Today is Microsoft's July 2024 Patch Tuesday, which includes security updates for 142 flaws, including two actively exploited and two publicly disclosed zero-days.
This Patch Tuesday fixed five critical vulnerabilities, with all being remote code execution flaws.
The number of bugs in each vulnerability category is listed below:
- 26 Elevation of Privilege Vulnerabilities
- 24 Security Feature Bypass Vulnerabilities
- 59 Remote Code Execution Vulnerabilities
- 9 Information Disclosure Vulnerabilities
- 17 Denial of Service Vulnerabilities
- 7 Spoofing Vulnerabilities
To learn more about the non-security updates released today, you can review our dedicated articles on the new Windows 11 KB5040442 update and Windows 10 KB5040427 update.
Four zero-days fixed
This month's Patch Tuesday fixes two actively exploited and two other publicly disclosed zero-day vulnerabilities.
Microsoft classifies a zero-day flaw as one that is publicly disclosed or actively exploited while no official fix is available.
The two actively exploited zero-day vulnerabilities in today's updates are:
CVE-2024-38080 - Windows Hyper-V Elevation of Privilege Vulnerability
Microsoft has fixed an actively exploited Hyper-V elevation of privileges vulnerability that gives attackers SYSTEM privileges.
"An attacker who successfully exploited this vulnerability could gain SYSTEM privileges," explains Microsoft.
While Microsoft states that the flaw is actively exploited, it has not shared any further details about the vulnerability, including who discovered it.
CVE-2024-38112 - Windows MSHTML Platform Spoofing Vulnerability
Microsoft has fixed an actively exploited Windows MSHTML spoofing vulnerability.
"Successful exploitation of this vulnerability requires an attacker to take additional actions prior to exploitation to prepare the target environment," explains Microsoft.
"An attacker would have to send the victim a malicious file that the victim would have to execute," continued Microsoft.
Microsoft did not share any further details on how the vulnerability was exploited.
The flaw was disclosed Haifei Li with Check Point Research.
The two publicly disclosed vulnerabilities are:
CVE-2024-35264 - .NET and Visual Studio Remote Code Execution Vulnerability
Microsoft fixed a publicly disclosed .NET and Visual Studio RCE.
"An attacker could exploit this by closing an http/3 stream while the request body is being processed leading to a race condition. This could result in remote code execution," explains Microsoft.
Microsoft has not shared where it was publicly disclosed and said it was internally discovered by Radek Zikmund of Microsoft Corporation.
CVE-2024-37985 - Arm: CVE-2024-37985 Systematic Identification and Characterization of Proprietary Prefetchers
Microsoft has fixed a previously disclosed "FetchBench" side-channel attack that can be used to steal "secret information."
"An attacker who successfully exploited this vulnerability could view heap memory from a privileged process running on the server," explains Microsoft.
"Successful exploitation of this vulnerability requires an attacker to take additional actions prior to exploitation to prepare the target environment," continued Microsoft.
Recent updates from other companies
Other vendors who released updates or advisories in July 2024 include:
- Adobe releases security updates for Premiere Pro, InDesign, and Bridge.
- Cisco disclosed an NX-OS Software CLI command Injection vulnerability that was exploited in attacks.
- Citrix fixed flaws in Windows Virtual Delivery Agent and the Citrix Workspace app.
- A GhostScript RCE flaw fixed in May 2024 is now exploited in attacks.
- Fortinet fixes multiple vulnerabilities in FortiOS and other products.
- Mozilla releases Firefox 128 with fixes for multiple vulnerabilities.
- OpenSSH fixes new regreSSHion RCE vulnerability. A second similar vulnerability tracked as CVE-2024-6409 was disclosed yesterday as well.
- VMware fixes an HTML injection vulnerability in Cloud Director.
The July 2024 Patch Tuesday Security Updates
Below is the complete list of resolved vulnerabilities in the July 2024 Patch Tuesday updates.
To access the full description of each vulnerability and the systems it affects, you can view the full report here.
