{"id":18938,"date":"2024-07-09T12:29:09","date_gmt":"2024-07-09T19:29:09","guid":{"rendered":"https:\/\/msftnewsnow.com\/?p=18938"},"modified":"2025-06-19T06:23:50","modified_gmt":"2025-06-19T13:23:50","slug":"july-2024-patch-tuesday-update-142-vulnerabilities","status":"publish","type":"post","link":"https:\/\/msftnewsnow.com\/july-2024-patch-tuesday-update-142-vulnerabilities\/","title":{"rendered":"Microsoft releases critical July 2024 Patch Tuesday updates, addressing 142 vulnerabilities"},"content":{"rendered":"<p>Microsoft has rolled out its July 2024 Patch Tuesday updates, <a href=\"https:\/\/www.bleepingcomputer.com\/news\/microsoft\/microsoft-july-2024-patch-tuesday-fixes-142-flaws-4-zero-days\/\" target=\"_blank\" rel=\"noopener\">addressing a substantial 142 security vulnerabilities<\/a> across its product lineup. This month&#8217;s update is particularly significant, with fixes for four zero-day vulnerabilities, including two that are actively being exploited in the wild.<\/p>\n<h2>Critical vulnerabilities and zero-days<\/h2>\n<p>Of the 142 flaws patched, five are classified as critical, all related to remote code execution vulnerabilities. The update also addresses 59 remote code execution vulnerabilities overall, highlighting the potential severity of these security issues.<\/p>\n<p>Four actively exploited zero-day vulnerabilities have been fixed in this update:<\/p>\n<ol>\n<li><a href=\"https:\/\/msrc.microsoft.com\/update-guide\/en-US\/advisory\/CVE-2024-38080\" target=\"_blank\" rel=\"noopener\"><strong>CVE-2024-38080<\/strong><\/a>: A Windows Hyper-V elevation of privilege vulnerability.<\/li>\n<li><a href=\"https:\/\/msrc.microsoft.com\/update-guide\/en-US\/advisory\/CVE-2024-38112\" target=\"_blank\" rel=\"noopener\"><strong>CVE-2024-38112<\/strong><\/a>: A Windows MSHTML Platform spoofing vulnerability.<\/li>\n<li><a href=\"https:\/\/msrc.microsoft.com\/update-guide\/en-US\/advisory\/CVE-2024-35264\" target=\"_blank\" rel=\"noopener\"><strong>CVE-2024-35264<\/strong><\/a>: A .NET and Visual Studio remote code execution vulnerability.<\/li>\n<li><a href=\"https:\/\/msrc.microsoft.com\/update-guide\/en-US\/advisory\/CVE-2024-37985\" target=\"_blank\" rel=\"noopener\"><strong>CVE-2024-37985<\/strong><\/a>: A systematic identification and characterization of proprietary prefetchers security vulnerability.<\/li>\n<\/ol>\n<p>The Hyper-V vulnerability (CVE-2024-38080) is particularly concerning as it could allow an attacker to gain SYSTEM privileges. Microsoft has not provided detailed information about how this vulnerability is being exploited, but its active exploitation status underscores its severity.<\/p>\n<p>The MSHTML Platform spoofing vulnerability (CVE-2024-38112) requires the attacker to send a malicious file to the victim, which must then be executed. This vulnerability was disclosed by Haifei Li of Check Point Research.<\/p>\n<h2>Breakdown of vulnerabilities<\/h2>\n<p>The July 2024 Patch Tuesday update addresses vulnerabilities across various categories:<\/p>\n<ul>\n<li>26 Elevation of Privilege vulnerabilities<\/li>\n<li>24 Security Feature Bypass vulnerabilities<\/li>\n<li>59 Remote Code Execution vulnerabilities<\/li>\n<li>9 Information Disclosure vulnerabilities<\/li>\n<li>17 Denial of Service vulnerabilities<\/li>\n<li>7 Spoofing vulnerabilities<\/li>\n<\/ul>\n<h2>Affected Microsoft products<\/h2>\n<p>The security updates cover a wide range of Microsoft products, including:<\/p>\n<ul>\n<li>Windows<\/li>\n<li>Office<\/li>\n<li>Exchange Server<\/li>\n<li>.NET and Visual Studio<\/li>\n<li>Microsoft Message Queuing (MSMQ)<\/li>\n<li>Windows Hyper-V<\/li>\n<\/ul>\n<h2>Importance of timely updates<\/h2>\n<p><a