My next class:
Network Monitoring and Threat Detection In-DepthSingaporeNov 18th - Nov 23rd 2024

Microsoft Patch Tuesday July 2024

Published: 2024-07-09. Last Updated: 2024-07-09 17:35:23 UTC
by Johannes Ullrich (Version: 1)
0 comment(s)

Microsoft today released patches for 142 vulnerabilities. Only four of the vulnerabilities are rated as "critical". There are two vulnerabilities that have already been discussed and two that have already been exploited.

Noteworthy Vulnerabilities:

CVE-2024-38080: Windows Hyper-V Elevation of Privilege Vulnerability (exploited vulnerability)

An attacker can obtain SYSTEM privilege by exploiting this integer overflow. 

CVE-2024-38112: Windows MSHTML Platform Spoofing Vulnerability

I haven't seen any details disclosed yet. However, these vulnerabilities typically make it difficult to identify the nature and origin of an attachment. A victim may be tricked into opening a malicious attachment, leading to code execution. There have been numerous similar vulnerabilities in the past.

CVE-2024-35264: .NET and Visual Studio Remote Code Execution Vulnerability (disclosed vulnerability)

CVSS score for this vulnerability is 8.1. It is not considered critical. The vulnerability is exploited by closing an http/3 connection while the body is still being processed. The attacker must take advantage of a race condition to execute code.

CVE-2024-37985: Systematic Identification and Characterization of Proprietary Prefetchers (disclosed vulnerability)

This vulnerability only affects ARM systems. An attacker would be able to view privileged heap memory.

CVE-2024-38074, CVE-2024-38076, CVE-2024-38077: Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability

Three of the four critical vulnerabilities affect the RDP Licensing Service. Watch our for PoC exploits for this vulnerability.

CVE-2024-38060: Windows Imaging Component Remote Code Execution Vulnerability

The WIC is the Windows framework used to parse images and related metadata. Toe trigger the vulnerability, an authenticated attacker must upload a TIFF image to a server.

