious file execution.

CVE-2024-35264 – RCE in Visual Studio 2022 and .Net 8.0

Although exploitation is complex due to required race conditions, this publicly disclosed vulnerability could lead to remote code execution, posing a significant risk to development environments.

CVE-2024-37985 – Information Disclosure on ARM-based Windows 11 Systems

Publicly disclosed, this flaw allows an attacker to view heap memory from privileged processes. While no exploit code has been released, the disclosure alone warrants vigilance.

Critical Vulnerabilities

CVE-2024-38023 – RCE in SharePoint

This flaw allows an authenticated user with Site Owner permissions to execute code on the SharePoint Server by uploading specially crafted files.

CVE-2024-38060 – RCE in Windows Imaging Component

This vulnerability involves TIFF image processing and allows arbitrary code execution when an attacker uploads a crafted TIFF image to a server.

CVE-2024-38076 – RCE in Windows Remote Desktop Licensing Service

With a CVSS score of 9.8, this critical flaw requires immediate patching, even if the service is disabled. Microsoft strongly advises prompt update applications.

CVE-2024-38074 and CVE-2024-38075 – Related to CVE-2024-38076

These additional critical vulnerabilities in the Remote Desktop Licensing Service share mitigation strategies and underscore the necessity for rapid patch deployment.

Additional Updates to zero patch updates

This month’s update also addresses 39 vulnerabilities in Microsoft SQL Server, although none are classified as critical. There are no known exploits or disclosures for these vulnerabilities at this time.

Third-Party Software Patches

Third-party software patches are included, affecting Adobe, Cisco NX-OS, Citrix Windows Virtual Delivery Agent and Workspace, GhostScript, Fortinet FortiOS, VMware Cloud Director, Firefox, and OpenSSH.

Action Items for MSPs

• Immediate Patch Deployment: Prioritize the deployment of patches for zero-day and critical vulnerabilities.
• Client Communication: Inform clients about the importance of these updates and the potential risks of not applying them promptly.
• Enhanced Monitoring: Increase monitoring for signs of exploitation, particularly for the actively targeted zero-days.
• Security Training: Educate clients on recognising phishing attempts and avoiding executing unsolicited files.

Keep an eye out for zero patch updates

Stay vigilant and update all systems to protect against these critical vulnerabilities. The Microsoft Security Update Guide provides a detailed list of all patches.