Microsoft and Adobe Patch Tuesday, July 2024 Security Update Review

Julys Patch Tuesday brings a midsummer wave of updates, addressing critical vulnerabilities and enhancing security across the Microsoft ecosystem. Lets discover the highlights from Microsofts Patch Tuesday updates for July 2024. Microsoft Patch Tuesday for July 2024 Microsoft Patch Tuesdays July...

CVE-2024-38112

Windows MSHTML Platform Spoofing Vulnerability...

CVE-2024-38112 Windows MSHTML Platform Spoofing Vulnerability

...

CVE-2024-38112 Windows MSHTML Platform Spoofing Vulnerability

...

CVE-2024-38112

CVE-2024-38112 Windows MSHTML Platform Spoofing is a Windows/MSHTML vulnerability exploited in the wild by the Void Banshee group. The issue involves spoofing UI within the MSHTML/IE rendering path, enabling code execution when a user opens a crafted .url payload that references an embedded MHTML...

Windows MSHTML Platform Spoofing Vulnerability

...

Microsoft Windows MSHTML Platform Spoofing Vulnerability

Microsoft Windows MSHTML Platform contains a spoofing vulnerability that has a high impact to confidentiality, integrity, and availability...

VulnCheck KEV: CVE-2024-38112

Microsoft Windows MSHTML Platform contains a spoofing vulnerability that has a high impact to confidentiality, integrity, and availability...

Microsoft Windows MSHTML Platform Security Vulnerability

Microsoft Windows MSHTML Platform is an application from Microsoft Corporation USA. A security vulnerability exists in Microsoft Windows MSHTML Platform. An attacker could exploit this vulnerability to conduct spoofing attacks. The following products and editions are affected:Windows Server 2012...

CVE-2024-38112

Windows MSHTML Platform Spoofing Vulnerability Recent assessments: remmons-r7 at July 19, 2024 2:51pm UTC reported: Trend Micro reported this vulnerability to Microsoft after observing Void Banshee APT exploitation in the wild; the zero-day attack hinged on the premise that MHTML links would...

PT-2024-4626

Name of the Vulnerable Software and Affected Versions: Microsoft Windows affected versions not specified Description: The vulnerability is related to the MSHTML platform in Microsoft Windows and involves a spoofing issue that allows attackers to affect the system. It has been exploited by threat...

Microsoft MSHTML Flaw the Silent Doorway for MerkSpy Malware

...

Microsoft MSHTML Flaw Exploited to Deliver MerkSpy Spyware Tool

Unknown threat actors have been observed exploiting a now-patched security flaw in Microsoft MSHTML to deliver a surveillance tool called MerkSpy as part of a campaign primarily targeting users in Canada, India, Poland, and the U.S. "MerkSpy is designed to clandestinely monitor user activities,...

Microsoft Windows Multiple Vulnerabilities (KB5037788)

This host is missing a critical security update according to Microsoft KB5037788 SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Patch Tuesday - May 2024

Microsoft is addressing 61 vulnerabilities this May 2024 Patch Tuesday. Microsoft has evidence of in-the-wild exploitation and/or public disclosure for three of the vulnerabilities published today. At time of writing, two of the vulnerabilities patched today are listed on CISA KEV. Microsoft is...

CVE-2024-30040 Windows MSHTML Platform Security Feature Bypass Vulnerability

...

CVE-2024-30040

CVE-2024-30040 is a Windows MSHTML Platform Security Feature Bypass vulnerability. The affected component is MSHTML (Windows), with a root cause described as a security feature bypass in the MSHTML engine. Impact per CVSS: CVSS 3.1 base score 8.8 (High) affecting confidentiality, integrity, and a...

Windows MSHTML Platform Security Feature Bypass Vulnerability

...

KB5037763: Windows 10 Version 1607 / Windows Server 2016 Security Update (May 2024)

The remote Windows host is missing security update 5037763. It is, therefore, affected by multiple vulnerabilities - Windows MSHTML Platform Security Feature Bypass Vulnerability CVE-2024-30040 - Windows Common Log File System Driver Elevation of Privilege Vulnerability CVE-2024-29996,...

KB5037782: Windows Server 2022 / Azure Stack HCI 22H2 Security Update (May 2024)

The remote Windows host is missing security update 5037782 or Azure HotPatch 5037848. It is, therefore, affected by multiple vulnerabilities: - Windows MSHTML Platform Security Feature Bypass Vulnerability CVE-2024-30040 - Windows Common Log File System Driver Elevation of Privilege Vulnerability...