Description
CVE Disclosed Exploited Exploitability (old versions) current version Severity CVSS Base (AVG) CVSS Temporal (AVG)
.NET Core and Visual Studio Denial of Service Vulnerability
CVE-2024-30105 No No - - Important 7.5 6.5
.NET and Visual Studio Denial of Service Vulnerability
CVE-2024-38095 No No - - Important 7.5 6.5
.NET and Visual Studio Remote Code Execution Vulnerability
CVE-2024-35264 Yes No - - Important 8.1 7.1
.NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability
CVE-2024-38081 No No - - Important 7.3 6.4
Arm: CVE-2024-37985 Systematic Identification and Characterization of Proprietary Prefetchers
CVE-2024-37985 Yes No - - Important 5.9 5.2
Azure CycleCloud Elevation of Privilege Vulnerability
CVE-2024-38092 No No - - Important 8.8 7.9
Azure DevOps Server Spoofing Vulnerability
CVE-2024-35266 No No - - Important 7.6 6.6
CVE-2024-35267 No No - - Important 7.6 6.6
Azure Kinect SDK Remote Code Execution Vulnerability
CVE-2024-38086 No No - - Important 6.4 5.6
Azure Network Watcher VM Extension Elevation of Privilege Vulnerability
CVE-2024-35261 No No - - Important 7.8 7.0
BitLocker Security Feature Bypass Vulnerability
CVE-2024-38058 No No - - Important 6.8 5.9
CERT/CC: CVE-2024-3596 RADIUS Protocol Spoofing Vulnerability
CVE-2024-3596 No No - - Important 7.5 6.5
DCOM Remote Cross-Session Activation Elevation of Privilege Vulnerability
CVE-2024-38061 No No - - Important 7.5 6.5
DHCP Server Service Remote Code Execution Vulnerability
CVE-2024-38044 No No - - Important 7.2 6.3
Github: CVE-2024-38517 TenCent RapidJSON Elevation of Privilege Vulnerability
CVE-2024-38517 No No - - Moderate 7.8 6.8
Github: CVE-2024-39684 TenCent RapidJSON Elevation of Privilege Vulnerability
CVE-2024-39684 No No - - Moderate 7.8 6.8
Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability
CVE-2024-38054 No No - - Important 7.8 6.8
CVE-2024-38052 No No - - Important 7.8 6.8
CVE-2024-38057 No No - - Important 7.8 6.8
Microsoft Defender for IoT Elevation of Privilege Vulnerability
CVE-2024-38089 No No - - Important 9.1 7.9
Microsoft Dynamics 365 (On-Premises) Information Disclosure Vulnerability
CVE-2024-30061 No No - - Important 7.3 6.4
Microsoft Message Queuing Information Disclosure Vulnerability
CVE-2024-38017 No No - - Important 5.5 5.0
Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
CVE-2024-37334 No No - - Important 8.8 7.7
Microsoft Office Remote Code Execution Vulnerability
CVE-2024-38021 No No - - Important 8.8 7.7
Microsoft Outlook Spoofing Vulnerability
CVE-2024-38020 No No - - Moderate 6.5 5.7
Microsoft SharePoint Remote Code Execution Vulnerability
CVE-2024-38094 No No - - Important 7.2 6.3
Microsoft SharePoint Server Information Disclosure Vulnerability
CVE-2024-32987 No No - - Important 7.5 6.5
Microsoft SharePoint Server Remote Code Execution Vulnerability
CVE-2024-38023 No No - - Critical 7.2 6.3
CVE-2024-38024 No No - - Important 7.2 6.3
Microsoft WS-Discovery Denial of Service Vulnerability
CVE-2024-38091 No No - - Important 7.5 6.5
Microsoft Windows Codecs Library Information Disclosure Vulnerability
CVE-2024-38055 No No - - Important 5.5 4.8
CVE-2024-38056 No No - - Important 5.5 4.8
Microsoft Windows Performance Data Helper Library Remote Code Execution Vulnerability
CVE-2024-38025 No No - - Important 7.2 6.3
CVE-2024-38019 No No - - Important 7.2 6.3
CVE-2024-38028 No No - - Important 7.2 6.3
Microsoft Windows Server Backup Elevation of Privilege Vulnerability
CVE-2024-38013 No No - - Important 6.7 5.8
Microsoft Xbox Remote Code Execution Vulnerability
