Microsoft’s latest Patch Tuesday for July 2024 has rolled out security updates addressing 142 vulnerabilities, including two actively exploited and two publicly disclosed zero-day flaws. The update includes five critical remote code execution vulnerabilities, emphasizing the importance of immediate attention.
Microsoft has introduced 139 new CVEs spanning various platforms, including Windows, Office, .NET, Azure, SQL Server, Hyper-V, and Xbox, alongside three third-party CVEs. The breakdown of these vulnerabilities is as follows: five rated as Critical, 133 as Important, and three as Moderate.
Particularly concerning is a zero-day vulnerability that permits an authenticated attacker to execute code with SYSTEM privileges. This poses a significant risk to environments running Hyper-V, potentially enabling ransomware attacks. Microsoft strongly recommends prompt testing and deployment of these updates to mitigate potential threats.
Comments
Satnam Narang, Sr. Staff Research Engineer, Tenable
“Microsoft patched two zero-day vulnerabilities that were exploited in the wild.
“CVE-2024-38080 is an elevation of privilege flaw in Windows Hyper-V. A local, authenticated attacker could exploit this vulnerability to elevate privileges to SYSTEM level following an initial compromise of a targeted system. This flaw was exploited in the wild, though we don’t know specifics surrounding the in-the-wild exploitation. However, like most elevation of privilege flaws, we know that vulnerabilities like these that show up in Patch Tuesday releases as zero-days are linked to some type of targeted attack typically conducted by an advanced persistent threat (APT) group. Since 2022, there have been 44 vulnerabilities in Windows Hyper-V, though this is the first one to have been exploited in the wild to our knowledge.
“CVE-2024-38112 is a spoofing vulnerability in the Windows MSHTML Platform that could be exploited by an unauthenticated, remote attacker if they convince a potential target to open a malicious file. However, Microsoft notes that the complexity for this vulnerability is high, which means that an attacker would need to take additional steps beforehand to create the ideal conditions for successful exploitation. Despite this requirement, this flaw has reportedly been exploited in the wild, though no details were available at the time of the Patch Tuesday release.
“Another flaw that stood out includes a Microsoft Office remote code execution flaw (CVE-2024-38021). This vulnerability could be exploited by attackers to leak New Technology LAN Manager (NTLM) credentials. One of the more successful attack campaigns from 2023 used CVE-2023-23397, an elevation of privilege bug in Microsoft Outlook that could also leak NTLM hashes. However, CVE-2024-38021 is limited by the fact that the Preview Pane is not an attack vector, which means that exploitation would not occur just by simply previewing the file, whereas this was the case with CVE-2023-23397.”
+ There are no comments
Add yours