Microsoft has released its July 2024 Patch Tuesday security updates, addressing 142 vulnerabilities across Windows, Office, Exchange Server, Azure, Dynamics, and other products. This includes fixes for two zero-day vulnerabilities that are being actively exploited in the wild.
The two actively exploited zero-days are:
CVE-2024-38080 - Windows Hyper-V Elevation of Privilege Vulnerability
CVE-2024-38112 - Windows MSHTML Platform Spoofing Vulnerability
In total, Microsoft addressed 5 critical vulnerabilities and 137 important or moderate ones. The most common issues are remote code execution (59 bugs), elevation of privilege (26 bugs), and security feature bypass (24 bugs).
Key products receiving security updates include Windows, Office, Exchange Server, Azure, Dynamics 365, .NET Framework, Windows Hyper-V, and Microsoft Edge. Administrators should prioritize testing and deploying patches for the actively exploited zero-days and remote code execution flaws.
This Patch Tuesday is notable for the high number of vulnerabilities addressed, with 142 being on the higher end of typical monthly CVE counts. The presence of two actively exploited zero-days also increases the urgency of applying these updates.
In July's Patch Tuesday, Microsoft addressed 142 flaws, including two actively exploited zero-day vulnerabilities. This update included patches across categories like elevation of privilege, remote code execution, spoofing, denial of service, security feature bypass, and information disclosure.
Key highlights are:
Total Flaws and Zero-Day Vulnerabilities: This update resolves 142 total bugs, with two zero-days being actively exploited in the wild (CVE-2024-38080 and CVE-2024-38112).
Critical Flaws: Five vulnerabilities were rated as Critical, all being remote code execution flaws.
Vulnerability Types: Remote Code Execution vulnerabilities lead the volume with 59 occurrences, followed by 26 Elevation of Privilege and 24 Security Feature Bypass vulnerabilities.
Zero-Day Threats: The two actively exploited zero-days are a Windows Hyper-V Elevation of Privilege vulnerability (CVE-2024-38080) and a Windows MSHTML Platform Spoofing vulnerability (CVE-2024-38112).
Critical-Rated Bugs: Notable critical vulnerabilities include remote code execution flaws in Windows Remote Desktop Licensing Service (CVE-2024-38074, CVE-2024-38076, CVE-2024-38077), Windows Imaging Component (CVE-2024-38060), and Microsoft SharePoint Server (CVE-2024-38023).
Non-Critical Notables: Other major issues include multiple remote code execution vulnerabilities in SQL Server, elevation of privilege flaws in Windows components, and numerous security feature bypass vulnerabilities in Windows Secure Boot.
Key Products: Major affected products include Windows, Office, Exchange Server, Azure, Dynamics 365, .NET Framework, Windows Hyper-V, and Microsoft Edge.
Microsoft addressed two zero-day vulnerabilities in the July 2024 Patch Tuesday release. These vulnerabilities are notable because they were being actively exploited in the wild prior to the patches being made available. Let's examine each of these critical vulnerabilities:
CVE ID
|
Title
|
Exploited?
|
Publicly disclosed?
|
CVSSv3 base score
|
Severity
|
---|---|---|---|---|---|
CVE-2024-38080
|
Windows Hyper-V Elevation of Privilege Vulnerability
|
Yes
|
No
|
7.8
|
Important
|
CVE-2024-38112
|
Windows MSHTML Platform Spoofing Vulnerability
|
Yes
|
No
|
7.5
|
Important
|
Vulnerability type: Elevation of Privilege
Affected product: Windows Hyper-V
CVSS v3 base score: 7.8
Severity rating: Important
This vulnerability allows an attacker with low-level authentication to elevate access and obtain SYSTEM privileges in Windows Hyper-V. Microsoft has not shared specific details on the exploitation, likely due to its active exploitation status.
"An attacker who successfully exploited this vulnerability could gain SYSTEM privileges," explains Microsoft.
