Patch Tuesday: Zero-day Vulnerability Fixes

Yes it was Patch Tuesday July9th (yesterday).

This means Krebsonsecurity had a post describing all the action:

The first Microsoft zero-day this month is CVE-2024-38080, a bug in the Windows Hyper-V component that affects Windows 11 and Windows Server 2022 systems. CVE-2024-38080 allows an attacker to increase their account privileges on a Windows machine. Although Microsoft says this flaw is being exploited, it has offered scant details about its exploitation.

The other zero-day is CVE-2024-38112, which is a weakness in MSHTML, the proprietary engine of Microsoft’s Internet Explorer web browser. Kevin Breen, senior director of threat research at Immersive Labs, said exploitation of CVE-2024-38112 likely requires the use of an “attack chain” of exploits or programmatic changes on the target host, a la Microsoft’s description: “Successful exploitation of this vulnerability requires an attacker to take additional actions prior to exploitation to prepare the target environment.”

SCMedia Magazine wrote it’s version of the upgrades:

Microsoft patched four zero-day bugs that were part of its’ July Patch Tuesday update bringing the total number of updates to 139 fixes.

The Redmond software giant said that four of the of patched flaws are already known to the public and two are currently under active exploit.

If there is some good news to be had for administrators, it is that none of the four zero-day vulnerabilities are considered critical. That is, none of the four would directly lead to an attacker seizing remote control of the target machine. Rather, the attacker would already need to have access to the vulnerable server in order to pull off an attack.

AI created a logo for us for patch Tuesday – not bad if I say so myself…

Now remember just because another patch Tuesday is out (which happens every month – the second Tuesday of the month) you have to stop everything and just upgrade all computers.

What it actually means is that you have to test a system or multiple types of systems immediately and start to review what happens with the upgrades (does anything untoward happen?) for example I remember one upgrade the computer started to reboot multiple times and continued rebooting until the system was put in safe mode, and the upgrade was removed.

Yes we need to upgrade and patch all the vulnerabilities, but one has to have a testing method which also includes good backups. What happens if an important server crashes after an upgrade and will not come back at all? These are things that have happened in the past. So if you do not have a proper testing method and backup process. There is no time like today. Create a testing and backup process now!!! before implementing the July patch cycle.

Contact me for more discussions that would be specific to you.

More with my book here

Past image to describe where we are in the patch process… So at the point of release – we are at the Day60 and the IT department will get to Day75 as soon as all systems upgraded.  The criminals in the meantime are actively developing/deploying attacks  on systems.  The old post discussing this image: