Patch Tuesday July 2024: Critical Vulnerability Roundup 

Welcome back to Recast Software’s monthly Patch Tuesday blog post. This July, Microsoft addressed 139 vulnerabilities across its ecosystem, including several critical and zero-day vulnerabilities. Staying on top of these updates is essential to maintaining the security and stability of your IT environment. 

Critical Vulnerability Patched: Windows Secure Boot (CVE-2024-28899)

A critical vulnerability in Windows Secure Boot, with a CVSS score of 8.8, allows for remote code execution. Exploitation requires an attacker to be in the same network segment as the target, making it crucial for environments with open or less secure networks to apply this patch immediately. 

Impact: Successful exploitation can compromise system integrity, allowing attackers to execute arbitrary code, modify system settings, and potentially cause system failures. 

Zero-Day Vulnerability: Windows CoreMessaging Remote Code Execution (CVE-2024-21417)

A zero-day vulnerability in the Windows CoreMessaging component has been patched. This vulnerability, actively exploited in the wild, allows for remote code execution, emphasizing the importance of prompt patching.

Impact: Attackers can execute arbitrary code with elevated privileges, leading to full system compromise, data exfiltration, and further network penetration.

Significant Vulnerabilities in SQL Server

Several critical remote code execution vulnerabilities in SQL Server have been addressed: 

• CVE-2024-20701 
• CVE-2024-21303 
• CVE-2024-21308 
• CVE-2024-21317 
• CVE-2024-21331 

These vulnerabilities require user interaction, such as executing a malicious query, but can lead to arbitrary code execution, potentially compromising the database and connected systems. 

Additional Critical Updates 

Browser Security: Zero-Days in Microsoft Edge 

Microsoft Edge has patched two zero-day vulnerabilities in the ChakraCore JavaScript engine: 

• CVE-2024-4947: Type confusion in ChakraCore leading to remote code execution. 
• CVE-2024-5274: Another type confusion in ChakraCore, also leading to remote code execution, patched in an emergency update. 

Concerning QNAP NAS Vulnerabilities 

Researchers have disclosed 15 vulnerabilities in QNAP NAS firmware, some allowing unauthenticated remote code execution. Find a detailed list of their impact and status here.

Recommendations 

1. Prioritize patching systems, especially those exposed to less secure networks. 
2. Pay special attention to SQL Server updates if your organization uses this database system. 
3. Ensure Microsoft Edge is updated to the latest version to address the zero-day vulnerabilities. 
4. If using QNAP NAS devices, monitor for updates and consider additional security measures. 

Stay Updated and Secure 

It’s crucial to prioritize these updates to protect your systems against potential threats. Neglecting to patch these vulnerabilities can expose your organization to significant risks, including data breaches and malware attacks. By staying up to date with the latest patches, you not only protect your network but also ensure the stability and security of your IT environment. 

To further streamline and secure your patch management process, learn about Application Manager here. 

Stay vigilant and keep your systems protected. For a comprehensive overview of July’s Patch Tuesday updates, you can find Microsoft’s complete July release notes here.