The vulnerability affects more recent editions of Windows, including Windows 11 since version 21H2 and Windows Server 2022 (including Server Core). Patching should be prioritized due to its actively exploited status.
Vulnerability type: Spoofing
Affected product: Windows MSHTML Platform
CVSS v3 base score: 7.5
Severity rating: Important
This spoofing vulnerability affects the Windows MSHTML Platform, which is used throughout Microsoft 365 and Microsoft Office products. Successful exploitation could potentially lead to partial data exposure.
"Successful exploitation of this vulnerability requires an attacker to take additional actions prior to exploitation to prepare the target environment," explains Microsoft. "An attacker would have to send the victim a malicious file that the victim would have to execute."
The vulnerability affects all versions of Windows, including Server editions. User interaction is required for exploitation, typically through social engineering tactics. While rated as Important, its active exploitation status makes it a priority for patching.
Microsoft has not shared extensive details on the exact nature of the spoofing or data exposure, likely to prevent further exploitation attempts.
Both of these zero-day vulnerabilities highlight the importance of prompt patching, especially for actively exploited flaws. Organizations should prioritize the deployment of these patches to mitigate the risk of ongoing attacks leveraging these vulnerabilities.
Five vulnerabilities with critical severity scores were addressed in the July 2024 Patch Tuesday report:
CVE ID
|
Title
|
Exploited?
|
Publicly disclosed?
|
CVSSv3 base score
|
Severity
|
CVE-2024-38074
|
Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability
|
No
|
No
|
9.8
|
Critical
|
CVE-2024-38076
|
Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability
|
No
|
No
|
9.8
|
Critical
|
CVE-2024-38077
|
Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability
|
No
|
No
|
9.8
|
Critical
|
CVE-2024-38060
|
Windows Imaging Component Remote Code Execution Vulnerability
|
No
|
No
|
8.8
|
Critical
|
CVE-2024-38023
|
Microsoft SharePoint Server Remote Code Execution Vulnerability
|
No
|
No
|
7.2
|
Critical
|
Vulnerability type: Remote Code Execution
Affected product: Windows Remote Desktop Licensing Service
CVSS v3 base score: 9.8
Severity rating: Critical
These three vulnerabilities affect the Windows Remote Desktop Licensing Service. An unauthenticated remote attacker could connect to the Remote Desktop Licensing Service and send a malicious message that may lead to remote code execution.
Microsoft notes: "An unauthenticated attacker could connect to the Remote Desktop Licensing Service and send a malicious message that may lead to remote code execution."
These vulnerabilities have the highest CVSS score of all patches this month, emphasizing their severity. Administrators should prioritize patching these, even if the service is currently disabled.
Vulnerability type: Remote Code Execution
Affected product: Windows Imaging Component
CVSS v3 base score: 8.8
Severity rating: Critical
This vulnerability in the Windows Imaging Component is related to TIFF (Tagged Image File Format) image processing. An authenticated attacker could exploit this by uploading a specially crafted TIFF file to a server.
Microsoft explains: "An authenticated attacker could upload a malicious TIFF file to a server."
All supported versions of Windows (and likely unsupported versions as well) are vulnerable to this flaw.
Vulnerability type: Remote Code Execution
Affected product: Microsoft SharePoint Server
CVSS v3 base score: 7.2
Severity rating: Critical
This vulnerability could allow an authenticated attacker with Site Owner permissions or higher to execute arbitrary code on the SharePoint server. The attacker could upload a specially crafted file to a SharePoint Server and craft specialized API requests to trigger deserialization of the file's parameters.
Microsoft states: "An authenticated attacker with Site Owner permissions or higher could upload a specially crafted file to the targeted SharePoint Server and craft specialized API requests to trigger the deserialization of the file's parameters. This would enable the attacker to execute code remotely in the SharePoint Server context."
