Table of Contents
  • Home
  • /
  • Blog
  • /
  • Breaking Down the Latest July 2024 Patch Tuesday Report
July 10, 2024
|
20m

Breaking Down the Latest July 2024 Patch Tuesday Report


Microsoft's July 2024 Patch Tuesday: 142 Flaws Fixed

Microsoft has released its July 2024 Patch Tuesday security updates, addressing 142 vulnerabilities across Windows, Office, Exchange Server, Azure, Dynamics, and other products. This includes fixes for two zero-day vulnerabilities that are being actively exploited in the wild.

The two actively exploited zero-days are:

  • CVE-2024-38080 - Windows Hyper-V Elevation of Privilege Vulnerability

  • CVE-2024-38112 - Windows MSHTML Platform Spoofing Vulnerability

In total, Microsoft addressed 5 critical vulnerabilities and 137 important or moderate ones. The most common issues are remote code execution (59 bugs), elevation of privilege (26 bugs), and security feature bypass (24 bugs).

Key products receiving security updates include Windows, Office, Exchange Server, Azure, Dynamics 365, .NET Framework, Windows Hyper-V, and Microsoft Edge. Administrators should prioritize testing and deploying patches for the actively exploited zero-days and remote code execution flaws.

This Patch Tuesday is notable for the high number of vulnerabilities addressed, with 142 being on the higher end of typical monthly CVE counts. The presence of two actively exploited zero-days also increases the urgency of applying these updates.

Key Highlights - Patch Tuesday July 2024

In July's Patch Tuesday, Microsoft addressed 142 flaws, including two actively exploited zero-day vulnerabilities. This update included patches across categories like elevation of privilege, remote code execution, spoofing, denial of service, security feature bypass, and information disclosure.

Key highlights are:

  1. Total Flaws and Zero-Day Vulnerabilities: This update resolves 142 total bugs, with two zero-days being actively exploited in the wild (CVE-2024-38080 and CVE-2024-38112).

  2. Critical Flaws: Five vulnerabilities were rated as Critical, all being remote code execution flaws.

  3. Vulnerability Types: Remote Code Execution vulnerabilities lead the volume with 59 occurrences, followed by 26 Elevation of Privilege and 24 Security Feature Bypass vulnerabilities.

  4. Zero-Day Threats: The two actively exploited zero-days are a Windows Hyper-V Elevation of Privilege vulnerability (CVE-2024-38080) and a Windows MSHTML Platform Spoofing vulnerability (CVE-2024-38112).

  5. Critical-Rated Bugs: Notable critical vulnerabilities include remote code execution flaws in Windows Remote Desktop Licensing Service (CVE-2024-38074, CVE-2024-38076, CVE-2024-38077), Windows Imaging Component (CVE-2024-38060), and Microsoft SharePoint Server (CVE-2024-38023).

  6. Non-Critical Notables: Other major issues include multiple remote code execution vulnerabilities in SQL Server, elevation of privilege flaws in Windows components, and numerous security feature bypass vulnerabilities in Windows Secure Boot.

  7. Key Products: Major affected products include Windows, Office, Exchange Server, Azure, Dynamics 365, .NET Framework, Windows Hyper-V, and Microsoft Edge.

Zero-day Vulnerabilities Patched in July 2024

Microsoft addressed two zero-day vulnerabilities in the July 2024 Patch Tuesday release. These vulnerabilities are notable because they were being actively exploited in the wild prior to the patches being made available. Let's examine each of these critical vulnerabilities:

CVE ID
Title
Exploited?
Publicly disclosed?
CVSSv3 base score
Severity
CVE-2024-38080
Windows Hyper-V Elevation of Privilege Vulnerability
Yes
No
7.8
Important
CVE-2024-38112
Windows MSHTML Platform Spoofing Vulnerability
Yes
No
7.5
Important

CVE-2024-38080 - Windows Hyper-V Elevation of Privilege Vulnerability

  • Vulnerability type: Elevation of Privilege

  • Affected product: Windows Hyper-V

  • CVSS v3 base score: 7.8

  • Severity rating: Important

This vulnerability allows an attacker with low-level authentication to elevate access and obtain SYSTEM privileges in Windows Hyper-V. Microsoft has not shared specific details on the exploitation, likely due to its active exploitation status.

