Microsoft’s July Patch Tuesday fix package is causing chaos for sysadmins, with at least two bugs actively being exploited. The updates address a total of 139 Microsoft CVEs. One of the vulnerabilities, CVE-2024-38080, is a Windows Hyper-V elevation of privilege flaw with a CVSS rating of 7.8, deemed “important” by Microsoft. Another bug, CVE-2024-38112, affects the Windows MSHTML platform and received a severity score of 7.5. It requires user interaction for exploitation.
Five critical CVEs for Microsoft include RCE bugs in the Windows Remote Desktop Licensing Service. Childs of Zero Day Initiative warns that exploitation of these bugs could be straightforward. Additionally, Adobe’s monthly patch addresses seven critical flaws which could lead to arbitrary code execution.
SAP released 18 new and updated patches, two of which are high-priority fixes. Fortinet and Citrix also issued patches for vulnerabilities in their products, addressing cross-site scripting and privilege escalation flaws. Google released patches for 27 CVEs in Android, with the most critical being a security vulnerability in the Framework component.
Overall, the July patch updates from various companies address a wide range of security issues, highlighting the importance of promptly applying these patches to protect systems from potential threats.
Article Source
https://www.theregister.com/AMP/2024/07/10/july_2024_patch_tuesday/