Third Party Patching
July 2024 Third-Party Patches
Topics: Third Party Patching
In July 2024, the Liquit Setup Store received updates for 93 applications. This count includes multiple major versions for certain applications. For example, there are 3 updated major versions for Oracle Java SE Development Kit: 17, 21 and 22. In total, there were 135 updates released for these applications during the last month. This means that multiple applications were updated more than once. The updates remediated 164 vulnerabilities in total.
Notable Vulnerabilities in July 2024 Third-Party Patches
Vulnerability severities vary from low to critical. The vulnerabilities with a critical severity rating include Docker Desktop (CVE-2024-41110 with a CVSS score of 9.09) and VMware Workstation Pro 17 (CVE-2024-22268 and CVE-2024-22267, both with a CVSS score of 9.03). Autodesk AutoCAD, with major versions 2022, 2023, and 2025, received patches for the highest number of vulnerabilities. Their extensive security update addressed 41 vulnerabilities.
Detailed Analysis of Critical Vulnerabilities
CVE-2024-41110, a security vulnerability, was discovered in certain versions of Docker Engine. This vulnerability could allow unauthorized access under specific conditions, although the likelihood is considered low. Even though this problem was solved in an update in January 2019, it wasn’t included in later major versions. You can read more about this on Docker’s website. Docker Security Advisory: AuthZ Plugin Bypass Regression in Docker Engine | Docker
A critical heap buffer-overflow vulnerability, identified as CVE-2024-22268, has been reported in the Shader functionality of VMware Workstation and Fusion. This flaw could potentially allow a malicious entity with regular user privileges on a virtual machine with 3D graphics enabled to trigger a denial of service. Stakeholders are advised to consult Broadcom’s security advisory for detailed information and mitigation strategies. Support Content Notification – Support Portal – Broadcom support portal
Second critical use-after-free vulnerability CVE-2024-22267 has been identified in VMware Workstation and Fusion’s vbluetooth device. This flaw could potentially allow a malicious entity with administrative access to a virtual machine to execute arbitrary code in the context of the host’s VMX process. Users are advised to review their systems and apply updates promptly to mitigate this security risk. Support Content Notification – Support Portal – Broadcom support portal
Browser Security Updates in July 2024
Chromium based browsers are known the be updated very frequently. Google Chrome released 6 updates during July. These updates included a remediation for 50 vulnerabilities. Microsoft Edge was updated three times during July and these updates remediated 35 vulnerabilities in total. Opera One was updated only once fixing 4 vulnerabilities. Mozilla Firefox and Mozilla Firefox ESR were updated once remediating 16 and 5 vulnerabilities. Brave Browser was updated twice patching total of 14 vulnerabilities.
Microsoft Product Updates Included in July 2024 Third-Party Patches
In addition to Edge, Microsoft released updates for the following product families.
- Microsoft .NET Runtime
- Microsoft .NET SDK
- Microsoft 365 Apps
- Microsoft ASP.NET Core Runtime
- Microsoft ASP.NET Core Runtime Hosting Bundle
- Microsoft Azure CLI
- Microsoft Azure Kubelogin
- Microsoft Azure PowerShell
- Microsoft OLE DB Driver for SQL Server
- Microsoft SQL Server Management Studio 20
- Microsoft Visual Studio 2022
- Microsoft Visual Studio Team Explorer 2022
- Microsoft Windows Desktop Runtime
Key Third-Party Line-of-Business Application Patches
Multiple versions of Java products are vulnerable, including but not limited to: Amazon Corretto JDK/JRE, Azul Zulu JDK/JRE, BellSoft Corporation Liberica JDK/JRE, Eclipse Temurin JDK/JRE, Oracle Java Runtime Environment Version 8, Oracle Java SE Development Kit, and Red Hat OpenJDK/JRE. See Oracle’s security advisory for more information. Oracle Critical Patch Update Advisory – July 2024
AutoCAD products were heavily patched during July. Please see for more information in their advisories. adsk-sa-2024-0009 (autodesk.com) and adsk-sa-2024-0010 (autodesk.com)
5 vulnerabilities was patched in the latest patch for Jetbrains Teamcity. See more information in. Fixed security issues (jetbrains.com)
Calibre by Kovid Goyal remediated 4 vulnerabilities in their patch in July. See for more information in Advisories | STAR Labs.
Detailed List of July 2024 Third-Party Patches
For complete list of applications, versions and remediated vulnerabilities see the following list generated by using Setup Store data.