"An attacker who successfully exploited this vulnerability could gain SYSTEM privileges," explains Microsoft.

The vulnerability affects more recent editions of Windows, including Windows 11 since version 21H2 and Windows Server 2022 (including Server Core). Patching should be prioritized due to its actively exploited status.

CVE-2024-38112 - Windows MSHTML Platform Spoofing Vulnerability

  • Vulnerability type: Spoofing

  • Affected product: Windows MSHTML Platform

  • CVSS v3 base score: 7.5

  • Severity rating: Important

This spoofing vulnerability affects the Windows MSHTML Platform, which is used throughout Microsoft 365 and Microsoft Office products. Successful exploitation could potentially lead to partial data exposure.

"Successful exploitation of this vulnerability requires an attacker to take additional actions prior to exploitation to prepare the target environment," explains Microsoft. "An attacker would have to send the victim a malicious file that the victim would have to execute."

The vulnerability affects all versions of Windows, including Server editions. User interaction is required for exploitation, typically through social engineering tactics. While rated as Important, its active exploitation status makes it a priority for patching.

Microsoft has not shared extensive details on the exact nature of the spoofing or data exposure, likely to prevent further exploitation attempts.

Both of these zero-day vulnerabilities highlight the importance of prompt patching, especially for actively exploited flaws. Organizations should prioritize the deployment of these patches to mitigate the risk of ongoing attacks leveraging these vulnerabilities.

Critical Vulnerabilities Patched in July 2024

Five vulnerabilities with critical severity scores were addressed in the July 2024 Patch Tuesday report:

 CVE ID 
 Title 
 Exploited? 
 Publicly disclosed? 
 CVSSv3 base score 
 Severity 
 CVE-2024-38074 
 Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability 
 No 
 No 
9.8
 Critical 
 CVE-2024-38076 
 Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability 
 No 
 No 
9.8
 Critical 
 CVE-2024-38077 
 Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability 
 No 
 No 
9.8
 Critical 
 CVE-2024-38060 
 Windows Imaging Component Remote Code Execution Vulnerability 
 No 
 No 
8.8
 Critical 
 CVE-2024-38023 
 Microsoft SharePoint Server Remote Code Execution Vulnerability 
 No 
 No 
7.2
 Critical 

CVE-2024-38074, CVE-2024-38076, CVE-2024-38077 - Windows Remote Desktop Licensing Service Remote Code Execution Vulnerabilities

  • Vulnerability type: Remote Code Execution

  • Affected product: Windows Remote Desktop Licensing Service

  • CVSS v3 base score: 9.8

  • Severity rating: Critical

These three vulnerabilities affect the Windows Remote Desktop Licensing Service. An unauthenticated remote attacker could connect to the Remote Desktop Licensing Service and send a malicious message that may lead to remote code execution.

Microsoft notes: "An unauthenticated attacker could connect to the Remote Desktop Licensing Service and send a malicious message that may lead to remote code execution."

These vulnerabilities have the highest CVSS score of all patches this month, emphasizing their severity. Administrators should prioritize patching these, even if the service is currently disabled.

CVE-2024-38060 - Windows Imaging Component Remote Code Execution Vulnerability

  • Vulnerability type: Remote Code Execution

  • Affected product: Windows Imaging Component

  • CVSS v3 base score: 8.8

  • Severity rating: Critical

This vulnerability in the Windows Imaging Component is related to TIFF (Tagged Image File Format) image processing. An authenticated attacker could exploit this by uploading a specially crafted TIFF file to a server.

Microsoft explains: "An authenticated attacker could upload a malicious TIFF file to a server."

