Microsoft is addressing 139 vulnerabilities this July 2024 Patch Tuesday, which is on the high side in terms of typical CVE counts. They’ve also republished details for 4 CVEs issued by other vendors that affect Microsoft products. Microsoft has evidence of in-the-wild exploitation for 2 of the vulnerabilities published today. At time of writing, none of the vulnerabilities patched today are listed in CISA’s Known Exploited Vulnerabilities catalog, though we can expect CVE-2024-38080 and CVE-2024-38112 to appear there in short order. Microsoft is also patching 5 critical remote code execution (RCE) vulnerabilities today.
CVE-2024-38080 is an elevation of privilege (EoP) vulnerability affecting Microsoft’s Hyper-V virtualization functionality. Successful exploitation will give an attacker SYSTEM-level privileges. Only more recent editions of Windows are affected; Windows 11 since version 21H2 and Windows Server 2022 (including Server Core).
The other vulnerability seen exploited in the wild this month is CVE-2024-38112, a Spoofing vulnerability affecting Microsoft’s MSHTML browser engine which can be found on all versions of Windows, including Server editions. User interaction is required for exploitation – for example, a threat actor would need to send the victim a malicious file and convince them to open it. Microsoft is characteristically cagey about what exactly can be spoofed here, though they do indicate that the associated Common Weakness Enumeration (CWE) is CWE-668: Exposure of Resource to Wrong Sphere, which is defined as providing unintended actors with inappropriate access to a resource.
Similar to a vulnerability seen in May, CVE-2024-38023 is a SharePoint vulnerability that could allow an authenticated attacker with Site Owner permissions or higher to upload a specially crafted file to a SharePoint Server, then craft malicious API requests to trigger deserialization of the file's parameters, thus enabling them to achieve remote code execution in the context of the SharePoint Server. The CVSS base score of 7.2 reflects the requirement of Site Owner privileges or higher to exploit the vulnerability.
All supported versions of Windows (and almost certainly unsupported versions as well) are vulnerable to CVE-2024-38060, a flaw in the Windows Imaging Component related to TIFF (Tagged Image File Format) image processing that could allow an attacker to execute arbitrary code on a system. The example scenario Microsoft provides is simply of an authenticated attacker uploading a specially crafted TIFF image to a server in order to exploit this.
Three critical CVEs related to the Windows Remote Desktop Licensing Service were patched this month. CVE-2024-38074, CVE-2024-38076, and CVE-2024-38077. All three of these carry a CVSS 3.1 base score of 9.8 – if you rely on the Remote Desktop licensing service, best get patching immediately. As a mitigation, consider disabling the service entirely until there is an opportunity to apply the update.
Microsoft has patched a host of CVEs affecting SQL Server, all with a CVSS 3.1 base score of 8.8 and allowing RCE. These specifically affect the OLE DB Provider, so not only do SQL Server instances need to be updated, but client code running vulnerable versions of the connection driver will also need to be addressed. For example, an attacker could use social engineering tactics to dupe an authenticated user into attempting to connect to a SQL Server database configured to return malicious data, allowing arbitrary code execution on the client.
Also in SQL Server news this month, Microsoft SQL Server 2014 moves past the end of extended support. From this point onward, Microsoft only guarantees to provide SQL Server 2014 security updates to customers who pay for the Extended Security Updates program.