Tag | CVE ID | CVE Title | Severity |
---|---|---|---|
.NET and Visual Studio | CVE-2024-30105 | .NET Core and Visual Studio Denial of Service Vulnerability | Important |
.NET and Visual Studio | CVE-2024-38081 | .NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability | Important |
.NET and Visual Studio | CVE-2024-35264 | .NET and Visual Studio Remote Code Execution Vulnerability | Important |
.NET and Visual Studio | CVE-2024-38095 | .NET and Visual Studio Denial of Service Vulnerability | Important |
Active Directory Rights Management Services | CVE-2024-39684 | Github: CVE-2024-39684 TenCent RapidJSON Elevation of Privilege Vulnerability | Moderate |
Active Directory Rights Management Services | CVE-2024-38517 | Github: CVE-2024-38517 TenCent RapidJSON Elevation of Privilege Vulnerability | Moderate |
Azure CycleCloud | CVE-2024-38092 | Azure CycleCloud Elevation of Privilege Vulnerability | Important |
Azure DevOps | CVE-2024-35266 | Azure DevOps Server Spoofing Vulnerability | Important |
Azure DevOps | CVE-2024-35267 | Azure DevOps Server Spoofing Vulnerability | Important |
Azure Kinect SDK | CVE-2024-38086 | Azure Kinect SDK Remote Code Execution Vulnerability | Important |
Azure Network Watcher | CVE-2024-35261 | Azure Network Watcher VM Extension Elevation of Privilege Vulnerability | Important |
Intel | CVE-2024-37985 | Arm: CVE-2024-37985 Systematic Identification and Characterization of Proprietary Prefetchers | Important |
Line Printer Daemon Service (LPD) | CVE-2024-38027 | Windows Line Printer Daemon Service Denial of Service Vulnerability | Important |
Microsoft Defender for IoT | CVE-2024-38089 | Microsoft Defender for IoT Elevation of Privilege Vulnerability | Important |
Microsoft Dynamics | CVE-2024-30061 | Microsoft Dynamics 365 (On-Premises) Information Disclosure Vulnerability | Important |
Microsoft Graphics Component | CVE-2024-38079 | Windows Graphics Component Elevation of Privilege Vulnerability | Important |
Microsoft Graphics Component | CVE-2024-38051 | Windows Graphics Component Remote Code Execution Vulnerability | Important |
Microsoft Office | CVE-2024-38021 | Microsoft Office Remote Code Execution Vulnerability | Important |
Microsoft Office Outlook | CVE-2024-38020 | Microsoft Outlook Spoofing Vulnerability | Moderate |
Microsoft Office SharePoint | CVE-2024-38024 | Microsoft SharePoint Server Remote Code Execution Vulnerability | Important |
Microsoft Office SharePoint | CVE-2024-38023 | Microsoft SharePoint Server Remote Code Execution Vulnerability | Critical |
Microsoft Office SharePoint | CVE-2024-32987 | Microsoft SharePoint Server Information Disclosure Vulnerability | Important |
Microsoft Office SharePoint | CVE-2024-38094 | Microsoft SharePoint Remote Code Execution Vulnerability | Important |
Microsoft Streaming Service | CVE-2024-38057 | Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability | Important |
Microsoft Streaming Service | CVE-2024-38054 | Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability | Important |
Microsoft Streaming Service | CVE-2024-38052 | Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability | Important |
Microsoft Windows Codecs Library | CVE-2024-38055 | Microsoft Windows Codecs Library Information Disclosure Vulnerability | Important |
Microsoft Windows Codecs Library | CVE-2024-38056 | Microsoft Windows Codecs Library Information Disclosure Vulnerability | Important |
Microsoft WS-Discovery | CVE-2024-38091 | Microsoft WS-Discovery Denial of Service Vulnerability | Important |
NDIS | CVE-2024-38048 | Windows Network Driver Interface Specification (NDIS) Denial of Service Vulnerability | Important |
NPS RADIUS Server | CVE-2024-3596 | CERT/CC: CVE-2024-3596 RADIUS Protocol Spoofing Vulnerability | Important |
Role: Active Directory Certificate Services; Active Directory Domain Services | CVE-2024-38061 | DCOM Remote Cross-Session Activation Elevation of Privilege Vulnerability | Important |
Role: Windows Hyper-V | CVE-2024-38080 | Windows Hyper-V Elevation of Privilege Vulnerability | Important |
