Security News Microsoft July 2024 Patch Tuesday fixes 142 flaws, 4 zero-days

Gandalf_The_Grey

Level 81
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
7,084
Today is Microsoft's July 2024 Patch Tuesday, which includes security updates for 142 flaws, including two actively exploited and two publicly disclosed zero-days.

This Patch Tuesday fixed five critical vulnerabilities, with all being remote code execution flaws.

The number of bugs in each vulnerability category is listed below:
  • 26 Elevation of Privilege Vulnerabilities
  • 24 Security Feature Bypass Vulnerabilities
  • 59 Remote Code Execution Vulnerabilities
  • 9 Information Disclosure Vulnerabilities
  • 17 Denial of Service Vulnerabilities
  • 7 Spoofing Vulnerabilities
To learn more about the non-security updates released today, you can review our dedicated articles on the new Windows 11 KB5040435 update.
 

Gandalf_The_Grey

Level 81
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
7,084
ZDI: The July 2024 Security Update Review
We’re just past the halfway point of 2024, and as expected, Microsoft and Adobe have released their regularly scheduled updates. Take a break from your regular activities and join us as we review the details of their latest security alerts. Check out the Patch Report webcast on our YouTube channel if you’d rather watch the full video recap covering the entire release. It should be posted within a couple of hours after the release.

Adobe Patches for July 2024

For July, Adobe released three patches addressing seven CVEs in Adobe Premiere Pro, InDesign, and Adobe Bridge. The patch for InDesign is the largest, fixing four Critical-rated CVEs. All four could lead to arbitrary code execution. The fix for Premiere Pro fixes a single CVE that could lead to arbitrary code execution. Finally, the fix for Bridge fixes one Critical rated and one Important rated bug. The Critical-rated bug could lead to code execution while the other bug is a memory leak. After such a huge Adobe release last month, it’s nice to see a smaller one this month.

None of the bugs fixed by Adobe this month are listed as publicly known or under active attack at the time of release. Adobe categorizes these updates as a deployment priority rating of 3.

Microsoft Patches for July 2024

This month, Microsoft released a gargantuan 138 new CVEs in Windows and Windows Components; Office and Office Components; .NET and Visual Studio; Azure; Defender for IoT; SQL Server; Windows Hyper-V; Bitlocker and Secure(?) Boot; Remote Desktop; and Xbox (yes Xbox!). If you include the third-party CVEs being documented this month, the CVE count comes to 141. One of these cases came through the ZDI program.

Of the patches being today, five are rated Critical, 133 are rated Important, and three are rated Moderate in severity. This release is another huge bunch of fixes from Redmond, just shy of the record 147 CVEs from back in April this year.

Two of these CVEs are listed as publicly known, with one of those being a third-party update that’s now being integrated into Microsoft products. Two other bugs are listed as being under active attack.
 

Gandalf_The_Grey

Level 81
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
7,084
Microsoft Releases July 2024 Patch Tuesday Updates
Microsoft has just released the July 2024 Patch Tuesday updates for all supported versions of Windows 11 and Windows 10. This includes Windows 11 version 24H2, which is currently only available out of the box on Copilot+ PCs, though anyone else can install this update using the official ISOs.

So let’s start with the KB5040435 update for Windows 11 version 24H2, which will bump the build number to 26100.1150. As usual, the release notes are quite succinct and only highlight fixes for a couple of security issues. You actually need to check out the release notes for last month’s optional “D” update for more details about the security updates.

For Windows 11 versions 23H2 and 22H2, today’s KB5040442 patch will install the builds 22631.3880 and 22621.3880, respectively. It includes the same security updates available in the KB5040435 patch for the version 24H2 of the OS, but there are also the following new features that will roll out gradually to all users:

New Copilot app: The standalone Copilot app that’s included in Windows 11 version 24H2 is also coming to the previous versions of the OS. The app is now pinned to the taskbar and behaves like a regular app that can be resized and snapped next to other apps.

Show Desktop button on the taskbar: The “Show Desktop button ” appears again on the taskbar by default, but it can be disabled in taskbar settings.

More formats for compressing files: From File Explorer, users can now create 7-Zip and Tape Archive (TAR) files using the context menu.

File Explorer improvements: A thin, black border now appears around items selected in File Explorer to make them more visible.

Windows Share improvements: A new Copy button lets users copy files from the Windows Share window.

New account manager in Start menu: Users signed in with a Microsoft account will be able to see their account benefits at a glance in the Start Menu.

Emoji 15.1: The latest emoji update will let users choose the right or left-facing direction for some people emoji, and it also brings new emoji such as horizontal and vertical head shake, phoenix, brown mushroom, and more.

Safely remove USB devices: This update fixes a bug causing the Safely Remove Hardware option to fail when Task Manager is open.

Snipping Tool improvements: Users should no longer hear audio distortions when recording videos with the app.

Let’s conclude with the KB5040427 update for Windows 10 version 22H2: This update also brings the aforementioned new Copilot app to Windows 10 users, but again, it will be rolling out gradually. Microsoft also fixed a bug causing actions from an app’s jump list on the taskbar to not complete.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top