Menu

July Patching Update: Bolstering Security in the Blistering Summer Heat

Welcome to July’s edition of the OneNeck IT Solutions patching blog. As the summer heat intensifies, so do the risks posed by unpatched vulnerabilities. Staying vigilant in our cybersecurity efforts is crucial protection and will help keep your organization from getting burned. This month, we bring you critical updates from Microsoft and significant patches within the Linux environment to ensure your systems remain secure and efficient.

Microsoft’s July Patching Overview

This month, Microsoft has addressed a total of 142 vulnerabilities, categorized as follows:

  • 26 Elevation of Privilege Vulnerabilities
  • 24 Security Feature Bypass Vulnerabilities
  • 59 Remote Code Execution Vulnerabilities
  • 9 Information Disclosure Vulnerabilities
  • 17 Denial of Service Vulnerabilities
  • 7 Spoofing Vulnerabilities

Two actively exploited zero-day vulnerabilities were patched this month for Microsoft products. CVE-2024-38080 is a Windows Hyper-V Elevation of Privilege Vulnerability that could allow attackers to gain elevated access to affected systems. CVE-2024-38112 is a Windows MSHTML Platform Spoofing Vulnerability that could deceive users into interacting with malicious content. These vulnerabilities require immediate attention to prevent potential exploitation and maintain the security of your systems.

Highlighted Patches for July:

  • CVE-2024-38080: Windows Hyper-V Elevation of Privilege Vulnerability
  • CVE-2024-38112: Windows MSHTML Platform Spoofing Vulnerability
  • CVE-2024-35264: .NET and Visual Studio Remote Code Execution Vulnerability
  • CVE-2024-37985: Arm: CVE-2024-37985 Systematic Identification and Characterization of Proprietary Prefetchers

Exchange Updates

Microsoft’s Hotfix for Exchange, released in April, addresses numerous known issues from the March Exchange Security Update. Since OneNeck’s customers have not been affected by these issues, we have postponed applying the Hotfix to their Exchange Servers and will wait for the next Exchange Update.

In the Hotfix, Microsoft introduced support for ECC certificates and Hybrid Modern Authentication for OWA/ECP, which are available exclusively for Exchange Server 2019. These features will be included in the next Security or Cumulative Update for Exchange 2019.

Additionally, Microsoft has acknowledged the need for DKIM and DMARC for Exchange Server On-Prem following Google and Yahoo’s Q1 2024 announcement. However, no updates are currently available to the public. Customers routing their mail through MS365 should be mostly unaffected by the changes from Google and Yahoo.

As mentioned last month, Microsoft has released an Exchange Server Roadmap update, defining their plans for Exchange Server SE (Subscription Edition). This edition is aimed to be released early in the third quarter of 2025, coinciding with the end-of-life date for Exchange Server 2016 and 2019. Exchange Server SE will be the code equivalent to Exchange Server 2019 CU15. OneNeck encourages all its customers using Exchange to upgrade to Exchange Server 2019. If you have any questions about how OneNeck can assist you with your upgrade decisions, please contact the Service Desk.

Linux Patching Insights for July

This month’s Linux updates are crucial for maintaining the security and stability of your environment. Noteworthy patches include:

  • CVE-2024-32462: Security update for flatpak
  • CVE-2024-5688, CVE-2024-5690, CVE-2024-5691, CVE-2024-5693, CVE-2024-5696, CVE-2024-5700, CVE-2024-5702: Security update for firefox
  • CVE-2022-27635, CVE-2022-36351, CVE-2022-38076, CVE-2022-40964, CVE-2022-46329: Security update for linux-firmware
  • CVE-2023-4408, CVE-2023-50387, CVE-2023-50868: Security update for bind, bind-dyndb-ldap, and dhcp
  • CVE-2024-32487: Security update for less
  • CVE-2024-2961, CVE-2024-33599, CVE-2024-33600, CVE-2024-33601, CVE-2024-33602: Security update for glibc
  • CVE-2024-32002, CVE-2024-32004, CVE-2024-32020, CVE-2024-32021, CVE-2024-32465: Security update for git
  • CVE-2023-6597, CVE-2024-0450: Security update for python3.11
  • CVE-2024-33871: Security update for ghostscript
  • CVE-2023-6597, CVE-2024-0450: Security update for python3.9 available for Red Hat Enterprise Linux 9
  • CVE-2022-23816, CVE-2022-29901: Oracle Linux Unbreakable Enterprise kernel security update

These updates address a wide range of vulnerabilities essential for protecting your Linux servers against potential breaches and ensuring robust system functionality. Please apply any applicable patches immediately.

Microsoft Office & SharePoint Updates

While our scheduled patching activities are comprehensive, they are designed to complement your internal update processes for a wide range of products, including Microsoft Office and SharePoint. We encourage our clients to regularly review and apply updates across all software to ensure the highest level of security. For insights on integrating these updates seamlessly into your security strategy or how OneNeck can support your efforts, do not hesitate to reach out to our Service Desk.

Closing Thoughts

Maintaining a solid cybersecurity posture through regular patching is crucial as we continue through the summer months. Just as sunscreen protects you from the sun’s harmful rays, promptly applying these updates will help safeguard your systems against potential threats. If you need assistance or have questions, OneNeck supports your cybersecurity efforts.

Stay secure and patched, while keeping yourself protected from the heat of summer’s vulnerabilities.

grey line for July patching blog.

Each month, OneNeck engineers review newly released updates from vendors, like Microsoft, to understand any known issues, actions required and understand the priority of each. This is done immediately following Patch Tuesday releases, and we monitor for adjustments to patches throughout each month.

The information above is gathered monthly during this review and posted for awareness to our customers. This information is generally updated only once per month and is based on our engineers’ review of the information provided by the vendor at that time. As always, for the most up-to-date patching information, please see the vendor’s website or contact us.

Note: If OneNeck actively manages a device or software that is impacted by any of these vulnerabilities, when necessary, OneNeck will be in direct contact with you regarding remediation.

 

Additional Resources:

Get In Touch

Call Us

For general inquiries, call: 855.663.6325

Immediate Assistance

Managed services support: 800.272.3077
Non-managed service support: 515.334.5755
Or visit our service desk:
Service Desk Portal

Talk to Our Team