The lower CVSS score compared to the other critical vulnerabilities reflects the requirement of Site Owner privileges or higher to exploit the vulnerability.
These critical vulnerabilities underscore the importance of timely patching, especially for systems exposed to untrusted networks or users. Organizations should prioritize the deployment of these patches to mitigate the risk of potential attacks exploiting these vulnerabilities.
In total, 142 vulnerabilities were addressed in July's Patch Tuesday. Remote code execution being the most common vulnerability type patched by Microsoft this month, occurring 59 times. Elevation of privilege bugs also accounted for a significant portion of the flaws fixed, with 26 occurrences. The least common vulnerability category was spoofing, with 7 such flaws patched in July. Here's a breakdown of the vulnerabilities by category:
Remote Code Execution - 59
Elevation of Privilege – 26
Security Feature Bypass – 24
Denial of Service – 17
Information Disclosure - 9
Spoofing – 7
Here is a table with the vulnerability categories and associated CVE IDs from Microsoft's July 2024 Patch Tuesday:
Vulnerability Category
|
CVE IDs
|
Remote Code Execution
|
CVE-2024-38074, CVE-2024-38076, CVE-2024-38077, CVE-2024-38060, CVE-2024-38023, CVE-2024-35264, CVE-2024-38086, CVE-2024-38053, CVE-2024-38104, CVE-2024-38049, CVE-2024-30013, CVE-2024-38078, CVE-2024-38032, CVE-2024-38021, CVE-2024-38024, CVE-2024-38094, [and 43 others]
|
Elevation of Privilege
|
CVE-2024-38080, CVE-2024-38092, CVE-2024-35261, CVE-2024-38081, CVE-2024-38050, CVE-2024-38066, CVE-2024-38085, CVE-2024-38079, CVE-2024-38034, CVE-2024-38054, CVE-2024-38052, CVE-2024-38057, CVE-2024-39684, CVE-2024-38100, CVE-2024-38059, CVE-2024-38043, CVE-2024-38047, [and 9 others]
|
Security Feature Bypass
|
CVE-2024-28899, CVE-2024-37973, CVE-2024-37984, CVE-2024-37969, CVE-2024-37970, CVE-2024-37974, CVE-2024-37986, CVE-2024-37987, CVE-2024-37971, CVE-2024-37972, CVE-2024-37975, CVE-2024-37988, CVE-2024-37989, CVE-2024-38010, CVE-2024-38011, CVE-2024-38070, CVE-2024-30098, [and 7 others]
|
Denial of Service
|
CVE-2024-38071, CVE-2024-38073, CVE-2024-38015, CVE-2024-38031, CVE-2024-38067, CVE-2024-38068, CVE-2024-38091, CVE-2024-38095, CVE-2024-30105, CVE-2024-38048, CVE-2024-38027, CVE-2024-38102, CVE-2024-38101, CVE-2024-38105, CVE-2024-38099, CVE-2024-35270, CVE-2024-38072
|
Information Disclosure
|
CVE-2024-38064, CVE-2024-38055, CVE-2024-38056, CVE-2024-38017, CVE-2024-30071, CVE-2024-38041, CVE-2024-32987, CVE-2024-30061, CVE-2024-37985
|
Spoofing
|
CVE-2024-38112, CVE-2024-35266, CVE-2024-35267, CVE-2024-30081, CVE-2024-38030, CVE-2024-3596, CVE-2024-38020
|
Microsoft's July 2024 Patch Tuesday includes updates for a wide range of its products, applications, and services. Here are the key products and components that received patches:
Product Name
|
No. of Vulnerabilities Patched
|
Windows
|
87
|
SQL Server
|
38
|
Windows Secure Boot
|
20
|
Windows Remote Desktop Licensing Service
|
7
|
.NET and Visual Studio
|
4
|
Microsoft Office
|
4
|
Azure
|
5
|
Microsoft Dynamics
|
3
|
Windows Kernel
|
3
|
Windows Graphics Component
|
3
|
Windows PowerShell
|
3
|
Microsoft Message Queuing
|
1
|
Windows MSHTML Platform
|
1
|
Windows Hyper-V
|
1
|
Microsoft SharePoint Server
|
3
|
Windows Imaging Component
|
1
|
Windows TCP/IP
|
1
|
Windows Online Certificate Status Protocol (OCSP)
|
3
|
Windows Layer-2 Bridge Network Driver
|
3
|
Microsoft Windows Codecs Library
|
2
|
Windows NTLM
|
1
|
BitLocker
|
1
|
Windows Themes
|
1
|
Windows File Explorer
|
1
|
Xbox Crypto Graphic Services
|
2
|
Windows Workstation Service
|
1
|
Windows DHCP Server
|
1
|
Windows Distributed Transaction Coordinator
|
1
|
Download the complete list of vulnerabilities by products patched in July 2024 Patch Tuesday here.
