Microsoft has released its July 2024 Patch Tuesday security updates, addressing a total of 142 vulnerabilities, including four zero-day vulnerabilities. Notably, two of these zero-days are actively being exploited in the wild, posing significant risks to organizations using Microsoft products. Read on to learn more.
What are the zero-day vulnerabilities mentioned in Microsoft’s July 2024 Patch Tuesday?
The two actively exploited zero-day vulnerabilities are:
- CVE-2024-38080: This critical vulnerability affects the Windows Hyper-V component on Windows 11 and Windows Server 2022 systems. It allows attackers to elevate their account privileges on a Windows machine, potentially granting them SYSTEM-level access. The impact of this vulnerability is severe, as it could enable the deployment of ransomware and other malicious attacks. Due to its low complexity and no user interaction requirements, it’s likely to be rapidly incorporated into exploit kits, leading to widespread exploitation.
- CVE-2024-38112: This weakness in MSHTML, the engine behind Microsoft’s Internet Explorer, is a spoofing vulnerability that requires attackers to take additional preparatory actions to exploit the target environment. It allows an attacker to send a malicious file to a user for execution across the network. While details are scarce, it’s known to be actively exploited and requires social engineering to convince a user to execute a delivered file.
The other two publicly disclosed zero-day vulnerabilities are:
- CVE-2024-37985: Assigned by Intel, this vulnerability affects certain ARM-based operating systems. Microsoft has issued updates for the ARM version of Windows 11 to mitigate this issue. It could potentially allow an attacker to view heap memory from a privileged process.
- CVE-2024-35264: An HTTP/3 vulnerability in .NET and Visual Studio that could result in remote code execution. Exploitation is less likely due to the need for an attacker to win a race condition. It has been assigned a CVSSv3 score of 8.1, indicating its high severity.
For a detailed list of all addressed vulnerabilities in the July 2024 Patch Tuesday updates, refer to the full report.
What is Nuspire doing?
Nuspire is actively applying patches as they are released, following vendor recommendations. The company also conducts continuous threat hunting to identify and mitigate any signs of compromise within client environments.
What should I do?
Organizations utilizing Microsoft products should take the following steps to ensure their systems are secure:
- Review and Apply Patches: Prioritize the installation of the July 2024 Patch Tuesday updates to protect against the 142 identified vulnerabilities.
- Focus on Critical and Actively Exploited Vulnerabilities: Pay special attention to the two actively exploited zero-days, CVE-2024-38080 and CVE-2024-38112.
- Implement Least Privilege Principle: Restrict user permissions to minimize the potential impact of privilege escalation vulnerabilities like CVE-2024-38080.
- Enable and Configure Windows Defender: Ensure that Windows Defender is active and up to date to provide an additional layer of protection against potential exploits.
- Educate Users: Conduct security awareness training to help users recognize and avoid potential phishing attempts that could exploit vulnerabilities like CVE-2024-38112.
- Monitor Systems: Implement robust monitoring and logging to detect any suspicious activities that could indicate exploitation attempts.
- Consider Network Segmentation: Implement network segmentation to limit the potential spread of an attack if a system is compromised.
The July 2024 Patch Tuesday updates from Microsoft emphasize the urgent need for effective vulnerability management to safeguard your organization. Nuspire offers a full suite of Vulnerability Management Services to help you mitigate these risks. Our services encompass proactive vulnerability scanning, thorough patch management, and personalized security consulting to address your specific challenges.
Our Incident Response Readiness service also prepares your organization to face any security threats head-on. With our proactive approach, you’ll be equipped to respond quickly and efficiently to incidents, ensuring minimal disruption to your operations.