All supported versions of Windows (and likely unsupported versions as well) are vulnerable to this flaw.

CVE-2024-38023 - Microsoft SharePoint Server Remote Code Execution Vulnerability

  • Vulnerability type: Remote Code Execution

  • Affected product: Microsoft SharePoint Server

  • CVSS v3 base score: 7.2

  • Severity rating: Critical

This vulnerability could allow an authenticated attacker with Site Owner permissions or higher to execute arbitrary code on the SharePoint server. The attacker could upload a specially crafted file to a SharePoint Server and craft specialized API requests to trigger deserialization of the file's parameters.

Microsoft states: "An authenticated attacker with Site Owner permissions or higher could upload a specially crafted file to the targeted SharePoint Server and craft specialized API requests to trigger the deserialization of the file's parameters. This would enable the attacker to execute code remotely in the SharePoint Server context."

The lower CVSS score compared to the other critical vulnerabilities reflects the requirement of Site Owner privileges or higher to exploit the vulnerability.

These critical vulnerabilities underscore the importance of timely patching, especially for systems exposed to untrusted networks or users. Organizations should prioritize the deployment of these patches to mitigate the risk of potential attacks exploiting these vulnerabilities.

Vulnerabilities by Category

In total, 142 vulnerabilities were addressed in July's Patch Tuesday. Remote code execution being the most common vulnerability type patched by Microsoft this month, occurring 59 times. Elevation of privilege bugs also accounted for a significant portion of the flaws fixed, with 26 occurrences. The least common vulnerability category was spoofing, with 7 such flaws patched in July. Here's a breakdown of the vulnerabilities by category:

  • Remote Code Execution - 59

  • Elevation of Privilege – 26

  • Security Feature Bypass – 24

  • Denial of Service – 17

  • Information Disclosure - 9

  • Spoofing – 7

Here is a table with the vulnerability categories and associated CVE IDs from Microsoft's July 2024 Patch Tuesday:

 Vulnerability Category 
 CVE IDs 
 Remote Code Execution 
 CVE-2024-38074, CVE-2024-38076, CVE-2024-38077, CVE-2024-38060, CVE-2024-38023, CVE-2024-35264, CVE-2024-38086, CVE-2024-38053, CVE-2024-38104, CVE-2024-38049, CVE-2024-30013, CVE-2024-38078, CVE-2024-38032, CVE-2024-38021, CVE-2024-38024, CVE-2024-38094, [and 43 others] 
 Elevation of Privilege 
 CVE-2024-38080, CVE-2024-38092, CVE-2024-35261, CVE-2024-38081, CVE-2024-38050, CVE-2024-38066, CVE-2024-38085, CVE-2024-38079, CVE-2024-38034, CVE-2024-38054, CVE-2024-38052, CVE-2024-38057, CVE-2024-39684, CVE-2024-38100, CVE-2024-38059, CVE-2024-38043, CVE-2024-38047, [and 9 others] 
 Security Feature Bypass 
 CVE-2024-28899, CVE-2024-37973, CVE-2024-37984, CVE-2024-37969, CVE-2024-37970, CVE-2024-37974, CVE-2024-37986, CVE-2024-37987, CVE-2024-37971, CVE-2024-37972, CVE-2024-37975, CVE-2024-37988, CVE-2024-37989, CVE-2024-38010, CVE-2024-38011, CVE-2024-38070, CVE-2024-30098, [and 7 others] 
 Denial of Service 
 CVE-2024-38071, CVE-2024-38073, CVE-2024-38015, CVE-2024-38031, CVE-2024-38067, CVE-2024-38068, CVE-2024-38091, CVE-2024-38095, CVE-2024-30105, CVE-2024-38048, CVE-2024-38027, CVE-2024-38102, CVE-2024-38101, CVE-2024-38105, CVE-2024-38099, CVE-2024-35270, CVE-2024-38072 
 Information Disclosure 
 CVE-2024-38064, CVE-2024-38055, CVE-2024-38056, CVE-2024-38017, CVE-2024-30071, CVE-2024-38041, CVE-2024-32987, CVE-2024-30061, CVE-2024-37985 
 Spoofing 
 CVE-2024-38112, CVE-2024-35266, CVE-2024-35267, CVE-2024-30081, CVE-2024-38030, CVE-2024-3596, CVE-2024-38020 