CVE-2024-38032 No No - - Important 7.1 6.2
PowerShell Elevation of Privilege Vulnerability
CVE-2024-38043 No No - - Important 7.8 6.8
CVE-2024-38033 No No - - Important 7.3 6.4
CVE-2024-38047 No No - - Important 7.8 6.8
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
CVE-2024-38088 No No - - Important 8.8 7.7
CVE-2024-38087 No No - - Important 8.8 7.7
CVE-2024-21332 No No - - Important 8.8 7.7
CVE-2024-21333 No No - - Important 8.8 7.7
CVE-2024-21335 No No - - Important 8.8 7.7
CVE-2024-21373 No No - - Important 8.8 7.7
CVE-2024-21398 No No - - Important 8.8 7.7
CVE-2024-21414 No No - - Important 8.8 7.7
CVE-2024-21415 No No - - Important 8.8 7.7
CVE-2024-21428 No No - - Important 8.8 7.7
CVE-2024-37318 No No - - Important 8.8 7.7
CVE-2024-37332 No No - - Important 8.8 7.7
CVE-2024-37331 No No - - Important 8.8 7.7
CVE-2024-35271 No No - - Important 8.8 7.7
CVE-2024-35272 No No - - Important 8.8 7.7
CVE-2024-20701 No No - - Important 8.8 7.7
CVE-2024-21303 No No - - Important 8.8 7.7
CVE-2024-21308 No No - - Important 8.8 7.7
CVE-2024-21317 No No - - Important 8.8 7.7
CVE-2024-21331 No No - - Important 8.8 7.7
CVE-2024-21425 No No - - Important 8.8 7.7
CVE-2024-37319 No No - - Important 8.8 7.7
CVE-2024-37320 No No - - Important 8.8 7.7
CVE-2024-37321 No No - - Important 8.8 7.7
CVE-2024-37322 No No - - Important 8.8 7.7
CVE-2024-37323 No No - - Important 8.8 7.7
CVE-2024-37324 No No - - Important 8.8 7.7
CVE-2024-21449 No No - - Important 8.8 7.7
CVE-2024-37326 No No - - Important 8.8 7.7
CVE-2024-37327 No No - - Important 8.8 7.7
CVE-2024-37328 No No - - Important 8.8 7.7
CVE-2024-37329 No No - - Important 8.8 7.7
CVE-2024-37330 No No - - Important 8.8 7.7
CVE-2024-37333 No No - - Important 8.8 7.7
CVE-2024-37336 No No - - Important 8.8 7.7
CVE-2024-28928 No No - - Important 8.8 7.7
CVE-2024-35256 No No - - Important 8.8 7.7
Secure Boot Security Feature Bypass Vulnerability
CVE-2024-28899 No No - - Important 8.8 7.7
CVE-2024-37969 No No - - Important 8.0 7.0
CVE-2024-37970 No No - - Important 8.0 7.0
CVE-2024-37974 No No - - Important 8.0 7.0
CVE-2024-37981 No No - - Important 8.0 7.0
CVE-2024-37986 No No - - Important 8.0 7.0
CVE-2024-37987 No No - - Important 8.0 7.0
CVE-2024-26184 No No - - Important 6.8 5.9
CVE-2024-37971 No No - - Important 8.0 7.0
CVE-2024-37972 No No - - Important 8.0 7.0
CVE-2024-37973 No No - - Important 8.4 7.3
CVE-2024-37975 No No - - Important 8.0 7.0
CVE-2024-37977 No No - - Important 8.0 7.0
CVE-2024-37978 No No - - Important 8.0 7.0
CVE-2024-37984 No No - - Important 8.4 7.3
CVE-2024-37988 No No - - Important 8.0 7.0
CVE-2024-37989 No No - - Important 8.0 7.0
CVE-2024-38010 No No - - Important 8.0 7.0
CVE-2024-38011 No No - - Important 8.0 7.0
CVE-2024-38065 No No - - Important 6.8 5.9
Win32k Elevation of Privilege Vulnerability
CVE-2024-38059 No No - - Important 7.8 6.8
Windows Cryptographic Services Security Feature Bypass Vulnerability
CVE-2024-30098 No No - - Important 7.5 6.5
Windows Distributed Transaction Coordinator Remote Code Execution Vulnerability
CVE-2024-38049 No No - - Important 6.6 5.8
Windows Enroll Engine Security Feature Bypass Vulnerability
CVE-2024-38069 No No - - Important 7.0 6.1
Windows Fax Service Remote Code Execution Vulnerability
CVE-2024-38104 No No - - Important 8.8 7.7
Windows File Explorer Elevation of Privilege Vulnerability
CVE-2024-38100 No No - - Important 7.8 6.8
Windows Filtering Platform Elevation of Privilege Vulnerability
CVE-2024-38034 No No - - Important 7.8 6.8
Windows Graphics Component Elevation of Privilege Vulnerability