CVE | Title | Exploited? | Publicly disclosed? | CVSSv3 base score |
---|---|---|---|---|
CVE-2024-38092 | Azure CycleCloud Elevation of Privilege Vulnerability | No | No | 8.8 |
CVE-2024-35261 | Azure Network Watcher VM Extension Elevation of Privilege Vulnerability | No | No | 7.8 |
CVE-2024-35266 | Azure DevOps Server Spoofing Vulnerability | No | No | 7.6 |
CVE-2024-35267 | Azure DevOps Server Spoofing Vulnerability | No | No | 7.6 |
CVE-2024-38086 | Azure Kinect SDK Remote Code Execution Vulnerability | No | No | 6.4 |
CVE | Title | Exploited? | Publicly disclosed? | CVSSv3 base score |
---|---|---|---|---|
CVE-2024-35264 | .NET and Visual Studio Remote Code Execution Vulnerability | No | Yes | 8.1 |
CVE-2024-38095 | .NET and Visual Studio Denial of Service Vulnerability | No | No | 7.5 |
CVE-2024-30105 | .NET Core and Visual Studio Denial of Service Vulnerability | No | No | 7.5 |
CVE-2024-38081 | .NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability | No | No | 7.3 |
CVE | Title | Exploited? | Publicly disclosed? | CVSSv3 base score |
---|---|---|---|---|
CVE-2024-38077 | Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability | No | No | 9.8 |
CVE-2024-38074 | Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability | No | No | 9.8 |
CVE-2024-38053 | Windows Layer-2 Bridge Network Driver Remote Code Execution Vulnerability | No | No | 8.8 |
CVE-2024-38060 | Windows Imaging Component Remote Code Execution Vulnerability | No | No | 8.8 |
CVE-2024-38104 | Windows Fax Service Remote Code Execution Vulnerability | No | No | 8.8 |
CVE-2024-28899 | Secure Boot Security Feature Bypass Vulnerability | No | No | 8.8 |
CVE-2024-37973 | Secure Boot Security Feature Bypass Vulnerability | No | No | 8.4 |
CVE-2024-37984 | Secure Boot Security Feature Bypass Vulnerability | No | No | 8.4 |
CVE-2024-37969 | Secure Boot Security Feature Bypass Vulnerability | No | No | 8 |
CVE-2024-37970 | Secure Boot Security Feature Bypass Vulnerability | No | No | 8 |
CVE-2024-37974 | Secure Boot Security Feature Bypass Vulnerability | No | No | 8 |
CVE-2024-37986 | Secure Boot Security Feature Bypass Vulnerability | No | No | 8 |
CVE-2024-37987 | Secure Boot Security Feature Bypass Vulnerability | No | No | 8 |
CVE-2024-37971 | Secure Boot Security Feature Bypass Vulnerability | No | No | 8 |
CVE-2024-37972 | Secure Boot Security Feature Bypass Vulnerability | No | No | 8 |
CVE-2024-37975 | Secure Boot Security Feature Bypass Vulnerability | No | No | 8 |
CVE-2024-37988 | Secure Boot Security Feature Bypass Vulnerability | No | No | 8 |
CVE-2024-37989 | Secure Boot Security Feature Bypass Vulnerability | No | No | 8 |
CVE-2024-38010 | Secure Boot Security Feature Bypass Vulnerability | No | No | 8 |
CVE-2024-38011 | Secure Boot Security Feature Bypass Vulnerability | No | No | 8 |
CVE-2024-38050 | Windows Workstation Service Elevation of Privilege Vulnerability | No | No | 7.8 |
CVE-2024-38066 | Windows Win32k Elevation of Privilege Vulnerability | No | No | 7.8 |
CVE-2024-30079 | Windows Remote Access Connection Manager Elevation of Privilege Vulnerability | No | No | 7.8 |
CVE-2024-38070 | Windows LockDown Policy (WLDP) Security Feature Bypass Vulnerability | No | No | 7.8 |
CVE-2024-38051 | Windows Graphics Component Remote Code Execution Vulnerability | No | No | 7.8 |
CVE-2024-38085 | Windows Graphics Component Elevation of Privilege Vulnerability | No | No | 7.8 |
CVE-2024-38079 | Windows Graphics Component Elevation of Privilege Vulnerability | No | No | 7.8 |
CVE-2024-38034 | Windows Filtering Platform Elevation of Privilege Vulnerability | No | No | 7.8 |
CVE-2024-38054 | Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability | No | No | 7.8 |
CVE-2024-38052 | Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability | No | No | 7.8 |
CVE-2024-38057 | Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability | No | No | 7.8 |
CVE-2024-39684 | Github: CVE-2024-39684 TenCent RapidJSON Elevation of Privilege Vulnerability | No | No | 7.8 |
CVE-2024-38064 | Windows TCP/IP Information Disclosure Vulnerability | No | No | 7.5 |
CVE-2024-38071 | Windows Remote Desktop Licensing Service Denial of Service Vulnerability | No | No | 7.5 |
CVE-2024-38073 | Windows Remote Desktop Licensing Service Denial of Service Vulnerability | No | No | 7.5 |
CVE-2024-38015 | Windows Remote Desktop Gateway (RD Gateway) Denial of Service Vulnerability | No | No | 7.5 |
CVE-2024-38031 | Windows Online Certificate Status Protocol (OCSP) Server Denial of Service Vulnerability | No | No | 7.5 |
CVE-2024-38067 | Windows Online Certificate Status Protocol (OCSP) Server Denial of Service Vulnerability | No | No | 7.5 |
