July 2024 Microsoft Patch Tuesday update 139 Security Flaws fixed

Today Microsoft fixed at least 139 security vulnerabilities in its product portfolio. Here are Details on Microsoft's security updates in July 2024 Patch Tuesday.

Today is the second Tuesday of July 2024, and Microsoft has released its latest security updates. These updates address 139 vulnerabilities across various Microsoft products. Among them, two actively exploited and two publicly disclosed zero-days and five are considered critical because they can allow attackers to gain higher privileges, execute remote code, or engage in spoofing activities, and the remaining 134 are classified as important.

Four zero-day vulnerabilities are:

Five Critical Severity Vulnerability are:

Microsoft patched 139 CVEs in its July 2024 Patch Tuesday Release, including Four zero-day (CVE-2024–38112, CVE-2024–35264, CVE-2024–37985, CVE-2024–38080), with Five rated as critical and 134 rated as important.

Microsoft July 2024 Patch Tuesday update

This month’s Patch Tuesday fixes 138 RCE flaws including five critical Remote Code Execution Vulnerability.

The number of bugs in each vulnerability category is listed below:

  • 26 Elevation of Privilege Vulnerabilities
  • 59 Remote Code Execution Vulnerabilities (5 Critical)
  • 9 Information Disclosure Vulnerabilities
  • 17 Denial of Service Vulnerabilities
  • 7 Spoofing Vulnerability
  • 24 Security Feature Bypass Vulnerability

This month’s update includes patches for four Zero-day Vulnerabilities and five critical Remote Code Execution Vulnerability.

Four zero-day vulnerabilities fixed

CVE-2024-38112: This spoofing vulnerability in the Windows MSHTML platform, despite the end of support for Internet Explorer 11, remains relevant and actively exploited. An attacker must send a malicious file to the victim and convince them to execute it. CISA has acknowledged its active exploitation and urged users to patch the flaw before July 30, 2024.

CVE-2024-35264: A remote code execution vulnerability in .NET and Visual Studio caused by a race condition when closing an HTTP/3 stream while processing the request body. Successful exploitation allows remote code execution on target systems.

CVE-2024-37985: This vulnerability involves the identification and characterization of proprietary prefetchers in Arm systems. Exploitation requires additional preparatory actions to successfully view heap memory from a privileged process on the server.

CVE-2024-38080: An elevation of privilege vulnerability in Windows Hyper-V, allowing an attacker to gain SYSTEM privileges upon successful exploitation. CISA has acknowledged its active exploitation and requested users to patch the flaw before July 30, 2024.

Five Critical Remote Code Execution Vulnerability fixed

CVE-2024-38023: This is a remote code execution vulnerability in Microsoft SharePoint Server. SharePoint, a web-based platform for document management and collaboration, can be exploited by an authenticated attacker with Site Owner permissions. The attacker can upload a specially crafted file and use specialized API requests to trigger deserialization, allowing remote code execution in the SharePoint Server context.

CVE-2024-38060: This vulnerability affects the Microsoft Windows Codecs Library, which is used by Windows Media Player and other apps to handle media files. An authenticated attacker can exploit this vulnerability by uploading a malicious TIFF file to a server, potentially leading to remote code execution.

CVE-2024-38077: This remote code execution vulnerability is in the Windows Remote Desktop Licensing Service. An unauthenticated attacker can exploit it by connecting to the service and sending a malicious message, which could lead to remote code execution.

CVE-2024-38074 & CVE-2024-38076: These vulnerabilities also affect the Windows Remote Desktop Licensing Service. An attacker can exploit them by sending a specially crafted packet to a server configured as a Remote Desktop Licensing server, potentially leading to remote code execution.

Windows security updates

In addition to Microsoft security updates, this July 2024 Patch Tuesday update also brought Windows 11 and Windows 10 cumulative updates. That includes KB5040427 for Windows 10 and KB5040442 for Windows 11 version 23H2. So if you are running any of these Windows versions make sure you update them as you install the new patches.

