Microsoft has rolled out its July 2024 Patch Tuesday security updates designed to fix over 140 vulnerabilities across a wide range of products. The release also includes fixes for two actively exploited zero-day vulnerabilities.

One of the zero-days is a Windows Hyper-V elevation of privilege vulnerability (CVE-2024-38080), which exists due to integer overflow in Windows Hyper-V component. A local user can trigger an integer overflow and execute arbitrary code with SYSTEM privileges. The flaw affects Windows versions before 11 23H2 10.0.22631.3880 and Windows Server versions before 2022 10.0.20348.2582.

The second zero-day flaw (CVE-2024-38112) affects Windows MSHTML Platform and can be exploited by a remote attacker to perform spoofing attack and trick the victim into executing a specially crafted file. The issue impacts Microsoft Internet Explorer v 11 - 11.1790.17763.0, Windows: before 11 23H2 10.0.22631.3880, Windows Server: before 2022 10.0.20348.2582.

In addition, Microsoft has fixed two previously disclosed security vulnerabilities tracked as CVE-2024-35264 (.NET and Visual Studio remote code execution bug) and CVE-2024-37985 (an information disclosure issue).

Besides the above-mentioned flaws, the Windows maker addressed a slew of high-severity vulnerabilities affecting Microsoft Office, Microsoft Windows Remote Desktop Licensing Service, Microsoft Windows MultiPoint Services, Microsoft Windows Graphics Component, OLE DB Driver for SQL Server, SQL Server Native Client OLE DB Provider, and other components.