CVE-2024-38068 | Windows Online Certificate Status Protocol (OCSP) Server Denial of Service Vulnerability | No | No | 7.5 |
CVE-2024-38112 | Windows MSHTML Platform Spoofing Vulnerability | Yes | No | 7.5 |
CVE-2024-30098 | Windows Cryptographic Services Security Feature Bypass Vulnerability | No | No | 7.5 |
CVE-2024-38091 | Microsoft WS-Discovery Denial of Service Vulnerability | No | No | 7.5 |
CVE-2024-38061 | DCOM Remote Cross-Session Activation Elevation of Privilege Vulnerability | No | No | 7.5 |
CVE-2024-3596 | CERT/CC: CVE-2024-3596 RADIUS Protocol Spoofing Vulnerability | No | No | 7.5 |
CVE-2024-38033 | PowerShell Elevation of Privilege Vulnerability | No | No | 7.3 |
CVE-2024-38025 | Microsoft Windows Performance Data Helper Library Remote Code Execution Vulnerability | No | No | 7.2 |
CVE-2024-38019 | Microsoft Windows Performance Data Helper Library Remote Code Execution Vulnerability | No | No | 7.2 |
CVE-2024-38028 | Microsoft Windows Performance Data Helper Library Remote Code Execution Vulnerability | No | No | 7.2 |
CVE-2024-38044 | DHCP Server Service Remote Code Execution Vulnerability | No | No | 7.2 |
CVE-2024-30081 | Windows NTLM Spoofing Vulnerability | No | No | 7.1 |
CVE-2024-38022 | Windows Image Acquisition Elevation of Privilege Vulnerability | No | No | 7 |
CVE-2024-38065 | Secure Boot Security Feature Bypass Vulnerability | No | No | 6.8 |
CVE-2024-38058 | BitLocker Security Feature Bypass Vulnerability | No | No | 6.8 |
CVE-2024-38013 | Microsoft Windows Server Backup Elevation of Privilege Vulnerability | No | No | 6.7 |
CVE-2024-38049 | Windows Distributed Transaction Coordinator Remote Code Execution Vulnerability | No | No | 6.6 |
CVE-2024-38030 | Windows Themes Spoofing Vulnerability | No | No | 6.5 |
CVE-2024-38048 | Windows Network Driver Interface Specification (NDIS) Denial of Service Vulnerability | No | No | 6.5 |
CVE-2024-38027 | Windows Line Printer Daemon Service Denial of Service Vulnerability | No | No | 6.5 |
CVE-2024-38102 | Windows Layer-2 Bridge Network Driver Denial of Service Vulnerability | No | No | 6.5 |
CVE-2024-38101 | Windows Layer-2 Bridge Network Driver Denial of Service Vulnerability | No | No | 6.5 |
CVE-2024-38105 | Windows Layer-2 Bridge Network Driver Denial of Service Vulnerability | No | No | 6.5 |
CVE-2024-38099 | Windows Remote Desktop Licensing Service Denial of Service Vulnerability | No | No | 5.9 |
CVE-2024-38055 | Microsoft Windows Codecs Library Information Disclosure Vulnerability | No | No | 5.5 |
CVE-2024-38056 | Microsoft Windows Codecs Library Information Disclosure Vulnerability | No | No | 5.5 |
CVE-2024-38017 | Microsoft Message Queuing Information Disclosure Vulnerability | No | No | 5.5 |
CVE-2024-35270 | Windows iSCSI Service Denial of Service Vulnerability | No | No | 5.3 |
CVE-2024-30071 | Windows Remote Access Connection Manager Information Disclosure Vulnerability | No | No | 4.7 |
CVE | Title | Exploited? | Publicly disclosed? | CVSSv3 base score |
---|---|---|---|---|
CVE-2024-30061 | Microsoft Dynamics 365 (On-Premises) Information Disclosure Vulnerability | No | No | 7.3 |
CVE | Title | Exploited? | Publicly disclosed? | CVSSv3 base score |
---|---|---|---|---|
CVE-2024-38021 | Microsoft Office Remote Code Execution Vulnerability | No | No | 8.8 |
CVE-2024-32987 | Microsoft SharePoint Server Information Disclosure Vulnerability | No | No | 7.5 |
CVE-2024-38023 | Microsoft SharePoint Server Remote Code Execution Vulnerability | No | No | 7.2 |
CVE-2024-38024 | Microsoft SharePoint Server Remote Code Execution Vulnerability | No | No | 7.2 |
CVE-2024-38094 | Microsoft SharePoint Remote Code Execution Vulnerability | No | No | 7.2 |
CVE-2024-38020 | Microsoft Outlook Spoofing Vulnerability | No | No | 6.5 |
CVE | Title | Exploited? | Publicly disclosed? | CVSSv3 base score |
---|---|---|---|---|
CVE-2024-38088 | SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | No | No | 8.8 |
CVE-2024-38087 | SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | No | No | 8.8 |
CVE-2024-21332 | SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | No | No | 8.8 |
CVE-2024-21333 | SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | No | No | 8.8 |
CVE-2024-21335 | SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | No | No | 8.8 |
CVE-2024-21373 | SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | No | No | 8.8 |
CVE-2024-21398 | SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | No | No | 8.8 |
CVE-2024-21414 | SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | No | No | 8.8 |
CVE-2024-21415 | SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | No | No | 8.8 |
