Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Microsoft Patch Tuesday for July 2024 fixed 2 actively exploited zero-days

Microsoft Patch Tuesday security updates for July 2024 addressed 139 flaws, including two actively exploited zero-days. Microsoft Patch Tuesday security updates for July 2024 addressed 139 vulnerabilities in Windows and Windows Components; Office and Office Components; .NET and Visual Studio; Azure; Defender for IoT; SQL Server; Windows Hyper-V; Bitlocker and Secure(?) Boot; Remote Desktop; and […]

Microsoft Patch Tuesday

Microsoft Patch Tuesday security updates for July 2024 addressed 139 flaws, including two actively exploited zero-days.

Microsoft Patch Tuesday security updates for July 2024 addressed 139 vulnerabilities in Windows and Windows Components; Office and Office Components; .NET and Visual Studio; Azure; Defender for IoT; SQL Server; Windows Hyper-V; Bitlocker and Secure(?) Boot; Remote Desktop; and Xbox (yes Xbox!). The updates also addressed additional three issues that reside in the third-party products.

Five vulnerabilities are rated Critical, 133 are rated Important, and three are rated Moderate in severity.

Two of these vulnerabilities are listed as publicly known, and two other bugs are actively exploited in attacks.

The two flaws actively exploited in the wild are:

CVE-2024-38080Windows Hyper-V Elevation of Privilege VulnerabilityImportant7.8NoYesEoP
CVE-2024-38112Windows MSHTML Platform Spoofing VulnerabilityImportant705NoYesSpoofing

CVE-2024-38080 (CVSS score of 7.8) – the flaw is an elevation of privilege vulnerability in Windows Hyper-V. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

CVE-2024-38112 (CVSS score of 7.5) – the flaw is a Windows MSHTML Platform Spoofing Vulnerability. Successful exploitation of this vulnerability requires an attacker to take additional actions prior to exploitation to prepare the target environment. An attacker can trigger the issue by sending the victim a malicious file that the victim would have to execute.

The two publicly known vulnerabilities are:

CVE-2024-37985 *Arm: CVE-2024-37985 Systematic Identification and Characterization of Proprietary PrefetchersImportant5.9YesNoInfo
CVE-2024-35264.NET and Visual Studio Remote Code Execution VulnerabilityImportant8.1YesNoRCE

The full list of vulnerabilities addressed by Microsoft are available here:

https://www.zerodayinitiative.com/blog/2024/7/9/the-july-2024-security-update-review

Pierluigi Paganini

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

(SecurityAffairs – hacking, Microsoft Patch Tuesday)