CVE
|
Title
|
Exploited?
|
Publicly disclosed?
|
CVSSv3 base score
|
---|---|---|---|---|
Azure CycleCloud Elevation of Privilege Vulnerability
|
No
|
No
|
8.8
|
|
Azure Network Watcher VM Extension Elevation of Privilege Vulnerability
|
No
|
No
|
7.8
|
|
Azure DevOps Server Spoofing Vulnerability
|
No
|
No
|
7.6
|
|
Azure DevOps Server Spoofing Vulnerability
|
No
|
No
|
7.6
|
|
Azure Kinect SDK Remote Code Execution Vulnerability
|
No
|
No
|
6.4
|
CVE
|
Title
|
Exploited?
|
Publicly disclosed?
|
CVSSv3 base score
|
---|---|---|---|---|
.NET and Visual Studio Remote Code Execution Vulnerability
|
No
|
Yes
|
8.1
|
|
.NET and Visual Studio Denial of Service Vulnerability
|
No
|
No
|
7.5
|
|
.NET Core and Visual Studio Denial of Service Vulnerability
|
No
|
No
|
7.5
|
|
.NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability
|
No
|
No
|
7.3
|
CVE
|
Title
|
Exploited?
|
Publicly disclosed?
|
CVSSv3 base score
|
---|---|---|---|---|
Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability
|
No
|
No
|
9.8
|
|
Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability
|
No
|
No
|
9.8
|
|
Windows Layer-2 Bridge Network Driver Remote Code Execution Vulnerability
|
No
|
No
|
8.8
|
|
Windows Imaging Component Remote Code Execution Vulnerability
|
No
|
No
|
8.8
|
|
Windows Fax Service Remote Code Execution Vulnerability
|
No
|
No
|
8.8
|
|
Secure Boot Security Feature Bypass Vulnerability
|
No
|
No
|
8.8
|
|
Secure Boot Security Feature Bypass Vulnerability
|
No
|
No
|
8.4
|
|
Secure Boot Security Feature Bypass Vulnerability
|
No
|
No
|
8.4
|
|
Secure Boot Security Feature Bypass Vulnerability
|
No
|
No
|
8
|
|
Secure Boot Security Feature Bypass Vulnerability
|
No
|
No
|
8
|
|
Secure Boot Security Feature Bypass Vulnerability
|
No
|
No
|
8
|
|
Secure Boot Security Feature Bypass Vulnerability
|
No
|
No
|
8
|
|
Secure Boot Security Feature Bypass Vulnerability
|
No
|
No
|
8
|
|
Secure Boot Security Feature Bypass Vulnerability
|
No
|
No
|
8
|
|
Secure Boot Security Feature Bypass Vulnerability
|
No
|
No
|
8
|
|
Secure Boot Security Feature Bypass Vulnerability
|
No
|
No
|
8
|
|
Secure Boot Security Feature Bypass Vulnerability
|
No
|
No
|
8
|
|
Secure Boot Security Feature Bypass Vulnerability
|
No
|
No
|
8
|
|
Secure Boot Security Feature Bypass Vulnerability
|
No
|
No
|
8
|
|
Secure Boot Security Feature Bypass Vulnerability
|
No
|
No
|
8
|
|
Windows Workstation Service Elevation of Privilege Vulnerability
|
No
|
No
|
7.8
|
|
Windows Win32k Elevation of Privilege Vulnerability
|
No
|
No
|
7.8
|
|
Windows Remote Access Connection Manager Elevation of Privilege Vulnerability
|
No
|
No
|
7.8
|
|
Windows LockDown Policy (WLDP) Security Feature Bypass Vulnerability
|
No
|
No
|
7.8
|
|
Windows Graphics Component Remote Code Execution Vulnerability
|
No
|
No
|
7.8
|
|
Windows Graphics Component Elevation of Privilege Vulnerability
|
No
|
No
|
7.8
|
|
Windows Graphics Component Elevation of Privilege Vulnerability
|
No
|
No
|
7.8
|
|
Windows Filtering Platform Elevation of Privilege Vulnerability
|
No
|
No
|
7.8
|
|
Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability
|
No
|
No
|
7.8
|
|
Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability
|
No
|
No
|
7.8
|
|
Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability
|
No
|
No
|
7.8
|
|
Github: CVE-2024-39684 TenCent RapidJSON Elevation of Privilege Vulnerability
