Microsoft July 2024 Patch Tuesday fixes 142 flaws, 4 zero-days
As of late is Microsoft’s July 2024 Patch Tuesday, which includes security updates for 142 flaws, including two actively exploited and two publicly disclosed zero-days.
This Patch Tuesday mounted five principal vulnerabilities, with all being a ways flung code execution flaws.
This month’s Patch Tuesday fixes two actively exploited and two other publicly disclosed zero-day vulnerabilities.
Microsoft classifies a zero-day flaw as one which is publicly disclosed or actively exploited while no official repair is supplied.
Microsoft has mounted an actively exploited Hyper-V elevation of privileges vulnerability that affords attackers SYSTEM privileges.
“An attacker who efficiently exploited this vulnerability would possibly well salvage SYSTEM privileges,” explains Microsoft.
While Microsoft states that the flaw is actively exploited, it has no longer shared any longer principal parts about the vulnerability, including who chanced on it.
“Worthwhile exploitation of this vulnerability requires an attacker to rob extra actions before exploitation to put collectively the aim ambiance,” explains Microsoft.
“An attacker would get dangle of to send the victim a malicious file that the victim would get dangle of to assemble,” endured Microsoft.
Microsoft didn’t part any longer principal parts on how the vulnerability became once exploited.
Microsoft mounted a publicly disclosed .NET and Visual Studio RCE.
“An attacker would possibly well exploit this by closing an http/3 stream while the request physique is being processed ensuing in a lunge condition. This would possibly well outcome in a ways flung code execution,” explains Microsoft.
Microsoft has no longer shared the set aside it became once publicly disclosed and mentioned it became once internally chanced on by Radek Zikmund of Microsoft Corporation.
CVE-2024-37985 – Arm: CVE-2024-37985 Systematic Identification and Characterization of Proprietary Prefetchers
Microsoft has mounted a beforehand disclosed “FetchBench” side-channel assault that can even be frail to understand “secret data.”
“An attacker who efficiently exploited this vulnerability would possibly well stare heap memory from a privileged direction of working on the server,” explains Microsoft.
“Worthwhile exploitation of this vulnerability requires an attacker to rob extra actions before exploitation to put collectively the aim ambiance,” endured Microsoft.
Below is the complete checklist of resolved vulnerabilities within the July 2024 Patch Tuesday updates.
To access the paunchy description of every vulnerability and the programs it impacts, that you just would possibly well presumably also stare thepaunchy document right here.
| Label | CVE ID | CVE Title | Severity |
|---|---|---|---|
| .NET and Visual Studio | CVE-2024-30105 | .NET Core and Visual Studio Denial of Carrier Vulnerability | Important |
| .NET and Visual Studio | CVE-2024-38081 | .NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability | Important |
| .NET and Visual Studio | CVE-2024-35264 | .NET and Visual Studio Far flung Code Execution Vulnerability | Important |
| .NET and Visual Studio | CVE-2024-38095 | .NET and Visual Studio Denial of Carrier Vulnerability | Important |
| Active Directory Rights Management Products and services | CVE-2024-39684 | Github: CVE-2024-39684 TenCent RapidJSON Elevation of Privilege Vulnerability | Average |
| Active Directory Rights Management Products and services | CVE-2024-38517 | Github: CVE-2024-38517 TenCent RapidJSON Elevation of Privilege Vulnerability | Average |
| Azure CycleCloud | CVE-2024-38092 | Azure CycleCloud Elevation of Privilege Vulnerability | Important |
| Azure DevOps | CVE-2024-35266 | Azure DevOps Server Spoofing Vulnerability | Important |
| Azure DevOps | CVE-2024-35267 | Azure DevOps Server Spoofing Vulnerability | Important |
| Azure Kinect SDK | CVE-2024-38086 | Azure Kinect SDK Far flung Code Execution Vulnerability | Important |