SQL Server | CVE-2024-28928 | SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | Important |
SQL Server | CVE-2024-38088 | SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | Important |
SQL Server | CVE-2024-20701 | SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | Important |
SQL Server | CVE-2024-21317 | SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | Important |
SQL Server | CVE-2024-21331 | SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | Important |
SQL Server | CVE-2024-21308 | SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | Important |
SQL Server | CVE-2024-21333 | SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | Important |
SQL Server | CVE-2024-35256 | SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | Important |
SQL Server | CVE-2024-21303 | SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | Important |
SQL Server | CVE-2024-21335 | SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | Important |
SQL Server | CVE-2024-35271 | SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | Important |
SQL Server | CVE-2024-35272 | SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | Important |
SQL Server | CVE-2024-21332 | SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | Important |
SQL Server | CVE-2024-38087 | SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | Important |
SQL Server | CVE-2024-21425 | SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | Important |
SQL Server | CVE-2024-21449 | SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | Important |
SQL Server | CVE-2024-37324 | SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | Important |
SQL Server | CVE-2024-37330 | SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | Important |
SQL Server | CVE-2024-37326 | SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | Important |
SQL Server | CVE-2024-37329 | SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | Important |
SQL Server | CVE-2024-37328 | SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | Important |
SQL Server | CVE-2024-37327 | SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | Important |
SQL Server | CVE-2024-37334 | Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability | Important |
SQL Server | CVE-2024-37321 | SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | Important |
SQL Server | CVE-2024-37320 | SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | Important |
SQL Server | CVE-2024-37319 | SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | Important |
SQL Server | CVE-2024-37322 | SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | Important |
SQL Server | CVE-2024-37333 | SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | Important |
SQL Server | CVE-2024-37336 | SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | Important |
SQL Server | CVE-2024-37323 | SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | Important |
SQL Server | CVE-2024-37331 | SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | Important |
SQL Server | CVE-2024-21398 | SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | Important |
SQL Server | CVE-2024-21373 | SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | Important |
SQL Server | CVE-2024-37318 | SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | Important |
SQL Server | CVE-2024-21428 | SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | Important |
SQL Server | CVE-2024-21415 | SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | Important |
SQL Server | CVE-2024-37332 | SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | Important |
SQL Server | CVE-2024-21414 | SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | Important |
Windows BitLocker | CVE-2024-38058 | BitLocker Security Feature Bypass Vulnerability | Important |
Windows COM Session | CVE-2024-38100 | Windows File Explorer Elevation of Privilege Vulnerability | Important |
Windows CoreMessaging | CVE-2024-21417 | Windows Text Services Framework Elevation of Privilege Vulnerability | Important |
Windows Cryptographic Services | CVE-2024-30098 | Windows Cryptographic Services Security Feature Bypass Vulnerability | Important |