href=\"https:\/\/e7drz69p964.exactdn.com\/wp-content\/uploads\/2024\/07\/DGGDGD.jpg?strip=all&lossy=1&quality=88&sharp=1&w=2560&ssl=1\"><img decoding=\"async\" data-attachment-id=\"18947\" data-permalink=\"https:\/\/msftnewsnow.com\/july-2024-patch-tuesday-update-142-vulnerabilities\/dggdgd\/#main\" data-orig-file=\"https:\/\/e7drz69p964.exactdn.com\/wp-content\/uploads\/2024\/07\/DGGDGD.jpg?strip=all&lossy=1&quality=88&sharp=1&ssl=1\" data-orig-size=\"720,720\" data-comments-opened=\"1\" data-image-meta=\"{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}\" data-image-title=\"DGGDGD\" data-image-description=\"\" data-image-caption=\"\" data-medium-file=\"https:\/\/e7drz69p964.exactdn.com\/wp-content\/uploads\/2024\/07\/DGGDGD.jpg?strip=all&lossy=1&quality=88&sharp=1&ssl=1\" data-large-file=\"https:\/\/e7drz69p964.exactdn.com\/wp-content\/uploads\/2024\/07\/DGGDGD.jpg?strip=all&lossy=1&quality=88&sharp=1&ssl=1\" class=\"alignnone size-full wp-image-18947\" src=\"https:\/\/e7drz69p964.exactdn.com\/wp-content\/uploads\/2024\/07\/DGGDGD.jpg?strip=all&lossy=1&quality=88&sharp=1&ssl=1\" alt=\"Microsoft releases critical July 2024 Patch Tuesday updates, addressing 142 vulnerabilities\" width=\"768\" height=\"768\" srcset=\"https:\/\/e7drz69p964.exactdn.com\/wp-content\/uploads\/2024\/07\/DGGDGD.jpg?strip=all&amp;lossy=1&amp;quality=88&amp;sharp=1&amp;ssl=1 720w, https:\/\/e7drz69p964.exactdn.com\/wp-content\/uploads\/2024\/07\/DGGDGD-150x150.jpg?strip=all&amp;lossy=1&amp;quality=88&amp;sharp=1&amp;ssl=1 150w, https:\/\/e7drz69p964.exactdn.com\/wp-content\/uploads\/2024\/07\/DGGDGD.jpg?strip=all&amp;lossy=1&amp;quality=88&amp;sharp=1&amp;zoom=0.4&amp;resize=768%2C768&amp;ssl=1 307w, https:\/\/e7drz69p964.exactdn.com\/wp-content\/uploads\/2024\/07\/DGGDGD.jpg?strip=all&amp;lossy=1&amp;quality=88&amp;sharp=1&amp;zoom=0.6&amp;resize=768%2C768&amp;ssl=1 460w, https:\/\/e7drz69p964.exactdn.com\/wp-content\/uploads\/2024\/07\/DGGDGD.jpg?strip=all&amp;lossy=1&amp;quality=88&amp;sharp=1&amp;zoom=0.8&amp;resize=768%2C768&amp;ssl=1 614w\" sizes=\"(max-width: 768px) 100vw, 768px\" \/><\/a><\/p>\n<p>IT administrators are strongly advised to apply these updates promptly to protect systems from potential attacks. The presence of actively exploited zero-day vulnerabilities makes this month&#8217;s update particularly crucial for maintaining system security.<\/p>\n<h2>Additional updates<\/h2>\n<p>In addition to the security patches, Microsoft has also released non-security updates for <a href=\"https:\/\/msftnewsnow.com\/tag\/windows-11\" target=\"_blank\" rel=\"noopener\">Windows 11<\/a> and <a href=\"https:\/\/msftnewsnow.com\/tag\/windows-10\" target=\"_blank\" rel=\"noopener\">Windows 10<\/a>. These updates introduce new features such as Game Pass recommendations, improvements in File Explorer, and support for Emoji 15.1.<\/p>\n<p>The July 2024 <a href=\"https:\/\/msftnewsnow.com\/tag\/patch-tuesday\" target=\"_blank\" rel=\"noopener\">Patch Tuesday<\/a> underscores the ongoing importance of regular security updates in the face of evolving cyber threats. With 142 vulnerabilities addressed, including critical and actively exploited flaws, it&#8217;s crucial for users and administrators to apply these updates as soon as possible to maintain the security of their systems and networks.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>The July 2024 Patch Tuesday underscores the ongoing importance of regular security updates in the face of evolving cyber threats. With 142 vulnerabilities addressed, including critical and actively exploited flaws, it&#8217;s crucial for users and administrators to apply these updates as soon as possible to maintain the security of their systems and networks.