Microsoft’s July 2024 security update has landed and unveiled 139 unique Common Vulnerabilities and Exposures (CVEs). This massive update, which surpasses the combined total of the previous two monthly releases, has left system administrators with their work cut out for them.
Zero-Day Vulnerabilities: The Immediate Threats
The security update addresses two zero-day vulnerabilities that are currently being exploited in the wild:
1. CVE-2024-38080: A flaw in Windows Hyper-V
- Severity: Moderate (CVSS 6.8)
- Impact: Allows authenticated attackers to execute code with system-level privileges
- Exploitation: Considered easy, requiring no special privileges or user interaction
2. CVE-2024-38112: A vulnerability in the Windows MSHTML Platform
- Severity: Moderate (CVSS 7.0)
- Impact: Described as a spoofing vulnerability
- Exploitation: Requires user interaction (clicking a malicious link)
Despite their moderate severity ratings, the active exploitation of these vulnerabilities highlights the urgency for immediate patching.
Critical Vulnerabilities: Remote Desktop Services at Risk
Among the most severe issues are three critical vulnerabilities (CVE-2024-38076, CVE-2024-38077, and CVE-2024-38089) affecting the Windows Remote Desktop Licensing Service:
- Severity: Critical (CVSS 9.8)
- Impact: Enable remote code execution
- Exploitation: Can be triggered by sending a malicious message to an affected server
Microsoft strongly recommends disabling this service if it is not in use and applying patches immediately.
SQL Server: A Notable Target
An alarming 39 CVEs, over a quarter of the total, affect Microsoft SQL Server. While none are critical, many have high severity ratings (CVSS 8.8), emphasizing the need for database administrators to prioritize these patches.
Elevation of Privilege: An Underestimated Threat
The security update includes 20 Elevation of Privilege (EoP) vulnerabilities, slightly outnumbering Remote Code Execution (RCE) flaws. Security experts stress the importance of addressing EoP vulnerabilities, as they can allow attackers to gain complete admin control of affected systems.
Publicly Known Vulnerabilities
Two additional vulnerabilities were publicly known prior to the update:
1. CVE-2024-35264: A remote code execution vulnerability in .NET and Visual Studio
2. CVE-2024-37985: An information disclosure flaw in Windows 11 on ARM64-based systems
Implications for Various Sectors
Certain sectors are particularly vulnerable to these threats:
- School districts
- Government infrastructure
- State, Local, and Education (SLED) Windows environments
These organizations often rely heavily on Remote Desktop services, making them prime targets for potential attacks.
The July 2024 Microsoft security update presents a major challenge for system administrators and security professionals. The sheer volume of vulnerabilities, coupled with the presence of actively exploited zero-days, clearly demonstrates the critical importance of prompt patching and continuous security monitoring. Organizations should prioritize addressing the most severe vulnerabilities, particularly those affecting widely-used services like Remote Desktop and SQL Server.