Windows 7 and Windows 8.1 reached the End of support from Microsoft, which means the company no longer provides frequent updates or security patches for these operating systems. For more information please visit the Microsoft lifecycle page at https://learn.microsoft.com/en-us/lifecycle/end-of-support/end-of-support-2023

Windows 11 KB5040442

Windows 11’s July 2024 Update, KB5040442 advance Build 22631.3880,  addresses a known issue that affects the Snipping Tool. When you use it to record videos on some PCs, the audio has distortions.

This update adds support for Emoji 15.1. Windows supports Unicode symbol-like shapes for family groupings. It now allows you to copy files from the Windows Share window. The File Explorer now supports creating 7-Zip and Tape Archive (TAR) files via the context menu.

The Copilot app pinned to the taskbar now behaves like an app, allow resize and move around like a regular application with a design similar to the ChatGPT web app from OpenAI.

Today’s update also adds a new Game Pass recommendation card on the Settings home page. The show desktop button is on the taskbar again by default. To change this, right-click the taskbar and choose Taskbar settings. At the lower part of the page, you will find Taskbar behaviors.

This update starts the rollout of the new account manager on the Start menu. When you use a Microsoft account to sign in to Windows, you will get a glance at your account benefits. This feature also makes it easy to manage your account settings.

You can read the complete changelog of the Microsoft support blog here. 

Windows 10 KB5040427

The KB5040427 cumulative update for Windows 10 22H2 brings significant changes and additions. Upon installation, Windows 10 22H2 is updated to build 19045.4651.

The Copilot app is now pinned to the taskbar and behaves like an app, that you can uninstall from the Settings app. This update also rolls out a bunch of security patches, including fixes for various problems.

  • Fixed an issue with app jump lists on the taskbar, where actions might fail to complete.
  • Resolved an issue with the default Japanese IME, where the candidate window stops responding unexpectedly.
  • Fixed a known issue where right-clicking some apps brings up an “Open with” dialog instead of performing the selected task.
  • Addressed a problem with MSIX applications failing to open when installed from an incomplete HTTPS URI download.
  • Improved mobile device management (MDM) by sending more detailed information about devices during enrollment.
  • Fixed an issue with Direct Composition batched presentations causing brief flashes of triangles or boxes on screens.
  • Updated Country and Operator Settings Asset (COSA) profiles for certain mobile operators.
  • Fixed an issue that prevented systems from resuming from hibernate when BitLocker was enabled.
  • Resolved a problem with Windows Defender Application Control (WDAC) copying unsigned policies to the EFI disk partition.
  • Fixed an issue with the folder context menu adding items instead of removing them when using a third-party sync feature.

You can refer to this article for more details on what’s new on Windows 10 KB5040427

Download the Windows 10 Cumulative update

All these Security updates Automatically download and get installed on your device via Windows update. If your device has not received it yet open Settings, Update & Security and Check for updates. Once done restart your Device to apply the updates.

Install windows 11 update

The above link directly opens the Microsoft Update Catalog which is the library of Windows Update offline installers. You need to click on the ‘Download’ button next to the version of the OS installed on your machine and run the .msu files to begin the installation of the update.

If you are Looking for Windows 10 22H2 Update ISO image click here Or check How to Upgrade to Windows 10 version 22H2 Using the media creation tool.

If you face any difficulty while installing these updates, Check the Windows 10 Update troubleshooting guide to fix the Windows 10 Cumulative update stuck downloading, failed to install with different errors, etc.

What time do Patch Tuesday patches come out?

  • Microsoft schedules the release of security updates on “Patch Tuesday,” the second Tuesday of each month at 10:00 AM PST.

Is Patch Tuesday weekly or monthly?

  • Patch Tuesday falls on the second Tuesday of each month. The upcoming Patch Tuesday is on August 13, 2024.

Why did the second Tuesday of every month call Patch Tuesday?

  • The second Tuesday of the month is referred to as “Patch Tuesday” because Microsoft attempts to combine the largest updates into this maintenance window.

What is the latest update for Windows 11 July 2024?

  • The latest KB5040442 for Windows 11 version 23H2/22H2 and KB5040427 for Windows 10 version 22H2.

What is the zero-day patch?

  • The term “Zero-Day” is used when security teams are unaware of their software vulnerability, and they’ve had “0” days to work on a security patch or an update to fix the issue.
Source Microsoft windows 10 update history Microsoft windows 11 update history

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Accept Read More