<\/p>\n","protected":false},"author":208461344,"featured_media":18946,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":true,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"enabled":false},"version":2}},"categories":[24,2540],"tags":[778,32,1083,1275,275,1205,1213],"class_list":["post-18938","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news","category-security","tag-microsoft","tag-patch-tuesday","tag-security","tag-visual-studio","tag-windows","tag-windows-10","tag-windows-11"],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"https:\/\/msftnewsnow.com\/wp-content\/uploads\/2024\/07\/un2ya4gejp8770e67u7p.jpg","jetpack_shortlink":"https:\/\/wp.me\/pfgCZY-4Vs","jetpack-related-posts":[{"id":328217,"url":"https:\/\/msftnewsnow.com\/microsoft-december-2024-security-update-zero-day\/","url_meta":{"origin":18938,"position":0},"title":"Microsoft issues critical December 2024 security update to address actively exploited zero-day vulnerability","author":"Dave W. Shanahan","date":"December 12, 2024","format":false,"excerpt":"Microsoft has released its final security patch of 2024, addressing a critical zero-day vulnerability (CVE-2024-49138) that attackers are actively exploiting in the wild. This significant security update, part of December's Patch Tuesday release, fixes 71 vulnerabilities, including 16 rated as critical. Critical zero-day details The actively exploited vulnerability exists in\u2026","rel":"","context":"In &quot;News&quot;","block_context":{"text":"News","link":"https:\/\/msftnewsnow.com\/news\/"},"img":{"alt_text":"Microsoft Issues Critical December 2024 Security Update to Address Actively Exploited Zero-Day Vulnerability","src":"https:\/\/i0.wp.com\/msftnewsnow.com\/wp-content\/uploads\/2024\/12\/m5wvgstkttly9mhk2ahm.jpg?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/msftnewsnow.com\/wp-content\/uploads\/2024\/12\/m5wvgstkttly9mhk2ahm.jpg?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/msftnewsnow.com\/wp-content\/uploads\/2024\/12\/m5wvgstkttly9mhk2ahm.jpg?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/msftnewsnow.com\/wp-content\/uploads\/2024\/12\/m5wvgstkttly9mhk2ahm.jpg?resize=700%2C400&ssl=1 2x"},"classes":[]},{"id":22789,"url":"https:\/\/msftnewsnow.com\/microsoft-october-2024-patch-tuesday-update\/","url_meta":{"origin":18938,"position":1},"title":"Microsoft releases critical October 2024 Patch Tuesday update, patching 118 security flaws and 2 crucial zero-days","author":"Dave W. Shanahan","date":"October 9, 2024","format":false,"excerpt":"Microsoft has unveiled its October 2024 Patch Tuesday update, addressing a significant number of security vulnerabilities across its product line. This month's release is particularly crucial, as it tackles 118 security flaws, including five zero-day vulnerabilities, two of which are already being actively exploited by malicious actors.","rel":"","context":"In &quot;News&quot;","block_context":{"text":"News","link":"https:\/\/msftnewsnow.com\/news\/"},"img":{"alt_text":"Microsoft releases critical October 2024 Patch Tuesday update, patching 118 security flaws and 2 crucial zero-days","src":"https:\/\/i0.wp.com\/msftnewsnow.com\/wp-content\/uploads\/2024\/10\/odgyugr7wfqrk8a5w5yy.jpg?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/msftnewsnow.com\/wp-content\/uploads\/2024\/10\/odgyugr7wfqrk8a5w5yy.jpg?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/msftnewsnow.com\/wp-content\/uploads\/2024\/10\/odgyugr7wfqrk8a5w5yy.jpg?