CVE-2024-38085 No No - - Important 7.8 6.8
CVE-2024-38079 No No - - Important 7.8 6.8
Windows Graphics Component Remote Code Execution Vulnerability
CVE-2024-38051 No No - - Important 7.8 6.8
Windows Hyper-V Elevation of Privilege Vulnerability
CVE-2024-38080 No Yes - - Important 7.8 6.8
Windows Image Acquisition Elevation of Privilege Vulnerability
CVE-2024-38022 No No - - Important 7.0 6.1
Windows Imaging Component Remote Code Execution Vulnerability
CVE-2024-38060 No No - - Critical 8.8 7.7
Windows Kernel Information Disclosure Vulnerability
CVE-2024-38041 No No - - Important 5.5 4.8
Windows Kernel-Mode Driver Elevation of Privilege Vulnerability
CVE-2024-38062 No No - - Important 7.8 6.8
Windows Layer-2 Bridge Network Driver Denial of Service Vulnerability
CVE-2024-38102 No No - - Important 6.5 5.7
CVE-2024-38101 No No - - Important 6.5 5.7
CVE-2024-38105 No No - - Important 6.5 5.7
Windows Layer-2 Bridge Network Driver Remote Code Execution Vulnerability
CVE-2024-38053 No No - - Important 8.8 7.7
Windows Line Printer Daemon Service Denial of Service Vulnerability
CVE-2024-38027 No No - - Important 6.5 5.7
Windows LockDown Policy (WLDP) Security Feature Bypass Vulnerability
CVE-2024-38070 No No - - Important 7.8 6.8
Windows MSHTML Platform Spoofing Vulnerability
CVE-2024-38112 No Yes - - Important 7.5 7.0
Windows MultiPoint Services Remote Code Execution Vulnerability
CVE-2024-30013 No No - - Important 8.8 7.7
Windows NTLM Spoofing Vulnerability
CVE-2024-30081 No No - - Important 7.1 6.2
Windows Network Driver Interface Specification (NDIS) Denial of Service Vulnerability
CVE-2024-38048 No No - - Important 6.5 5.7
Windows Online Certificate Status Protocol (OCSP) Server Denial of Service Vulnerability
CVE-2024-38031 No No - - Important 7.5 6.5
CVE-2024-38067 No No - - Important 7.5 6.5
CVE-2024-38068 No No - - Important 7.5 6.5
Windows Remote Access Connection Manager Elevation of Privilege Vulnerability
CVE-2024-30079 No No - - Important 7.8 6.8
Windows Remote Access Connection Manager Information Disclosure Vulnerability
CVE-2024-30071 No No - - Important 4.7 4.1
Windows Remote Desktop Gateway (RD Gateway) Denial of Service Vulnerability
CVE-2024-38015 No No - - Important 7.5 6.5
Windows Remote Desktop Licensing Service Denial of Service Vulnerability
CVE-2024-38071 No No - - Important 7.5 6.5
CVE-2024-38072 No No - - Important 7.5 6.5
CVE-2024-38073 No No - - Important 7.5 6.5
CVE-2024-38099 No No - - Important 5.9 5.2
Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability
CVE-2024-38077 No No - - Critical 9.8 8.5
CVE-2024-38074 No No - - Critical 9.8 8.5
CVE-2024-38076 No No - - Critical 9.8 8.5
Windows TCP/IP Information Disclosure Vulnerability
CVE-2024-38064 No No - - Important 7.5 6.5
Windows Text Services Framework Elevation of Privilege Vulnerability
CVE-2024-21417 No No Less Likely Less Likely Important 8.8 7.7
Windows Themes Spoofing Vulnerability
CVE-2024-38030 No No - - Important 6.5 5.7
Windows Win32k Elevation of Privilege Vulnerability
CVE-2024-38066 No No - - Important 7.8 6.8
Windows Workstation Service Elevation of Privilege Vulnerability
CVE-2024-38050 No No - - Important 7.8 6.8
Windows iSCSI Service Denial of Service Vulnerability
CVE-2024-35270 No No - - Important 5.3 4.6
Xbox Wireless Adapter Remote Code Execution Vulnerability
CVE-2024-38078 No No - - Important 7.5 6.5

---
Johannes B. Ullrich, Ph.D. , Dean of Research, SANS.edu
Twitter|

0 comment(s)
My next class:
Network Monitoring and Threat Detection In-DepthSingaporeNov 18th - Nov 23rd 2024

Comments


Diary Archives