Microsoft released its monthly security updates on Tuesday, addressing a total of 169 newly discovered vulnerabilities across its software ecosystem. Among these flaws is one zero-day vulnerability in SharePoint that has already been exploited in real-world attacks.
The company’s Patch Tuesday release for July 2024 represents a significant volume of fixes. The vulnerabilities span a wide range of Microsoft products, including the Windows operating system, Microsoft Office, Azure, and enterprise servers.
Severity and Distribution of Vulnerabilities
Of the 169 security flaws patched, Microsoft classified eight as “Critical” in severity. These critical vulnerabilities typically allow for remote code execution, meaning an attacker could run malicious software on a target system without user interaction. The vast majority, 157 flaws, were rated as “Important,” while three received a “Moderate” rating and one was deemed “Low” severity.
Microsoft’s security team identified that 93 of the vulnerabilities could lead to remote code execution if successfully exploited. Other common types of flaws addressed include privilege escalation, information disclosure, and denial of service vulnerabilities.
The Actively Exploited SharePoint Zero-Day
The most urgent issue addressed is tracked as CVE-2024-38013. This is an elevation of privilege vulnerability in Microsoft SharePoint Server. Microsoft confirmed this flaw has been used in active attacks before a patch was available, classifying it as a zero-day.
Successful exploitation of this vulnerability could allow an attacker to gain administrative privileges on an affected SharePoint server. This level of access would enable the theft of sensitive data, manipulation of site content, or the installation of persistent backdoors for future access. Administrators of on-premises SharePoint deployments are urged to apply the updates immediately.
Other Critical Vulnerabilities Patched
Several other critical-rated vulnerabilities warrant attention from system administrators. These include multiple remote code execution flaws in the Windows Wi-Fi Driver, which could allow an attacker within wireless range to compromise a system without user interaction.
Additional critical patches were issued for vulnerabilities in Windows Hyper-V, the Windows Kernel, and the Windows MSHTML platform. The volume and variety of patched issues underscore the broad attack surface presented by complex, interconnected software systems.
Guidance for Users and Administrators
Microsoft strongly recommends that all users apply the latest updates through Windows Update, Microsoft Update, or their enterprise patch management systems. For enterprise environments, standard testing protocols in a isolated environment should be followed before broad deployment to ensure compatibility with business applications.
Security researchers emphasize that applying patches for publicly known and actively exploited vulnerabilities should be the highest priority. Delaying updates, particularly for internet-facing services like SharePoint, significantly increases the risk of a network compromise.
Context and Industry Response
This month’s large batch of fixes continues a trend of substantial Patch Tuesday releases as software complexity grows. Independent security firms that analyze Microsoft’s patches each month have begun reviewing the technical details to assess the overall risk to organizations.
The consistent discovery of such a high number of vulnerabilities highlights the ongoing challenge of securing widely deployed software. It also demonstrates the continuous efforts by both Microsoft’s internal security teams and external researchers through coordinated vulnerability disclosure programs.
Looking ahead, organizations should expect the next round of security updates from Microsoft on August 13, 2024. Until then, security teams are advised to monitor for any emerging exploit techniques targeting the newly disclosed vulnerabilities, particularly the patched SharePoint zero-day. Microsoft may release additional guidance or mitigation steps if exploitation becomes more widespread before all systems can be updated.
Source: Microsoft Security Response Center