|
No
|
No
|
7.8
|
|
Windows TCP/IP Information Disclosure Vulnerability
|
No
|
No
|
7.5
|
|
Windows Remote Desktop Licensing Service Denial of Service Vulnerability
|
No
|
No
|
7.5
|
|
Windows Remote Desktop Licensing Service Denial of Service Vulnerability
|
No
|
No
|
7.5
|
|
Windows Remote Desktop Gateway (RD Gateway) Denial of Service Vulnerability
|
No
|
No
|
7.5
|
|
Windows Online Certificate Status Protocol (OCSP) Server Denial of Service Vulnerability
|
No
|
No
|
7.5
|
|
Windows Online Certificate Status Protocol (OCSP) Server Denial of Service Vulnerability
|
No
|
No
|
7.5
|
|
Windows Online Certificate Status Protocol (OCSP) Server Denial of Service Vulnerability
|
No
|
No
|
7.5
|
|
Windows MSHTML Platform Spoofing Vulnerability
|
Yes
|
No
|
7.5
|
|
Windows Cryptographic Services Security Feature Bypass Vulnerability
|
No
|
No
|
7.5
|
|
Microsoft WS-Discovery Denial of Service Vulnerability
|
No
|
No
|
7.5
|
|
DCOM Remote Cross-Session Activation Elevation of Privilege Vulnerability
|
No
|
No
|
7.5
|
|
CERT/CC: CVE-2024-3596 RADIUS Protocol Spoofing Vulnerability
|
No
|
No
|
7.5
|
|
PowerShell Elevation of Privilege Vulnerability
|
No
|
No
|
7.3
|
|
Microsoft Windows Performance Data Helper Library Remote Code Execution Vulnerability
|
No
|
No
|
7.2
|
|
Microsoft Windows Performance Data Helper Library Remote Code Execution Vulnerability
|
No
|
No
|
7.2
|
|
Microsoft Windows Performance Data Helper Library Remote Code Execution Vulnerability
|
No
|
No
|
7.2
|
|
DHCP Server Service Remote Code Execution Vulnerability
|
No
|
No
|
7.2
|
|
Windows NTLM Spoofing Vulnerability
|
No
|
No
|
7.1
|
|
Windows Image Acquisition Elevation of Privilege Vulnerability
|
No
|
No
|
7
|
|
Secure Boot Security Feature Bypass Vulnerability
|
No
|
No
|
6.8
|
|
BitLocker Security Feature Bypass Vulnerability
|
No
|
No
|
6.8
|
|
Microsoft Windows Server Backup Elevation of Privilege Vulnerability
|
No
|
No
|
6.7
|
|
Windows Distributed Transaction Coordinator Remote Code Execution Vulnerability
|
No
|
No
|
6.6
|
|
Windows Themes Spoofing Vulnerability
|
No
|
No
|
6.5
|
|
Windows Network Driver Interface Specification (NDIS) Denial of Service Vulnerability
|
No
|
No
|
6.5
|
|
Windows Line Printer Daemon Service Denial of Service Vulnerability
|
No
|
No
|
6.5
|
|
Windows Layer-2 Bridge Network Driver Denial of Service Vulnerability
|
No
|
No
|
6.5
|
|
Windows Layer-2 Bridge Network Driver Denial of Service Vulnerability
|
No
|
No
|
6.5
|
|
Windows Layer-2 Bridge Network Driver Denial of Service Vulnerability
|
No
|
No
|
6.5
|
|
Windows Remote Desktop Licensing Service Denial of Service Vulnerability
|
No
|
No
|
5.9
|
|
Microsoft Windows Codecs Library Information Disclosure Vulnerability
|
No
|
No
|
5.5
|
|
Microsoft Windows Codecs Library Information Disclosure Vulnerability
|
No
|
No
|
5.5
|
|
Microsoft Message Queuing Information Disclosure Vulnerability
|
No
|
No
|
5.5
|
|
Windows iSCSI Service Denial of Service Vulnerability
|
No
|
No
|
5.3
|
|
Windows Remote Access Connection Manager Information Disclosure Vulnerability
|
No
|
No
|
4.7
|
CVE
|
Title
|
Exploited?
|
Publicly disclosed?
|
CVSSv3 base score
|
---|---|---|---|---|
Microsoft Dynamics 365 (On-Premises) Information Disclosure Vulnerability
|
No
|
No
|
7.3
|
CVE
|
Title
|
Exploited?
|
Publicly disclosed?
|
CVSSv3 base score
|
---|---|---|---|---|