List of Products Patched in July 2024 Patch Tuesday Report

Microsoft's July 2024 Patch Tuesday includes updates for a wide range of its products, applications, and services. Here are the key products and components that received patches:

 Product Name 
 No. of Vulnerabilities Patched 
 Windows 
87
 SQL Server 
38
 Windows Secure Boot 
20
 Windows Remote Desktop Licensing Service 
7
 .NET and Visual Studio 
4
 Microsoft Office 
4
 Azure 
5
 Microsoft Dynamics 
3
 Windows Kernel 
3
 Windows Graphics Component 
3
 Windows PowerShell 
3
 Microsoft Message Queuing 
1
 Windows MSHTML Platform 
1
 Windows Hyper-V 
1
 Microsoft SharePoint Server 
3
 Windows Imaging Component 
1
 Windows TCP/IP 
1
 Windows Online Certificate Status Protocol (OCSP) 
3
 Windows Layer-2 Bridge Network Driver 
3
 Microsoft Windows Codecs Library 
2
 Windows NTLM 
1
 BitLocker 
1
 Windows Themes 
1
 Windows File Explorer 
1
 Xbox Crypto Graphic Services 
2
 Windows Workstation Service 
1
 Windows DHCP Server 
1
 Windows Distributed Transaction Coordinator 
1

Complete List of Vulnerabilities Patched in July 2024 Patch Tuesday

Download the complete list of vulnerabilities by products patched in July 2024 Patch Tuesday here. 

Azure vulnerabilities

CVE
Title
Exploited?
Publicly disclosed?
CVSSv3 base score
Azure CycleCloud Elevation of Privilege Vulnerability
No
No
8.8
Azure Network Watcher VM Extension Elevation of Privilege Vulnerability
No
No
7.8
Azure DevOps Server Spoofing Vulnerability
No
No
7.6
Azure DevOps Server Spoofing Vulnerability
No
No
7.6
Azure Kinect SDK Remote Code Execution Vulnerability
No
No
6.4

Developer Tools vulnerabilities

CVE
Title
Exploited?
Publicly disclosed?
CVSSv3 base score
.NET and Visual Studio Remote Code Execution Vulnerability
No
Yes
8.1
.NET and Visual Studio Denial of Service Vulnerability
No
No
7.5
.NET Core and Visual Studio Denial of Service Vulnerability
No
No
7.5
.NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability
No
No
7.3