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/msftnewsnow.com\/wp-content\/uploads\/2024\/10\/odgyugr7wfqrk8a5w5yy.jpg?resize=700%2C400&ssl=1 2x"},"classes":[]},{"id":332492,"url":"https:\/\/msftnewsnow.com\/microsofts-march-2025-patch-tuesday-7-zero-days\/","url_meta":{"origin":18938,"position":2},"title":"Microsoft&#8217;s March 2025 Patch Tuesday Addresses 57 Vulnerabilities, Including 7 Critical Zero-Day Flaws","author":"Dave W. Shanahan","date":"March 12, 2025","format":false,"excerpt":"Microsoft has released its March 2025 Patch Tuesday updates, resolving a total of 57 security vulnerabilities affecting various products, including Windows, Office, Remote Desktop Services, and more. As reported by Bleeping Computer, among these vulnerabilities are seven critical zero-day flaws\u2014six of which were actively exploited in the wild prior to\u2026","rel":"","context":"In &quot;News&quot;","block_context":{"text":"News","link":"https:\/\/msftnewsnow.com\/news\/"},"img":{"alt_text":"Microsoft's March 2025 Patch Tuesday Addresses 57 Vulnerabilities, Including 7 Critical Zero-Day Flaws, CVE-2025-24983, CVE-2025-24991, CVE-2025-24984, CVE-2025-26630, CVE-2025-24985, CVE-2025-24993, CVE-2025-26633, CVE-2025-25001, CVE-2025-25002, CVE-2025-25003, CVE-2025-25004, CVE-2025-25005","src":"https:\/\/i0.wp.com\/msftnewsnow.com\/wp-content\/uploads\/2025\/03\/f573b6ca-d63d-40aa-b938-eca52a0cc389-1.jpg?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/msftnewsnow.com\/wp-content\/uploads\/2025\/03\/f573b6ca-d63d-40aa-b938-eca52a0cc389-1.jpg?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/msftnewsnow.com\/wp-content\/uploads\/2025\/03\/f573b6ca-d63d-40aa-b938-eca52a0cc389-1.jpg?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/msftnewsnow.com\/wp-content\/uploads\/2025\/03\/f573b6ca-d63d-40aa-b938-eca52a0cc389-1.jpg?resize=700%2C400&ssl=1 2x"},"classes":[]},{"id":329309,"url":"https:\/\/msftnewsnow.com\/microsoft-issues-largest-security-update-in-years\/","url_meta":{"origin":18938,"position":3},"title":"Microsoft issues largest security update in years for Patch Tuesday January 2025, patches 3 critical zero-day vulnerabilities","author":"Dave W. Shanahan","date":"January 15, 2025","format":false,"excerpt":"Microsoft has released its first Patch Tuesday update of 2025, addressing a staggering 161 security vulnerabilities - the largest number of fixes in a single month since 2017. As reported by Bleeping Computer, the massive update includes security patches for three actively exploited zero-day flaws and multiple critical vulnerabilities that\u2026","rel":"","context":"In &quot;News&quot;","block_context":{"text":"News","link":"https:\/\/msftnewsnow.com\/news\/"},"img":{"alt_text":"Microsoft issues January 2025 largest security updates in years, patches 3 critical zero-day vulnerabilities for January 2025","src":"https:\/\/i0.wp.com\/msftnewsnow.com\/wp-content\/uploads\/2025\/01\/mvz7aywqxsgp9jdu7liv-e1736965366518.jpg?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/msftnewsnow.com\/wp-content\/uploads\/2025\/01\/mvz7aywqxsgp9jdu7liv-e1736965366518.jpg?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/msftnewsnow.com\/wp-content\/uploads\/2025\/01\/mvz7aywqxsgp9jdu7liv-e1736965366518.jpg?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/msftnewsnow.com\/wp-content\/uploads\/2025\/01\/mvz7aywqxsgp9jdu7liv-e1736965366518.jpg?resize=700%2C400&ssl=1 2x"},"classes":[]},{"id":350079,"url":"https:\/\/msftnewsnow.com\/july-2025-microsoft-patch-tuesday-vulnerabilities\/","url_meta":{"origin":18938,"position":4},"title":"July 2025 Microsoft Patch Tuesday: 137 Vulnerabilities Fixed, One Zero-Day in SQL Server, Critical Office and AMD Flaws","author":"Dave W. Shanahan","date":"July 8, 2025","format":false,"excerpt":"Microsoft has released its July 2025 Patch Tuesday security updates, addressing a sweeping total of 137 vulnerabilities across its product portfolio. This month\u2019s Microsoft Patch Tuesday cycle is headlined by a publicly disclosed zero-day vulnerability in Microsoft SQL Server, alongside a host of critical flaws in Microsoft Office, SharePoint, and\u2026","rel":"","context":"In &quot;News&quot;","block_context":{"text":"News","link":"https:\/\/msftnewsnow.com\/news\/"},"img":{"alt_text":"July 2025 Microsoft Patch Tuesday: 137 Vulnerabilities Fixed, One Zero-Day in SQL Server, Critical Office and AMD Flaws","src":"https:\/\/i0.wp.com\/msftnewsnow.com\/wp-content\/uploads\/2025\/07\/avdd8ckrtwd25gzo2tnu-scaled.jpg?