| Product | Version | Vulnerabilities remediated |
| Amazon Corretto JDK 11 | 11.0.24.8.1 | 6 |
| Amazon Corretto JDK 17 | 17.0.12.7.1 | 5 |
| Amazon Corretto JDK 21 | 21.0.4.7.1 | 5 |
| Amazon Corretto JDK 22 | 22.0.2.9.1 | 5 |
| Amazon Corretto JDK 8 | 8.422.05.1 | 6 |
| Amazon Corretto JRE 8 | 8.422.05.1 | 6 |
| Autodesk AutoCAD 2022 | 84,25075231 | 41 |
| Autodesk AutoCAD 2023 | 84,29243056 | 41 |
| Autodesk AutoCAD 2025 | 84,37569444 | 41 |
| Zulu JDK 11 (LTS) | 0,509895833 | 6 |
| Zulu JDK 17 (LTS) | 0,744641204 | 5 |
| Zulu JDK 21 (LTS) | 0,900196759 | 5 |
| Zulu JDK 22 (STS) | 22.32.15.0 | 5 |
| Zulu JDK 8 (LTS) | 8.80.0.17 | 6 |
| Zulu JRE 11 (LTS) | 0,509895833 | 6 |
| Zulu JRE 17 (LTS) | 0,744641204 | 5 |
| Zulu JRE 21 (LTS) | 0,900196759 | 5 |
| Zulu JRE 22 (STS) | 22.32.15.0 | 5 |
| Zulu JRE 8 (LTS) | 8.80.0.17 | 6 |
| balena CLI | 0,751550926 | 4 |
| Liberica JDK | 11.0.23.10 | 9 |
| Liberica JDK | 11.0.24.9 | 5 |
| Liberica JDK | 17.0.12.10 | 5 |
| Liberica JDK | 8.0.422.6 | 6 |
| Liberica JRE | 8.0.412.9 | 9 |
| Liberica JRE | 8.0.422.6 | 6 |
| Brave Browser | 1.68.128 | 14 |
| Brave Browser | 1.68.131 | 14 |
| Devolutions Launcher | 2024.2.15.0 | 1 |
| Devolutions Remote Desktop Manager | 2024.2.15.0 | 1 |
| Docker Desktop | 0,189583333 | 1 |
| Eclipse Temurin JDK with Hotspot 11 (LTS) | 11.0.24.8 | 6 |
| Eclipse Temurin JDK with Hotspot 17 (LTS) | 17.0.12.7 | 6 |
| Eclipse Temurin JDK with Hotspot 21 | 21.0.4.7 | 6 |
| Eclipse Temurin JDK with Hotspot 22 | 22.0.2.9 | 6 |
| Eclipse Temurin JDK with Hotspot 8 (LTS) | 8.0.422.5 | 6 |
| Eclipse Temurin JRE with Hotspot 11 (LTS) | 11.0.24.8 | 6 |
| Eclipse Temurin JRE with Hotspot 17 (LTS) | 17.0.12.7 | 6 |
| Eclipse Temurin JRE with Hotspot 21 | 21.0.4.7 | 6 |
| Eclipse Temurin JRE with Hotspot 22 | 22.0.2.9 | 6 |
| Eclipse Temurin JRE with Hotspot 8 (LTS) | 8.0.422.5 | 6 |
| Beats Winlogbeat | 0,343078704 | 1 |
| Google Chrome | 126.0.6478.182 | 8 |
| Google Chrome | 127.0.6533.72 | 14 |
| Google Chrome | 127.0.6533.88 | 3 |
| Google Chrome | 126.0.6478.183 | 8 |
| Google Chrome | 127.0.6533.73 | 14 |
| Google Chrome | 127.0.6533.89 | 3 |
| Google Chrome for Business | 126.0.6478.183 | 8 |
| Google Chrome for Business | 127.0.6533.73 | 14 |
| Google Chrome for Business | 127.0.6533.89 | 3 |
| Google Chrome for Education | 126.0.6478.183 | 8 |
| Google Chrome for Education | 127.0.6533.73 | 14 |
| Google Chrome for Education | 127.0.6533.89 | 3 |
| Google Go Programming Language 1.21 | 0,056388889 | 1 |
| Google Go Programming Language 1.22 | 0,057002315 | 1 |
| TeamCity | 84,33819444 | 6 |
| Calibre | 0,302777778 | 4 |
| LINQPad 8 | 0,336238426 | 1 |
| LINQPad 8 | 0,336863426 | 1 |
| Microsoft .NET Runtime 6.0 | 6.0.32.33814 | 2 |
| Microsoft .NET Runtime 6.0 | 0,25037037 | 2 |
| Microsoft .NET Runtime 8.0 | 8.0.7.33813 | 3 |
| Microsoft .NET Runtime 8.0 | 0,333414352 | 3 |
| Microsoft .NET SDK 6.0 | 6.4.2424.31506 | 2 |
| Microsoft .NET SDK 6.0 | 0,25037037 | 2 |
| Microsoft .NET SDK 8.0 | 8.3.324.31708 | 3 |
| Microsoft .NET SDK 8.0 | 0,336840278 | 3 |
| Microsoft 365 Apps | 2406 (Build 16.0.17726.20160) | 3 |
| Microsoft 365 Apps | 2405 (Build 16.0.17628.20188) | 3 |
| Microsoft 365 Apps | 2402 (Build 16.0.17328.20452) | 3 |
| Microsoft ASP.NET Core Runtime 6.0 | 6.0.32.24314 | 2 |
| Microsoft ASP.NET Core Runtime 6.0 | 0,25037037 | 2 |
| Microsoft ASP.NET Core Runtime 8.0 | 8.0.7.24314 | 3 |
| Microsoft ASP.NET Core Runtime 8.0 | 0,333414352 | 3 |
| Microsoft ASP.NET Core Runtime Hosting Bundle 6.0 | 6.0.32.24314 | 2 |