ESU Windows vulnerabilities

CVE
Title
Exploited?
Publicly disclosed?
CVSSv3 base score
Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability
No
No
9.8
Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability
No
No
9.8
Windows Layer-2 Bridge Network Driver Remote Code Execution Vulnerability
No
No
8.8
Windows Imaging Component Remote Code Execution Vulnerability
No
No
8.8
Windows Fax Service Remote Code Execution Vulnerability
No
No
8.8
Secure Boot Security Feature Bypass Vulnerability
No
No
8.8
Secure Boot Security Feature Bypass Vulnerability
No
No
8.4
Secure Boot Security Feature Bypass Vulnerability
No
No
8.4
Secure Boot Security Feature Bypass Vulnerability
No
No
8
Secure Boot Security Feature Bypass Vulnerability
No
No
8
Secure Boot Security Feature Bypass Vulnerability
No
No
8
Secure Boot Security Feature Bypass Vulnerability
No
No
8
Secure Boot Security Feature Bypass Vulnerability
No
No
8
Secure Boot Security Feature Bypass Vulnerability
No
No
8
Secure Boot Security Feature Bypass Vulnerability
No
No
8
Secure Boot Security Feature Bypass Vulnerability
No
No
8
Secure Boot Security Feature Bypass Vulnerability
No
No
8
Secure Boot Security Feature Bypass Vulnerability
No
No
8
Secure Boot Security Feature Bypass Vulnerability
No
No
8
Secure Boot Security Feature Bypass Vulnerability
No
No
8
Windows Workstation Service Elevation of Privilege Vulnerability
No
No
7.8
Windows Win32k Elevation of Privilege Vulnerability
No
No
7.8
Windows Remote Access Connection Manager Elevation of Privilege Vulnerability
No
No
7.8
Windows LockDown Policy (WLDP) Security Feature Bypass Vulnerability
No
No
7.8
Windows Graphics Component Remote Code Execution Vulnerability
No
No
7.8
Windows Graphics Component Elevation of Privilege Vulnerability
No
No
7.8
Windows Graphics Component Elevation of Privilege Vulnerability
No
No
7.8
Windows Filtering Platform Elevation of Privilege Vulnerability
No
No
7.8
Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability
No
No
7.8
Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability
No
No
7.8
Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability
No
No
7.8
Github: CVE-2024-39684 TenCent RapidJSON Elevation of Privilege Vulnerability
No
No
7.8
Windows TCP/IP Information Disclosure Vulnerability
No
No
7.5
Windows Remote Desktop Licensing Service Denial of Service Vulnerability
No
No
7.5
Windows Remote Desktop Licensing Service Denial of Service Vulnerability
No
No
7.5
Windows Remote Desktop Gateway (RD Gateway) Denial of Service Vulnerability
No
No
7.5
Windows Online Certificate Status Protocol (OCSP) Server Denial of Service Vulnerability
No
No
7.5
Windows Online Certificate Status Protocol (OCSP) Server Denial of Service Vulnerability
No
No
7.5
Windows Online Certificate Status Protocol (OCSP) Server Denial of Service Vulnerability
No
No
7.5
Windows MSHTML Platform Spoofing Vulnerability
Yes
No
7.5
Windows Cryptographic Services Security Feature Bypass Vulnerability
No
No
7.5
Microsoft WS-Discovery Denial of Service Vulnerability
No
No
7.5
DCOM Remote Cross-Session Activation Elevation of Privilege Vulnerability
No
No
7.5
CERT/CC: CVE-2024-3596 RADIUS Protocol Spoofing Vulnerability
No
No
7.5
PowerShell Elevation of Privilege Vulnerability
No
No
7.3
Microsoft Windows Performance Data Helper Library Remote Code Execution Vulnerability
No
No
7.2
Microsoft Windows Performance Data Helper Library Remote Code Execution Vulnerability
No
No
7.2
Microsoft Windows Performance Data Helper Library Remote Code Execution Vulnerability
No
No
7.2
DHCP Server Service Remote Code Execution Vulnerability
No
No
7.2
Windows NTLM Spoofing Vulnerability
No
No
7.1
Windows Image Acquisition Elevation of Privilege Vulnerability
No
No
7
Secure Boot Security Feature Bypass Vulnerability
No
No
6.8
BitLocker Security Feature Bypass Vulnerability
No
No
6.8
Microsoft Windows Server Backup Elevation of Privilege Vulnerability
No
No
6.7
Windows Distributed Transaction Coordinator Remote Code Execution Vulnerability
No
No
6.6
Windows Themes Spoofing Vulnerability
No
No
6.5
Windows Network Driver Interface Specification (NDIS) Denial of Service Vulnerability
No
No
6.5
Windows Line Printer Daemon Service Denial of Service Vulnerability
No
No
6.5
Windows Layer-2 Bridge Network Driver Denial of Service Vulnerability
No
No
6.5
Windows Layer-2 Bridge Network Driver Denial of Service Vulnerability
No
No
6.5
Windows Layer-2 Bridge Network Driver Denial of Service Vulnerability
No
No
6.5
Windows Remote Desktop Licensing Service Denial of Service Vulnerability
No
No
5.9
Microsoft Windows Codecs Library Information Disclosure Vulnerability
No
No
5.5
Microsoft Windows Codecs Library Information Disclosure Vulnerability
No
No
5.5
Microsoft Message Queuing Information Disclosure Vulnerability
No
No
5.5
Windows iSCSI Service Denial of Service Vulnerability
No
No
5.3
Windows Remote Access Connection Manager Information Disclosure Vulnerability
No
No
4.7