Windows DHCP Server | CVE-2024-38044 | DHCP Server Service Remote Code Execution Vulnerability | Important |
Windows Distributed Transaction Coordinator | CVE-2024-38049 | Windows Distributed Transaction Coordinator Remote Code Execution Vulnerability | Important |
Windows Enroll Engine | CVE-2024-38069 | Windows Enroll Engine Security Feature Bypass Vulnerability | Important |
Windows Fax and Scan Service | CVE-2024-38104 | Windows Fax Service Remote Code Execution Vulnerability | Important |
Windows Filtering | CVE-2024-38034 | Windows Filtering Platform Elevation of Privilege Vulnerability | Important |
Windows Image Acquisition | CVE-2024-38022 | Windows Image Acquisition Elevation of Privilege Vulnerability | Important |
Windows Imaging Component | CVE-2024-38060 | Windows Imaging Component Remote Code Execution Vulnerability | Critical |
Windows Internet Connection Sharing (ICS) | CVE-2024-38105 | Windows Layer-2 Bridge Network Driver Denial of Service Vulnerability | Important |
Windows Internet Connection Sharing (ICS) | CVE-2024-38053 | Windows Layer-2 Bridge Network Driver Remote Code Execution Vulnerability | Important |
Windows Internet Connection Sharing (ICS) | CVE-2024-38102 | Windows Layer-2 Bridge Network Driver Denial of Service Vulnerability | Important |
Windows Internet Connection Sharing (ICS) | CVE-2024-38101 | Windows Layer-2 Bridge Network Driver Denial of Service Vulnerability | Important |
Windows iSCSI | CVE-2024-35270 | Windows iSCSI Service Denial of Service Vulnerability | Important |
Windows Kernel | CVE-2024-38041 | Windows Kernel Information Disclosure Vulnerability | Important |
Windows Kernel-Mode Drivers | CVE-2024-38062 | Windows Kernel-Mode Driver Elevation of Privilege Vulnerability | Important |
Windows LockDown Policy (WLDP) | CVE-2024-38070 | Windows LockDown Policy (WLDP) Security Feature Bypass Vulnerability | Important |
Windows Message Queuing | CVE-2024-38017 | Microsoft Message Queuing Information Disclosure Vulnerability | Important |
Windows MSHTML Platform | CVE-2024-38112 | Windows MSHTML Platform Spoofing Vulnerability | Important |
Windows MultiPoint Services | CVE-2024-30013 | Windows MultiPoint Services Remote Code Execution Vulnerability | Important |
Windows NTLM | CVE-2024-30081 | Windows NTLM Spoofing Vulnerability | Important |
Windows Online Certificate Status Protocol (OCSP) | CVE-2024-38068 | Windows Online Certificate Status Protocol (OCSP) Server Denial of Service Vulnerability | Important |
Windows Online Certificate Status Protocol (OCSP) | CVE-2024-38067 | Windows Online Certificate Status Protocol (OCSP) Server Denial of Service Vulnerability | Important |
Windows Online Certificate Status Protocol (OCSP) | CVE-2024-38031 | Windows Online Certificate Status Protocol (OCSP) Server Denial of Service Vulnerability | Important |
Windows Performance Monitor | CVE-2024-38028 | Microsoft Windows Performance Data Helper Library Remote Code Execution Vulnerability | Important |
Windows Performance Monitor | CVE-2024-38019 | Microsoft Windows Performance Data Helper Library Remote Code Execution Vulnerability | Important |
Windows Performance Monitor | CVE-2024-38025 | Microsoft Windows Performance Data Helper Library Remote Code Execution Vulnerability | Important |
Windows PowerShell | CVE-2024-38043 | PowerShell Elevation of Privilege Vulnerability | Important |
Windows PowerShell | CVE-2024-38047 | PowerShell Elevation of Privilege Vulnerability | Important |
Windows PowerShell | CVE-2024-38033 | PowerShell Elevation of Privilege Vulnerability | Important |
Windows Remote Access Connection Manager | CVE-2024-30071 | Windows Remote Access Connection Manager Information Disclosure Vulnerability | Important |
Windows Remote Access Connection Manager | CVE-2024-30079 | Windows Remote Access Connection Manager Elevation of Privilege Vulnerability | Important |
Windows Remote Desktop | CVE-2024-38076 | Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability | Critical |
