Critical Flaws in Microsoft's July Security Update: Immediate Action Required

Microsoft's July security update presents a significant challenge for administrators, addressing a staggering 139 unique CVEs. Among these, two are currently being exploited by attackers, and one remains publicly known but unexploited. This update, which includes more patches than the previous two months combined, covers vulnerabilities that could enable remote code execution, privilege escalation, data theft, security feature bypass, and other malicious activities. Additionally, the update includes patches for four non-Microsoft CVEs, including a known Intel microprocessor vulnerability.

Urgent Zero-Day Vulnerabilities

One of the zero-day vulnerabilities, CVE-2024-38080, affects Microsoft's Windows Hyper-V virtualization technology. This flaw allows an authenticated attacker to execute code with system-level privileges. Despite its high potential for exploitation and ease of attack, Microsoft has rated this vulnerability as 'important' with a CVSS score of 6.8. Kev Breen, senior director of threat research at Immersive Labs, emphasized the need for immediate patching due to active exploitation, noting the lack of detailed information that could help threat hunters assess existing compromises.

Another critical zero-day, CVE-2024-38112, affects the Windows MSHTML Platform (Trident browser engine). This spoofing vulnerability, which can be exploited by convincing a user to click on a malicious link, has a moderate CVSS severity rating of 7.0. The ambiguity in Microsoft’s description has raised questions about the nature of the threat. Dustin Childs from Trend Micro's Zero Day Initiative speculated that the bug might enable remote code execution, though exploitation complexity and the need for an attack chain remain uncertain.

High-Priority Vulnerabilities

The update also addresses two previously known vulnerabilities, CVE-2024-35264 in .Net and Visual Studio, and CVE-2024-37985, an Intel CVE. Four flaws were rated as critical, including three that affect the Windows Remote Desktop Licensing Service, all with a severity rating of 9.8. These vulnerabilities (CVE-2024-38076, CVE-2024-38077, and CVE-2024-38089) enable remote code execution and should be prioritized. Microsoft advises disabling the Remote Desktop Licensing Service if unused and applying patches immediately.

SQL Server Vulnerabilities

Notably, the update addresses 39 CVEs affecting Microsoft SQL Server, constituting over a quarter of the total vulnerabilities. While none are rated critical, their CVSS scores of 8.8 indicate significant risk, necessitating prompt attention from SQL Server customers.

Elevation of Privilege Bugs

The update also includes 20 elevation of privilege (EoP) vulnerabilities, slightly outnumbering the 18 remote code execution flaws. Although EoP bugs are often rated less severe, they can enable attackers to gain administrative control, equating their impact with remote code execution vulnerabilities. Security teams are urged to treat EoP bugs with the same priority.

Microsoft's July security update underscores the urgent need for administrators to act swiftly in patching critical vulnerabilities. With active exploitation already underway, timely updates are crucial to protect systems from potential breaches. The extensive scope of this update highlights the ongoing challenges in maintaining robust cybersecurity defenses in an increasingly complex threat landscape.