Microsoft Dynamics vulnerabilities

CVE
Title
Exploited?
Publicly disclosed?
CVSSv3 base score
Microsoft Dynamics 365 (On-Premises) Information Disclosure Vulnerability
No
No
7.3

Microsoft Office vulnerabilities

CVE
Title
Exploited?
Publicly disclosed?
CVSSv3 base score
Microsoft Office Remote Code Execution Vulnerability
No
No
8.8
Microsoft SharePoint Server Information Disclosure Vulnerability
No
No
7.5
Microsoft SharePoint Server Remote Code Execution Vulnerability
No
No
7.2
Microsoft SharePoint Server Remote Code Execution Vulnerability
No
No
7.2
Microsoft SharePoint Remote Code Execution Vulnerability
No
No
7.2
Microsoft Outlook Spoofing Vulnerability
No
No
6.5

SQL Server vulnerabilities

CVE
Title
Exploited?
Publicly disclosed?
CVSSv3 base score
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
No
No
8.8
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
No
No
8.8
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
No
No
8.8
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
No
No
8.8
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
No
No
8.8
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
No
No
8.8
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
No
No
8.8
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
No
No
8.8
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
No
No
8.8
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
No
No
8.8
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
No
No
8.8
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
No
No
8.8
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
No
No
8.8
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
No
No
8.8
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
No
No
8.8
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
No
No
8.8
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
No
No
8.8
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
No
No
8.8
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
No
No
8.8
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
No
No
8.8
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
No
No
8.8
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
No
No
8.8
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
No
No
8.8
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
No
No
8.8
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
No
No
8.8
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
No
No
8.8
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
No
No
8.8
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
No
No
8.8
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
No
No
8.8
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
No
No
8.8
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
No
No
8.8
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
No
No
8.8
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
No
No
8.8
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
No
No
8.8
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
No
No
8.8
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
No
No
8.8
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
No
No
8.8
Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
No
No
8.8

System Center vulnerabilities

CVE
Title
Exploited?
Publicly disclosed?
CVSSv3 base score
Microsoft Defender for IoT Elevation of Privilege Vulnerability
No
No
9.1

Windows vulnerabilities

CVE
Title
Exploited?
Publicly disclosed?
CVSSv3 base score
Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability
No
No
9.8
Windows Text Services Framework Elevation of Privilege Vulnerability
No
No
8.8
Windows MultiPoint Services Remote Code Execution Vulnerability
No
No
8.8
Secure Boot Security Feature Bypass Vulnerability
No
No
8
Secure Boot Security Feature Bypass Vulnerability
No
No
8
Secure Boot Security Feature Bypass Vulnerability
No
No
8
Windows Kernel-Mode Driver Elevation of Privilege Vulnerability
No
No
7.8
Windows Hyper-V Elevation of Privilege Vulnerability
Yes
No
7.8
Windows File Explorer Elevation of Privilege Vulnerability
No
No
7.8
Win32k Elevation of Privilege Vulnerability
No
No
7.8
PowerShell Elevation of Privilege Vulnerability
No
No
7.8
PowerShell Elevation of Privilege Vulnerability
No
No
7.8
Github: CVE-2024-38517 TenCent RapidJSON Elevation of Privilege Vulnerability
No
No
7.8
Xbox Wireless Adapter Remote Code Execution Vulnerability
No
No
7.5
Windows Remote Desktop Licensing Service Denial of Service Vulnerability
No
No
7.5
Microsoft Xbox Remote Code Execution Vulnerability
No
No
7.1
Windows Enroll Engine Security Feature Bypass Vulnerability
No
No
7
Secure Boot Security Feature Bypass Vulnerability
No
No
6.8
Arm: CVE-2024-37985 Systematic Identification and Characterization of Proprietary Prefetchers
No
Yes
5.9
Windows Kernel Information Disclosure Vulnerability
No
No
5.5