Windows Remote Desktop | CVE-2024-38015 | Windows Remote Desktop Gateway (RD Gateway) Denial of Service Vulnerability | Important |
Windows Remote Desktop Licensing Service | CVE-2024-38071 | Windows Remote Desktop Licensing Service Denial of Service Vulnerability | Important |
Windows Remote Desktop Licensing Service | CVE-2024-38073 | Windows Remote Desktop Licensing Service Denial of Service Vulnerability | Important |
Windows Remote Desktop Licensing Service | CVE-2024-38074 | Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability | Critical |
Windows Remote Desktop Licensing Service | CVE-2024-38072 | Windows Remote Desktop Licensing Service Denial of Service Vulnerability | Important |
Windows Remote Desktop Licensing Service | CVE-2024-38077 | Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability | Critical |
Windows Remote Desktop Licensing Service | CVE-2024-38099 | Windows Remote Desktop Licensing Service Denial of Service Vulnerability | Important |
Windows Secure Boot | CVE-2024-38065 | Secure Boot Security Feature Bypass Vulnerability | Important |
Windows Secure Boot | CVE-2024-37986 | Secure Boot Security Feature Bypass Vulnerability | Important |
Windows Secure Boot | CVE-2024-37981 | Secure Boot Security Feature Bypass Vulnerability | Important |
Windows Secure Boot | CVE-2024-37987 | Secure Boot Security Feature Bypass Vulnerability | Important |
Windows Secure Boot | CVE-2024-28899 | Secure Boot Security Feature Bypass Vulnerability | Important |
Windows Secure Boot | CVE-2024-26184 | Secure Boot Security Feature Bypass Vulnerability | Important |
Windows Secure Boot | CVE-2024-38011 | Secure Boot Security Feature Bypass Vulnerability | Important |
Windows Secure Boot | CVE-2024-37984 | Secure Boot Security Feature Bypass Vulnerability | Important |
Windows Secure Boot | CVE-2024-37988 | Secure Boot Security Feature Bypass Vulnerability | Important |
Windows Secure Boot | CVE-2024-37977 | Secure Boot Security Feature Bypass Vulnerability | Important |
Windows Secure Boot | CVE-2024-37978 | Secure Boot Security Feature Bypass Vulnerability | Important |
Windows Secure Boot | CVE-2024-37974 | Secure Boot Security Feature Bypass Vulnerability | Important |
Windows Secure Boot | CVE-2024-38010 | Secure Boot Security Feature Bypass Vulnerability | Important |
Windows Secure Boot | CVE-2024-37989 | Secure Boot Security Feature Bypass Vulnerability | Important |
Windows Secure Boot | CVE-2024-37970 | Secure Boot Security Feature Bypass Vulnerability | Important |
Windows Secure Boot | CVE-2024-37975 | Secure Boot Security Feature Bypass Vulnerability | Important |
Windows Secure Boot | CVE-2024-37972 | Secure Boot Security Feature Bypass Vulnerability | Important |
Windows Secure Boot | CVE-2024-37973 | Secure Boot Security Feature Bypass Vulnerability | Important |
Windows Secure Boot | CVE-2024-37971 | Secure Boot Security Feature Bypass Vulnerability | Important |
Windows Secure Boot | CVE-2024-37969 | Secure Boot Security Feature Bypass Vulnerability | Important |
Windows Server Backup | CVE-2024-38013 | Microsoft Windows Server Backup Elevation of Privilege Vulnerability | Important |
Windows TCP/IP | CVE-2024-38064 | Windows TCP/IP Information Disclosure Vulnerability | Important |
Windows Themes | CVE-2024-38030 | Windows Themes Spoofing Vulnerability | Important |
Windows Win32 Kernel Subsystem | CVE-2024-38085 | Windows Graphics Component Elevation of Privilege Vulnerability | Important |
Windows Win32K - GRFX | CVE-2024-38066 | Windows Win32k Elevation of Privilege Vulnerability | Important |
Windows Win32K - ICOMP | CVE-2024-38059 | Win32k Elevation of Privilege Vulnerability | Important |
Windows Workstation Service | CVE-2024-38050 | Windows Workstation Service Elevation of Privilege Vulnerability | Important |
XBox Crypto Graphic Services | CVE-2024-38032 | Microsoft Xbox Remote Code Execution Vulnerability | Important |
XBox Crypto Graphic Services | CVE-2024-38078 | Xbox Wireless Adapter Remote Code Execution Vulnerability | Important |
Comments
3dw1n - 4 months ago
Posts like this have made BleepingComputer one of my most visited sites. Thx !