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/msftnewsnow.com\/wp-content\/uploads\/2025\/07\/avdd8ckrtwd25gzo2tnu-scaled.jpg?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/msftnewsnow.com\/wp-content\/uploads\/2025\/07\/avdd8ckrtwd25gzo2tnu-scaled.jpg?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/msftnewsnow.com\/wp-content\/uploads\/2025\/07\/avdd8ckrtwd25gzo2tnu-scaled.jpg?resize=700%2C400&ssl=1 2x, https:\/\/i0.wp.com\/msftnewsnow.com\/wp-content\/uploads\/2025\/07\/avdd8ckrtwd25gzo2tnu-scaled.jpg?resize=1050%2C600&ssl=1 3x"},"classes":[]},{"id":347001,"url":"https:\/\/msftnewsnow.com\/microsoft-patch-tuesday-june-2025-65-security-fix\/","url_meta":{"origin":18938,"position":5},"title":"Microsoft Patch Tuesday June 2025: 65+ Security Vulnerabilities Patched, Zero-Day Exploit Fixed","author":"Dave W. Shanahan","date":"June 11, 2025","format":false,"excerpt":"Microsoft\u2019s June 2025 Patch Tuesday has arrived, delivering urgent security fixes for a broad range of its products. The company addressed more than 65 vulnerabilities, including a zero-day exploit that was being actively used in cyber espionage campaigns. This month\u2019s updates are critical for both enterprise and individual users, reinforcing\u2026","rel":"","context":"In &quot;News&quot;","block_context":{"text":"News","link":"https:\/\/msftnewsnow.com\/news\/"},"img":{"alt_text":"Microsoft Patch Tuesday June 2025: 65+ Security Vulnerabilities Patched, Zero-Day Exploit Fixed","src":"https:\/\/i0.wp.com\/msftnewsnow.com\/wp-content\/uploads\/2025\/06\/xelmjbjubehnaogdqaxe-scaled.jpg?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/msftnewsnow.com\/wp-content\/uploads\/2025\/06\/xelmjbjubehnaogdqaxe-scaled.jpg?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/msftnewsnow.com\/wp-content\/uploads\/2025\/06\/xelmjbjubehnaogdqaxe-scaled.jpg?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/msftnewsnow.com\/wp-content\/uploads\/2025\/06\/xelmjbjubehnaogdqaxe-scaled.jpg?resize=700%2C400&ssl=1 2x, https:\/\/i0.wp.com\/msftnewsnow.com\/wp-content\/uploads\/2025\/06\/xelmjbjubehnaogdqaxe-scaled.jpg?resize=1050%2C600&ssl=1 3x"},"classes":[]}],"jetpack_likes_enabled":true,"jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/msftnewsnow.com\/wp-json\/wp\/v2\/posts\/18938","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/msftnewsnow.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/msftnewsnow.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/msftnewsnow.com\/wp-json\/wp\/v2\/users\/208461344"}],"replies":[{"embeddable":true,"href":"https:\/\/msftnewsnow.com\/wp-json\/wp\/v2\/comments?post=18938"}],"version-history":[{"count":0,"href":"https:\/\/msftnewsnow.com\/wp-json\/wp\/v2\/posts\/18938\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/msftnewsnow.com\/wp-json\/wp\/v2\/media\/18946"}],"wp:attachment":[{"href":"https:\/\/msftnewsnow.com\/wp-json\/wp\/v2\/media?parent=18938"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/msftnewsnow.com\/wp-json\/wp\/v2\/categories?post=18938"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/msftnewsnow.com\/wp-json\/wp\/v2\/tags?post=18938"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}