Security News > 2024 > July > Microsoft's July Update Patches 143 Flaws, Including Two Actively Exploited
Microsoft has released patches to address a total of 143 security flaws as part of its monthly security updates, two of which have come under active exploitation in the wild.
Five out of the 143 flaws are rated Critical, 136 are rated Important, and four are rated Moderate in severity.
Two other security flaws patched by Microsoft have been listed as publicly known at the time of the release.
Rounding off the long list of patches is CVE-2024-38021, a remote code execution flaw in Microsoft Office that, if successfully exploited, could permit an attacker to gain high privileges, including read, write, and delete functionality.
Morphisec, which reported the flaw to Microsoft in late April 2024, said the vulnerability does not require any authentication and poses a severe risk due to its zero-click nature.
The fixes come as Microsoft announced late last month that it will begin issuing CVE identifiers for cloud-related security vulnerabilities going forward in an attempt to improve transparency.
News URL
https://thehackernews.com/2024/07/microsofts-july-update-patches-143.html
Related news
- Microsoft: Windows 11 preview update causes taskbar crashes (source)
- Microsoft Photos update brings requested features to Windows 11 (source)
- Microsoft pulls Windows 11 KB5039302 update causing reboot loops (source)
- Microsoft resumes rollout of Windows 11 KB5039302 update for most users (source)
- Microsoft 365, Office users hit by wave of ‘30088-27’ update errors (source)
- Microsoft fixes bug causing Windows Update automation issues (source)
- June Windows Server updates break Microsoft 365 Defender features (source)
- Microsoft finally fixes Outlook alerts bug caused by December updates (source)
- Microsoft announces new Windows 'checkpoint' cumulative updates (source)
- Microsoft confirms CrowdStrike update also hit Windows 365 PCs (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-07-09 | CVE-2024-38021 | Unspecified vulnerability in Microsoft products Microsoft Outlook Remote Code Execution Vulnerability | 8.8 |