Microsoft fixes 142 vulnerabilities in the July 2024 Patch Tuesday update

Microsoft’s Patch Tuesday in July 2024 dealt with 142 vulnerabilities, many of which revolve around remote code execution vulnerabilities. Among these were four zero-days that made the tech world very anxious: two actively exploited and another pair that had just been made public.

The Windows Hyper-V Elevation of Privilege Vulnerability was highlighted in the zero days. Microsoft fixed this vulnerability, which allowed attackers to reach SYSTEM privileges. Another fix that stands out is the Windows MSHTML spoofing vulnerability, which requires attackers to send a harmful file to their target. This method is frequently used in cyber attacks.

Microsoft also addressed the zero-day vulnerabilities in .NET, Visual Studio, and the FetchBench side channel, which can steal information through remote code execution. These two were not disclosed to the public, and the Redmond-based tech giant preferred to deal with them before making them known to users.

Here’s the breakdown of all the types of fixed vulnerabilities with the July Patch Tuesday updates.

• 59 Remote Code Execution Vulnerabilities
• 26 Elevation of Privileges Vulnerabilities
• 24 Security Feature Bypass Vulnerabilities
• 17 Denial of Service Vulnerabilities
• 9  Information Disclosure Vulnerabilities
• 7 Spoofing Vulnerabilities

Microsoft did not only patch vulnerabilities but also fixed five critical ones. All of these were flaws in remote code execution. This means that attackers could have taken over a system from a distance, making these fixes very important for the safety of users around the globe. The breakdown of fixed vulnerabilities involved different dangers, ranging from privilege escalation to service refusal.

The Redmond-based tech giant wasn’t alone in this effort. Big tech players such as Adobe, Cisco, and VMware also released updates, indicating a joint action within the tech sector to fight against cybersecurity risks. Adobe fixed vulnerabilities in Premiere Pro, InDesign, and Bridge, while Cisco and VMware dealt with flaws found within their products; this shows that every nook of the technology globe may be exposed to danger.

It is also worth mentioning that SQL Server customers might want to update their Windows servers as soon as possible. The July Patch Tuesday update deals with tens of CVEs that focus on SQL Server vulnerabilities. As you can see in the table below, all of them are deemed important, with some reaching a high score.

For those who worry about cybersecurity, there is another issue they might want to pay attention to: CVEs with the No Customer Action Is Required label. Microsoft announced in June that it wanted to release CVEs specifically for cloud security issues; many of these will also have the label, so it will be an extra step for those wanting to keep their devices and servers safe. The July Patch Tuesday update doesn’t feature any CVEs with the label, but starting next month, Microsoft might release them with these additional criteria to be considered and consulted.

Below, you can see all the CVEs addressed with the July Patch Tuesday updates. The 142 vulnerabilities are almost triple the number of CVEs addressed last month.