CVE-2024-21428 | SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | No | No | 8.8 |
CVE-2024-37318 | SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | No | No | 8.8 |
CVE-2024-37332 | SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | No | No | 8.8 |
CVE-2024-37331 | SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | No | No | 8.8 |
CVE-2024-35271 | SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | No | No | 8.8 |
CVE-2024-35272 | SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | No | No | 8.8 |
CVE-2024-20701 | SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | No | No | 8.8 |
CVE-2024-21303 | SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | No | No | 8.8 |
CVE-2024-21308 | SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | No | No | 8.8 |
CVE-2024-21317 | SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | No | No | 8.8 |
CVE-2024-21331 | SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | No | No | 8.8 |
CVE-2024-21425 | SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | No | No | 8.8 |
CVE-2024-37319 | SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | No | No | 8.8 |
CVE-2024-37320 | SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | No | No | 8.8 |
CVE-2024-37321 | SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | No | No | 8.8 |
CVE-2024-37322 | SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | No | No | 8.8 |
CVE-2024-37323 | SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | No | No | 8.8 |
CVE-2024-37324 | SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | No | No | 8.8 |
CVE-2024-21449 | SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | No | No | 8.8 |
CVE-2024-37326 | SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | No | No | 8.8 |
CVE-2024-37327 | SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | No | No | 8.8 |
CVE-2024-37328 | SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | No | No | 8.8 |
CVE-2024-37329 | SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | No | No | 8.8 |
CVE-2024-37330 | SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | No | No | 8.8 |
CVE-2024-37333 | SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | No | No | 8.8 |
CVE-2024-37336 | SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | No | No | 8.8 |
CVE-2024-28928 | SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | No | No | 8.8 |
CVE-2024-35256 | SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | No | No | 8.8 |
CVE-2024-37334 | Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability | No | No | 8.8 |
CVE | Title | Exploited? | Publicly disclosed? | CVSSv3 base score |
---|---|---|---|---|
CVE-2024-38089 | Microsoft Defender for IoT Elevation of Privilege Vulnerability | No | No | 9.1 |
CVE | Title | Exploited? | Publicly disclosed? | CVSSv3 base score |
---|---|---|---|---|
CVE-2024-38076 | Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability | No | No | 9.8 |
CVE-2024-21417 | Windows Text Services Framework Elevation of Privilege Vulnerability | No | No | 8.8 |
CVE-2024-30013 | Windows MultiPoint Services Remote Code Execution Vulnerability | No | No | 8.8 |
CVE-2024-37981 | Secure Boot Security Feature Bypass Vulnerability | No | No | 8 |
CVE-2024-37977 | Secure Boot Security Feature Bypass Vulnerability | No | No | 8 |
CVE-2024-37978 | Secure Boot Security Feature Bypass Vulnerability | No | No | 8 |
CVE-2024-38062 | Windows Kernel-Mode Driver Elevation of Privilege Vulnerability | No | No | 7.8 |
CVE-2024-38080 | Windows Hyper-V Elevation of Privilege Vulnerability | Yes | No | 7.8 |
CVE-2024-38100 | Windows File Explorer Elevation of Privilege Vulnerability | No | No | 7.8 |
CVE-2024-38059 | Win32k Elevation of Privilege Vulnerability | No | No | 7.8 |
CVE-2024-38043 | PowerShell Elevation of Privilege Vulnerability | No | No | 7.8 |
CVE-2024-38047 | PowerShell Elevation of Privilege Vulnerability | No | No | 7.8 |
CVE-2024-38517 | Github: CVE-2024-38517 TenCent RapidJSON Elevation of Privilege Vulnerability | No | No | 7.8 |
CVE-2024-38078 | Xbox Wireless Adapter Remote Code Execution Vulnerability | No | No | 7.5 |
CVE-2024-38072 | Windows Remote Desktop Licensing Service Denial of Service Vulnerability | No | No | 7.5 |
CVE-2024-38032 | Microsoft Xbox Remote Code Execution Vulnerability | No | No | 7.1 |
CVE-2024-38069 | Windows Enroll Engine Security Feature Bypass Vulnerability | No | No | 7 |
CVE-2024-26184 | Secure Boot Security Feature Bypass Vulnerability | No | No | 6.8 |
CVE-2024-37985 | Arm: CVE-2024-37985 Systematic Identification and Characterization of Proprietary Prefetchers | No | Yes | 5.9 |
CVE-2024-38041 | Windows Kernel Information Disclosure Vulnerability | No | No | 5.5 |