News
Microsoft Issues over 140 Patches, 5 of them 'Critical,' for July
Microsoft on Tuesday released a total of 143 security patches -- 139 for its own products, and four for third-party solutions.
This July patch rollout is the largest since April, when Microsoft issued a record 147 fixes.
Microsoft marked five of July's myriad vulnerabilities as "Critical," all of them remote code execution attacks. These three target the Windows Remote Desktop Licensing Service:
One other Critical vulnerability targets the Windows Imaging Component:
The final Critical vulnerability inflicts remote code execution against SharePoint Server:
Both CVE-2024-38060 and CVE-2024-38023 are "more likely" to be exploited, per Microsoft's July advisory.
There are over 130 vulnerabilities marked "Important." At least one of these has already been exploited: a spoofing flaw affecting the Windows MSHTML Platform (CVE-2024-38112).
Several of the Important CVEs are "more likely" to be exploited, Microsoft warned. These include:
- CVE-2024-38100: Elevation-of-privilege flaw affecting Windows File Explorer
- CVE-2024-38080: Elevation-of-privilege flaw affecting Windows Hyper-V
- CVE-2024-38021: Remote code execution against Microsoft Office
- CVE-2024-38099: Denial-of-service flaw affecting Windows Remote Desktop Licensing Service
- CVE-2024-38059: Elevation-of-privilege flaw affecting Win32k
There are three "Moderate" vulnerabilities, two of them affecting GitHub with potential elevation-of-privilege attacks:
The third Moderate flaw is a spoofing vulnerability affecting Microsoft Outlook:
Microsoft's full July patch advisory is available here.