News

Microsoft Issues over 140 Patches, 5 of them 'Critical,' for July

Microsoft on Tuesday released a total of 143 security patches -- 139 for its own products, and four for third-party solutions.

This July patch rollout is the largest since April, when Microsoft issued a record 147 fixes.

Microsoft marked five of July's myriad vulnerabilities as "Critical," all of them remote code execution attacks. These three target the Windows Remote Desktop Licensing Service:

One other Critical vulnerability targets the Windows Imaging Component:

The final Critical vulnerability inflicts remote code execution against SharePoint Server:

Both CVE-2024-38060 and CVE-2024-38023 are "more likely" to be exploited, per Microsoft's July advisory.

There are over 130 vulnerabilities marked "Important." At least one of these has already been exploited: a spoofing flaw affecting the Windows MSHTML Platform (CVE-2024-38112).

Several of the Important CVEs are "more likely" to be exploited, Microsoft warned. These include:

  • CVE-2024-38100: Elevation-of-privilege flaw affecting Windows File Explorer
  • CVE-2024-38080: Elevation-of-privilege flaw affecting Windows Hyper-V
  • CVE-2024-38021: Remote code execution against Microsoft Office
  • CVE-2024-38099: Denial-of-service flaw affecting Windows Remote Desktop Licensing Service
  • CVE-2024-38059: Elevation-of-privilege flaw affecting Win32k

There are three "Moderate" vulnerabilities, two of them affecting GitHub with potential elevation-of-privilege attacks:

The third Moderate flaw is a spoofing vulnerability affecting Microsoft Outlook:

Microsoft's full July patch advisory is available here.

About the Author

Gladys Rama (@GladysRama3) is the editorial director of Converge360.

Featured

comments powered by Disqus

Subscribe on YouTube