Bottom Line

Microsoft's July 2024 Patch Tuesday release addressed 142 total vulnerabilities, headlined by fixes for two actively exploited zero-day flaws:

  • CVE-2024-38080 (Windows Hyper-V Elevation of Privilege Vulnerability)

  • CVE-2024-38112 (Windows MSHTML Platform Spoofing Vulnerability)

Additional key vulnerabilities included:

  • Three critical remote code execution vulnerabilities in Windows Remote Desktop Licensing Service (CVE-2024-38074, CVE-2024-38076, CVE-2024-38077)

  • A critical remote code execution vulnerability in Windows Imaging Component (CVE-2024-38060)

  • A critical remote code execution vulnerability in Microsoft SharePoint Server (CVE-2024-38023)

In total, 59 critical or high-severity remote code execution bugs were addressed this month along with 26 important elevation of privilege flaws. Security feature bypass, denial of service, information disclosure, and spoofing issues rounded out the rest.

Here's a summary table of the July 2024 Patch Tuesday vulnerabilities:

 Vulnerability Type 
 Count 
 Severity 
 Remote Code Execution 
59
 5 Critical, 54 Important 
 Elevation of Privilege 
26
 Important 
 Security Feature Bypass 
24
 Important 
 Denial of Service 
17
 Important 
 Information Disclosure 
9
 Important 
 Spoofing 
7
 Important 

The extensive patch load stresses the importance of continuous monitoring, vulnerability management, and updating to counter sophisticated multi-stage attacks targeting enterprise networks. Prioritizing remediation efforts by potential business impact is crucial.

Key areas of focus for this Patch Tuesday include:

  1. Promptly patching the two actively exploited zero-day vulnerabilities.

  2. Addressing the critical remote code execution flaws, especially those in widely-used services like Remote Desktop Licensing.

  3. Reviewing and updating SQL Server instances and client code, given the high number of vulnerabilities patched.

  4. Applying updates to core Windows components, Office, and SharePoint servers.

Organizations should prioritize these updates to mitigate the risk of potential attacks exploiting these vulnerabilities. As always, it's recommended to test patches in a controlled environment before deploying them widely across production systems.

We'll continue providing monthly Patch Tuesday analyses highlighting major security updates needing visibility. Stay tuned for next month's report to keep your systems secure and up-to-date.

We aim to keep readers informed each month in our Patch Tuesday reports. Please follow our website thesecmaster.com or subscribe to our social media pages on Facebook, LinkedIn, Twitter, Telegram, Tumblr, Medium & Instagram to receive similar updates.

You may also like these articles:

Arun KL

Arun KL is a cybersecurity professional with 15+ years of experience in IT infrastructure, cloud security, vulnerability management, Penetration Testing, security operations, and incident response. He is adept at designing and implementing robust security solutions to safeguard systems and data. Arun holds multiple industry certifications including CCNA, CCNA Security, RHCE, CEH, and AWS Security.

Recently added

Report

View All

Learn More About Cyber Security Security & Technology

“Knowledge Arsenal: Empowering Your Security Journey through Continuous Learning”

Cybersecurity All-in-One For Dummies - 1st Edition

"Cybersecurity All-in-One For Dummies" offers a comprehensive guide to securing personal and business digital assets from cyber threats, with actionable insights from industry experts.

Tools

Featured

View All

Learn Something New with Free Email subscription

Subscribe

Subscribe