Four zero days headline hefty July Patch Tuesday drop
Microsoft patched four zero-day bugs that were part of its' July Patch Tuesday update bringing the total number of updates to 139 fixes.
The Redmond software giant said that four of the of patched flaws are already known to the public and two are currently under active exploit.
If there is some good news to be had for administrators, it is that none of the four zero-day vulnerabilities are considered critical. That is, none of the four would directly lead to an attacker seizing remote control of the target machine. Rather, the attacker would already need to have access to the vulnerable server in order to pull off an attack.
The first bug, tracked as CVE-2024-38080, describes an elevation of privilege flaw in the Windows hypervisor that could allow a client account in Hyper-V to gain system access. The flaw is currently under active exploitation.
“This vulnerability could allow an authenticated threat actor to execute code with SYSTEM privileges,” explained Dustin Child of the Trend Micro Zero Day Initiative.
/cdn.vox-cdn.com/uploads/chorus_asset/file/23951575/VRG_Illo_STK192_L_Normand_LinaKhan_Neutral.jpg)