Microsoft Office Remote Code Execution Vulnerability
|
No
|
No
|
8.8
|
|
Microsoft SharePoint Server Information Disclosure Vulnerability
|
No
|
No
|
7.5
|
|
Microsoft SharePoint Server Remote Code Execution Vulnerability
|
No
|
No
|
7.2
|
|
Microsoft SharePoint Server Remote Code Execution Vulnerability
|
No
|
No
|
7.2
|
|
Microsoft SharePoint Remote Code Execution Vulnerability
|
No
|
No
|
7.2
|
|
Microsoft Outlook Spoofing Vulnerability
|
No
|
No
|
6.5
|
CVE
|
Title
|
Exploited?
|
Publicly disclosed?
|
CVSSv3 base score
|
---|---|---|---|---|
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
|
No
|
No
|
8.8
|
|
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
|
No
|
No
|
8.8
|
|
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
|
No
|
No
|
8.8
|
|
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
|
No
|
No
|
8.8
|
|
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
|
No
|
No
|
8.8
|
|
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
|
No
|
No
|
8.8
|
|
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
|
No
|
No
|
8.8
|
|
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
|
No
|
No
|
8.8
|
|
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
|
No
|
No
|
8.8
|
|
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
|
No
|
No
|
8.8
|
|
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
|
No
|
No
|
8.8
|
|
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
|
No
|
No
|
8.8
|
|
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
|
No
|
No
|
8.8
|
|
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
|
No
|
No
|
8.8
|
|
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
|
No
|
No
|
8.8
|
|
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
|
No
|
No
|
8.8
|
|
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
|
No
|
No
|
8.8
|
|
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
|
No
|
No
|
8.8
|
|
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
|
No
|
No
|
8.8
|
|
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
|
No
|
No
|
8.8
|
|
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
|
No
|
No
|
8.8
|
|
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
|
No
|
No
|
8.8
|
|
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
|
No
|
No
|
8.8
|
|
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
|
No
|
No
|
8.8
|
|
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
|
No
|
No
|
8.8
|
|
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
|
No
|
No
|
8.8
|
|
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
|
No
|
No
|
8.8
|
|
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
|
No
|
No
|
8.8
|
|
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
|
No
|
No
|
8.8
|
|
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
|
No
|
No
|
8.8
|
|
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
|
No
|
No
|
8.8
|
|
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
|
No
|
No
|
8.8
|
|
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
|
No
|
No
|
8.8
|
|
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
|
No
|
No
|
8.8
|
|
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
|
No
|
No
|
8.8
|
|
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
|
No
|
No
|
8.8
|
|
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
|
No
|
No
|
8.8
|
|
Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
|
No
|
No
|
8.8
|
CVE
|
Title
|
Exploited?
