Microsoft Patch Tuesday July 2024
Microsoft Patch Tuesday July 2024
Summary
This month’s Patch Tuesday has security updates to fix 2 actively exploited zero-days, 5 critical and a total of 139 vulnerabilities. Fixes for multiple products were released as usual.
The most important patches are:
CVE-2024-38080 – Windows Hyper-V Elevation of Privilege Vulnerability. A privilege escalation vulnerability that allows attackers with low-level authentication to elevate access to obtain SYSTEM privileges. CVSS 3.1: 7.8 (Important)
CVE-2024-38112 – Windows MSHTML Platform Spoofing Vulnerability. An unauthenticated remote attacker could exploit this vulnerability by convincing a potential target to open a malicious file. CVSS 3.1: 7.5 (Important)
CVE-2024-38074 & CVE-2024-38076 & CVE-2024-38077 – Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability. An unauthenticated attacker could connect to a Remote Desktop Licensing Service and send malicious network packets that could allow remote code execution. CVSS 3.1: 9.8 (Critical)
CVE-2024-38060 – Windows Imaging Component Remote Code Execution Vulnerability. Any authenticated attacker could exploit the vulnerability by uploading a malicious tagged image file format (TIFF) file to a server which can lead to remote code execution. CVSS 3.1: 8.8 (Critical)
CVE-2024-38023 – Microsoft SharePoint Server Remote Code Execution Vulnerability. An authenticated attacker with Site Owner permissions or higher could upload a specially crafted file to the targeted SharePoint server and craft specialized API requests to trigger deserialization of file’s parameters. This would enable the attacker to perform remote code execution in the context of the SharePoint Server. CVSS 3.1: 7.2 (Critical)
The patches this month break down as follows:
- 59 Remote code execution vulnerabilities
- 25 Elevation of privilege vulnerabilities
- 24 Security feature bypass vulnerabilities
- 17 Denial of Service vulnerabilities
- 8 Information disclosure vulnerabilities
- 6 Spoofing vulnerabilities
More information can be found here