| Microsoft ASP.NET Core Runtime Hosting Bundle 8.0 | 8.0.7.24314 | 3 |
| Microsoft Azure CLI | 0,126388889 | 2 |
| Microsoft Azure Kubelogin | 0,000740741 | 1 |
| Microsoft Azure PowerShell | 12.1.0.38758 | 1 |
| Microsoft Edge Beta | 127.0.2651.74 | 26 |
| Microsoft Edge for Business | 126.0.2592.102 | 1 |
| Microsoft Edge for Business | 126.0.2592.113 | 8 |
| Microsoft Edge for Business | 127.0.2651.74 | 26 |
| Microsoft OLE DB Driver 18 for SQL Server | 0,754907407 | 1 |
| Microsoft OLE DB Driver 19 for SQL Server | 0,79380787 | 1 |
| Microsoft SQL Server Management Studio 20 | 20.2.30.0 | 1 |
| Microsoft Visual Studio 2022 Community | 17.10.35027.167 | 4 |
| Microsoft Visual Studio 2022 Enterprise | 17.10.35027.167 | 4 |
| Microsoft Visual Studio 2022 Enterprise | 17.4.35026.314 | 4 |
| Microsoft Visual Studio 2022 Enterprise | 17.6.35028.176 | 4 |
| Microsoft Visual Studio 2022 Enterprise | 17.8.35027.43 | 4 |
| Microsoft Visual Studio 2022 Professional | 17.10.35027.167 | 4 |
| Microsoft Visual Studio 2022 Professional | 17.4.35026.314 | 4 |
| Microsoft Visual Studio 2022 Professional | 17.6.35028.176 | 4 |
| Microsoft Visual Studio 2022 Professional | 17.8.35027.43 | 4 |
| Microsoft Visual Studio Team Explorer 2022 | 17.10.35027.167 | 4 |
| Microsoft Windows Desktop Runtime 6.0 | 6.0.32.33814 | 2 |
| Microsoft Windows Desktop Runtime 8.0 | 8.0.7.33814 | 3 |
| Pale Moon | 1,376400463 | 2 |
| Mozilla Firefox | 5,333333333 | 16 |
| Mozilla Firefox ESR 115 | 4,800694444 | 5 |
| Mozilla Thunderbird | 4,800694444 | 5 |
| Mozilla Thunderbird ESR 128 | 5,333333333 | 15 |
| Node.js 18 LTS | 0,763935185 | 2 |
| Node.js 20 LTS | 0,843761574 | 5 |
| Node.js 22 | 0,919456019 | 5 |
| NoMachine | 0,341805556 | 7 |
| NoMachine | 0,342372685 | 2 |
| NoMachine Enterprise Client | 0,341805556 | 7 |
| NoMachine Enterprise Client | 0,342372685 | 2 |
| NoMachine Enterprise Desktop | 0,341805556 | 7 |
| NoMachine Enterprise Desktop | 0,342372685 | 2 |
| Electron | 1,211157407 | 4 |
| Electron | 1,211168981 | 4 |
| Electron | 1,251388889 | 10 |
| OpenVPN | 2.6.12 (2.6.1201) | 1 |
| Opera One | 112.0.5197.25 | 4 |
| Oracle Java Runtime Environment Version 8 | 8.0.4210.9 | 6 |
| Oracle Java SE Development Kit 17 | 17.0.12.0 | 6 |
| Oracle Java SE Development Kit 21 | 21.0.4.0 | 6 |
| Oracle Java SE Development Kit 22 | 22.0.2.0 | 6 |
| Oracle VirtualBox 7 | 0,291898148 | 3 |
| Red Hat OpenJDK | 11.0.2408.1 | 6 |
| Red Hat OpenJDK | 17.00120.7.1 | 5 |
| Red Hat OpenJDK | 21.0040.7.1 | 5 |
| Red Hat OpenJDK | 1.8.4221.5 | 6 |
| Red Hat OpenJDK JRE | 11.0.240.1 | 6 |
| Red Hat OpenJDK JRE | 17.00120.7.1 | 5 |
| Red Hat OpenJDK JRE | 21.0040.7.1 | 5 |
| Camtasia Studio 2022 | 2022.5.6.254 | 3 |
| VMware Workstation Pro 17 | 17.5.2.23775571 | 4 |
| Waterfox | G6.0.17 | 5 |
| Charles | 4.6.7.0 | 1 |
| Charles | 0,170914352 | 1 |
Conclusion: July 2024 Third-Party Patches
Maintaining the security and performance of your IT environment hinges on timely third-party patching. The July 2024 updates addressed significant vulnerabilities across various applications, underscoring the importance of staying vigilant. By prioritizing these patches, you help safeguard your systems against potential exploits and ensure continued operational stability.
To deepen your understanding of third-party patching and its impact on your security posture, explore our eBook Reduce Your Attack Footprint. Additionally, don’t miss our analysis of the August 2024 Microsoft Patch Tuesday here.
