Microsoft’s July Update Fixes 143 Vulnerabilities, Two of Which Are Actively Exploited

Microsoft’s July Update Fixes 143 Vulnerabilities, Two of Which Are Actively Exploited

Jul 10, 2024NewsroomEndpoint Security / Vulnerability

In total, Microsoft has released patches to address the following issues: 143 vulnerabilities as part of monthly security updates, two of which were actively exploited in the wild.

Of the 143 bugs, five are rated Critical, 136 are Important, and four are rated Moderate. Fixes are additionally 33 vulnerabilities Issues addressed in the Chromium-based Edge browser over the past month.

The two vulnerabilities that were exploited are as follows:

  • CVE-2024-38080 (CVSS score: 7.8) – Windows Hyper-V Privilege Escalation Vulnerability
  • CVE-2024-38112 (CVSS score: 7.5) – Windows MSHTML Platform Forgery Vulnerability

“Successful exploitation of this vulnerability requires the attacker to perform additional actions prior to exploitation to prepare the target environment,” Microsoft said for CVE-2024-38112. “An attacker would need to send a malicious file to the victim, which the victim would then execute.”

Check Point security researcher Haifei Li, who discovered and reported the vulnerability in May 2024, said that threat actors are exploiting specially crafted Windows Internet Shortcut files (.URL) that, when clicked, redirect victims to a malicious URL by invoking the retired Internet Explorer (IE) browser.

“An additional trick is used in IE to hide the malicious .HTA extension name,” Li explained“By opening the URL in IE instead of the modern and much more secure Chrome/Edge browser on Windows, the attacker gained significant advantages in exploiting the victim’s computer, even though the computer was running the modern Windows 10/11 operating system.”

“CVE-2024-38080 is a privilege escalation flaw in Windows Hyper-V,” said Satnam Narang, senior staff research engineer at Tenable. “A local, authenticated attacker could exploit this vulnerability to escalate privileges to the SYSTEM level after initial compromise of a target system.”

While the exact details surrounding the exploitation of CVE-2024-38080 are not yet known, Narang noted that it is the first of 44 Hyper-V vulnerabilities to be widely exploited since 2022.

Two other vulnerabilities patched by Microsoft were publicly known at the time of publication, including a side-channel attack Bringing Bench (CVE-2024-37985, CVSS score: 5.9) could allow an attacker to view heap memory from a privileged process running on Arm-based systems.

The second security vulnerability disclosed to the public is; CVE-2024-35264 (CVSS score: 8.1), Remote code execution flaw affecting .NET and Visual Studio.

“An attacker could exploit this by closing an http/3 stream while the request body is being processed, which could lead to a race condition,” Redmond said in an advisory. “This could lead to remote code execution.”

Also addressed as part of Patch Tuesday updates are 37 remote code execution flaws affecting the SQL Server Native Client OLE DB Provider, 20 Secure Boot security feature bypass vulnerabilities, three PowerShell privilege escalation flaws, and a spoofing vulnerability in the RADIUS protocol (CVE-2024-3596, aka BlastRADIUS).

“(The SQL Server vulnerabilities) specifically affect the OLE DB Provider, so not only do instances of SQL Server need to be updated, but client code running vulnerable versions of the connection driver also needs to be addressed,” said Greg Wiseman, Product Manager at Rapid7.

“For example, an attacker could use social engineering tactics to trick an authenticated user into connecting to a SQL Server database that is configured to return malicious data, allowing arbitrary code execution on the client.”

The last of the long list of patches is CVE-2024-38021 (CVSS score: 8.8) is a remote code execution vulnerability in Microsoft Office that, if successfully exploited, could allow an attacker to gain elevated privileges, including read, write, and delete functionality.

Morphisec, who reported the vulnerability to Microsoft in late April 2024, said that the vulnerability did not require any authentication and posed a serious risk due to its zero-click feature.

“Attackers can exploit this vulnerability to gain unauthorized access, execute arbitrary code, and cause significant damage without any user interaction,” Michael Gorelik aforementioned“The lack of authentication requirements makes this particularly dangerous as it opens the door to widespread abuse.”

Fixes from Microsoft It was announced Late last month, it announced that it would begin publishing CVE identifiers for cloud-related vulnerabilities in an effort to increase transparency.

Software Patches from Other Vendors

In addition to Microsoft, security updates have been released by other vendors over the past few weeks to address various vulnerabilities, including:

Did you find this article interesting? Follow us twitter And Linkedin To read more exclusive content.