|
Publicly disclosed?
|
CVSSv3 base score
|
---|---|---|---|---|
Microsoft Defender for IoT Elevation of Privilege Vulnerability
|
No
|
No
|
9.1
|
CVE
|
Title
|
Exploited?
|
Publicly disclosed?
|
CVSSv3 base score
|
---|---|---|---|---|
Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability
|
No
|
No
|
9.8
|
|
Windows Text Services Framework Elevation of Privilege Vulnerability
|
No
|
No
|
8.8
|
|
Windows MultiPoint Services Remote Code Execution Vulnerability
|
No
|
No
|
8.8
|
|
Secure Boot Security Feature Bypass Vulnerability
|
No
|
No
|
8
|
|
Secure Boot Security Feature Bypass Vulnerability
|
No
|
No
|
8
|
|
Secure Boot Security Feature Bypass Vulnerability
|
No
|
No
|
8
|
|
Windows Kernel-Mode Driver Elevation of Privilege Vulnerability
|
No
|
No
|
7.8
|
|
Windows Hyper-V Elevation of Privilege Vulnerability
|
Yes
|
No
|
7.8
|
|
Windows File Explorer Elevation of Privilege Vulnerability
|
No
|
No
|
7.8
|
|
Win32k Elevation of Privilege Vulnerability
|
No
|
No
|
7.8
|
|
PowerShell Elevation of Privilege Vulnerability
|
No
|
No
|
7.8
|
|
PowerShell Elevation of Privilege Vulnerability
|
No
|
No
|
7.8
|
|
Github: CVE-2024-38517 TenCent RapidJSON Elevation of Privilege Vulnerability
|
No
|
No
|
7.8
|
|
Xbox Wireless Adapter Remote Code Execution Vulnerability
|
No
|
No
|
7.5
|
|
Windows Remote Desktop Licensing Service Denial of Service Vulnerability
|
No
|
No
|
7.5
|
|
Microsoft Xbox Remote Code Execution Vulnerability
|
No
|
No
|
7.1
|
|
Windows Enroll Engine Security Feature Bypass Vulnerability
|
No
|
No
|
7
|
|
Secure Boot Security Feature Bypass Vulnerability
|
No
|
No
|
6.8
|
|
Arm: CVE-2024-37985 Systematic Identification and Characterization of Proprietary Prefetchers
|
No
|
Yes
|
5.9
|
|
Windows Kernel Information Disclosure Vulnerability
|
No
|
No
|
5.5
|
Microsoft's July 2024 Patch Tuesday release addressed 142 total vulnerabilities, headlined by fixes for two actively exploited zero-day flaws:
CVE-2024-38080 (Windows Hyper-V Elevation of Privilege Vulnerability)
CVE-2024-38112 (Windows MSHTML Platform Spoofing Vulnerability)
Additional key vulnerabilities included:
Three critical remote code execution vulnerabilities in Windows Remote Desktop Licensing Service (CVE-2024-38074, CVE-2024-38076, CVE-2024-38077)
A critical remote code execution vulnerability in Windows Imaging Component (CVE-2024-38060)
A critical remote code execution vulnerability in Microsoft SharePoint Server (CVE-2024-38023)
In total, 59 critical or high-severity remote code execution bugs were addressed this month along with 26 important elevation of privilege flaws. Security feature bypass, denial of service, information disclosure, and spoofing issues rounded out the rest.
