Skip to content
BLOG

Patch Tuesday July 2024

Brock Bingham candid headshot
Brock Bingham|July 9, 2024
Patch Tuesday (light blue)
Patch Tuesday (light blue)
Sections

Patch Tuesday is a special day where sysadmins around the world get inundated with Microsoft updates. But this Patch Tuesday is extra special because it’s also National Sugar Cookie Day. While sugar cookies themselves won’t make patches deploy any quicker, they’ll definitely make the patch management process much sweeter. 

Here’s our CVE information roundup for July 2024.

  • Total exploits patched: 142

  • Critical patches: 5

  • Already known or exploited: 4

Some highlights (or lowlights)

  • CVE-2024-38074, CVE-2024-38076, CVE-2024-38077 (9.8): This is a big month for the Windows Remote Desktop Licensing Service. Three of our five critical patches for the month impact this service. While it's recommended you patch this vulnerability ASAP, it's also a good time to remind folks to disable services they’re not using to shrink their attack surface. Also, even if you've disabled this service, Microsoft still recommends patching this vulnerability.

  • CVE-2024-38023 (7.2): If you run a SharePoint server, it's time to patch it. CVE-2024-38023 would allow an attacker to perform remote code execution in the context of your SharePoint server. This vulnerability does require the attacker to have authenticated into the server with Site Owner permissions, but considering 10 billion passwords just leaked online, I'd say their chances are better than ever. Also, this may be a good time to update that old password.

  • CVE-2024-38060 (8.8): This vulnerability requires an authenticated attacker to upload a malicious TIFF file, which would allow for remote code execution. Keep in mind that the attacker does not need elevated privileges to initiate this attack. This vulnerability impacts most versions of Windows OS. Time to start patching and questioning all those TIFF files on your computer.

Wrapping up

Personally, I celebrate National Sugar Cookie Day every day. But having an official holiday makes it easier to explain why I’m eating cookies at 9 a.m.

If you need help making Patch Tuesday a little bit sweeter, then it’s time to check out PDQ Detect. PDQ Detect can help you identify and prioritize vulnerabilities in your organization, making remediation a breeze. And if you haven’t already, automate your patch deployments with PDQ Connect or PDQ Deploy & Inventory. Automating your patching process means you’ll have plenty of spare time for more important things, like running to the store for more cookies if you’re running low. Whew, disaster averted.

Loading...

Brock Bingham candid headshot
Brock Bingham

Born in the '80s and raised by his NES, Brock quickly fell in love with everything tech. With over 15 years of IT experience, Brock now enjoys the life of luxury as a renowned tech blogger and receiver of many Dundie Awards. In his free time, Brock enjoys adventuring with his wife, kids, and dogs, while dreaming of retirement.

Related articles

Orange PDQ Deploy logo on black background.

PDQ Deploy & Inventory introduce new dashboard

PRODUCT

General grey

PDQ Launches Annual State of Sysadmin Survey to Uncover IT Trends

NEWS

PatchTuesday lightBlue

Patch Tuesday November 2024

SECURITY