July’s Patch Tuesday instalment addresses 142 vulnerabilities, an increase from the 91 seen in June. This month brings updates for 5 critical vulnerabilities along with 2 publicly disclosed and 2 exploited in the wild.
CVE-2024-38077 is one of three RCE vulnerabilities relating to Windows Remote Desktop Licensing. With a CVSS score of 9.8, this critical vulnerability could allow any unauthenticated attacker to execute arbitrary code by sending a specially crafted message to an affected server.
“In all cases, Microsoft strongly recommends that you install the updates for this vulnerability as soon as possible even if you plan to leave Remote Desktop Licensing Service disabled”.
This critical RCE vulnerability relates to the Windows Imaging Component, which provides a framework for working with images and image metadata. Microsoft has reported that only an authenticated attacker can exploit the vulnerability by uploading a malicious TIFF file to a server. It is also worth noting that exploitation does not require administrative or other elevate privileges; any authenticated attacker can exploit this vulnerability.
This important vulnerability in Windows Hyper-V could allow an authenticated attacker to execute code with system privileges. Microsoft has noted that this vulnerability has been seen exploited in the wild but hasn’t released further information into who is exploiting this vulnerability, how, or how widespread the attack is.
The second important flaw to be exploited in the wild is a spoofing vulnerability affecting Windows’ MSHTML Platform, used for rendering HTML pages for the Internet Explorer web browser. Microsoft has stated an attacker could exploit this flaw by sending a malicious file to a user and persuading them to execute it.
An authenticated attacker with Site Owner permissions or higher could upload a specially crafted file to an affected SharePoint Server and craft specialised API requests to trigger deserialization of file's parameters. This would enable the attacker to perform remote code execution in the context of the SharePoint Server.
If successfully exploited, this important vulnerability in .NET and VS could allow an unauthorised attacker to execute arbitrary code on the target system. An attacker could exploit this by closing an http/3 stream while the request body is being processed leading to a race condition. Attack complexity for this vulnerability is high, and may require the attacker to gather knowledge about the target environment and make preparations to improve exploit reliability.
For a full list of this month’s updates please see the links below:
Patch Tuesday release notes: https://msrc.microsoft.com/update-guide/releaseNote/2024-Jul
Security update guide: https://msrc.microsoft.com/update-guide/
Stuart Hare is a Technologist with a passion for helping people in all aspects of IT & Cyber Security. Stuart is the Founder of Ironshare, an Information and Cyber Security company providing consultancy and managed services.
Samuel is a Security Analyst with Ironshare, an Information and Cyber Security company providing Security consultancy and managed services.
Joshua is working as a Managed Service Lead with Ironshare, an Information and Cyber Security company providing Security consultancy and managed services.