Here's a summary table of the July 2024 Patch Tuesday vulnerabilities:
Vulnerability Type
|
Count
|
Severity
|
Remote Code Execution
|
59
|
5 Critical, 54 Important
|
Elevation of Privilege
|
26
|
Important
|
Security Feature Bypass
|
24
|
Important
|
Denial of Service
|
17
|
Important
|
Information Disclosure
|
9
|
Important
|
Spoofing
|
7
|
Important
|
The extensive patch load stresses the importance of continuous monitoring, vulnerability management, and updating to counter sophisticated multi-stage attacks targeting enterprise networks. Prioritizing remediation efforts by potential business impact is crucial.
Key areas of focus for this Patch Tuesday include:
Promptly patching the two actively exploited zero-day vulnerabilities.
Addressing the critical remote code execution flaws, especially those in widely-used services like Remote Desktop Licensing.
Reviewing and updating SQL Server instances and client code, given the high number of vulnerabilities patched.
Applying updates to core Windows components, Office, and SharePoint servers.
Organizations should prioritize these updates to mitigate the risk of potential attacks exploiting these vulnerabilities. As always, it's recommended to test patches in a controlled environment before deploying them widely across production systems.
We'll continue providing monthly Patch Tuesday analyses highlighting major security updates needing visibility. Stay tuned for next month's report to keep your systems secure and up-to-date.
We aim to keep readers informed each month in our Patch Tuesday reports. Please follow our website thesecmaster.com or subscribe to our social media pages on Facebook, LinkedIn, Twitter, Telegram, Tumblr, Medium & Instagram to receive similar updates.
You may also like these articles:
Arun KL is a cybersecurity professional with 15+ years of experience in IT infrastructure, cloud security, vulnerability management, Penetration Testing, security operations, and incident response. He is adept at designing and implementing robust security solutions to safeguard systems and data. Arun holds multiple industry certifications including CCNA, CCNA Security, RHCE, CEH, and AWS Security.
“Knowledge Arsenal: Empowering Your Security Journey through Continuous Learning”
"Cybersecurity All-in-One For Dummies" offers a comprehensive guide to securing personal and business digital assets from cyber threats, with actionable insights from industry experts.
BurpGPT is a cutting-edge Burp Suite extension that harnesses the power of OpenAI's language models to revolutionize web application security testing. With customizable prompts and advanced AI capabilities, BurpGPT enables security professionals to uncover bespoke vulnerabilities, streamline assessments, and stay ahead of evolving threats.
PentestGPT, developed by Gelei Deng and team, revolutionizes penetration testing by harnessing AI power. Leveraging OpenAI's GPT-4, it automates and streamlines the process, making it efficient and accessible. With advanced features and interactive guidance, PentestGPT empowers testers to identify vulnerabilities effectively, representing a significant leap in cybersecurity.
Tenable BurpGPT is a powerful Burp Suite extension that leverages OpenAI's advanced language models to analyze HTTP traffic and identify potential security risks. By automating vulnerability detection and providing AI-generated insights, BurpGPT dramatically reduces manual testing efforts for security researchers, developers, and pentesters.
Microsoft Security Copilot is a revolutionary AI-powered security solution that empowers cybersecurity professionals to identify and address potential breaches effectively. By harnessing advanced technologies like OpenAI's GPT-4 and Microsoft's extensive threat intelligence, Security Copilot streamlines threat detection and response, enabling defenders to operate at machine speed and scale.