| Azure Network Watcher | CVE-2024-35261 | Azure Network Watcher VM Extension Elevation of Privilege Vulnerability | Important |
| Intel | CVE-2024-37985 | Arm: CVE-2024-37985 Systematic Identification and Characterization of Proprietary Prefetchers | Important |
| Line Printer Daemon Carrier (LPD) | CVE-2024-38027 | Dwelling windows Line Printer Daemon Carrier Denial of Carrier Vulnerability | Important |
| Microsoft Defender for IoT | CVE-2024-38089 | Microsoft Defender for IoT Elevation of Privilege Vulnerability | Important |
| Microsoft Dynamics | CVE-2024-30061 | Microsoft Dynamics 365 (On-Premises) Details Disclosure Vulnerability | Important |
| Microsoft Graphics Factor | CVE-2024-38079 | Dwelling windows Graphics Factor Elevation of Privilege Vulnerability | Important |
| Microsoft Graphics Factor | CVE-2024-38051 | Dwelling windows Graphics Factor Far flung Code Execution Vulnerability | Important |
| Microsoft Place of job | CVE-2024-38021 | Microsoft Place of job Far flung Code Execution Vulnerability | Important |
| Microsoft Place of job Outlook | CVE-2024-38020 | Microsoft Outlook Spoofing Vulnerability | Average |
| Microsoft Place of job SharePoint | CVE-2024-38024 | Microsoft SharePoint Server Far flung Code Execution Vulnerability | Important |
| Microsoft Place of job SharePoint | CVE-2024-38023 | Microsoft SharePoint Server Far flung Code Execution Vulnerability | Important |
| Microsoft Place of job SharePoint | CVE-2024-32987 | Microsoft SharePoint Server Details Disclosure Vulnerability | Important |
| Microsoft Place of job SharePoint | CVE-2024-38094 | Microsoft SharePoint Far flung Code Execution Vulnerability | Important |
| Microsoft Streaming Carrier | CVE-2024-38057 | Kernel Streaming WOW Thunk Carrier Driver Elevation of Privilege Vulnerability | Important |
| Microsoft Streaming Carrier | CVE-2024-38054 | Kernel Streaming WOW Thunk Carrier Driver Elevation of Privilege Vulnerability | Important |
| Microsoft Streaming Carrier | CVE-2024-38052 | Kernel Streaming WOW Thunk Carrier Driver Elevation of Privilege Vulnerability | Important |
| Microsoft Dwelling windows Codecs Library | CVE-2024-38055 | Microsoft Dwelling windows Codecs Library Details Disclosure Vulnerability | Important |
| Microsoft Dwelling windows Codecs Library | CVE-2024-38056 | Microsoft Dwelling windows Codecs Library Details Disclosure Vulnerability | Important |
| Microsoft WS-Discovery | CVE-2024-38091 | Microsoft WS-Discovery Denial of Carrier Vulnerability | Important |
| NDIS | CVE-2024-38048 | Dwelling windows Network Driver Interface Specification (NDIS) Denial of Carrier Vulnerability | Important |
| NPS RADIUS Server | CVE-2024-3596 | CERT/CC: CVE-2024-3596 RADIUS Protocol Spoofing Vulnerability | Important |
| Role: Active Directory Certificate Products and services; Active Directory Area Products and services | CVE-2024-38061 | DCOM Far flung Faulty-Session Activation Elevation of Privilege Vulnerability | Important |
| Role: Dwelling windows Hyper-V | CVE-2024-38080 | Dwelling windows Hyper-V Elevation of Privilege Vulnerability | Important |
| SQL Server | CVE-2024-28928 | SQL Server Native Consumer OLE DB Provider Far flung Code Execution Vulnerability | Important |
| SQL Server | CVE-2024-38088 | SQL Server Native Consumer OLE DB Provider Far flung Code Execution Vulnerability | Important |
| SQL Server | CVE-2024-20701 | SQL Server Native Consumer OLE DB Provider Far flung Code Execution Vulnerability | Important |
| SQL Server | CVE-2024-21317 | SQL Server Native Consumer OLE DB Provider Far flung Code Execution Vulnerability | Important |
| SQL Server | CVE-2024-21331 | SQL Server Native Consumer OLE DB Provider Far flung Code Execution Vulnerability | Important |
| SQL Server | CVE-2024-21308 | SQL Server Native Consumer OLE DB Provider Far flung Code Execution Vulnerability | Important |
| SQL Server | CVE-2024-21333 | SQL Server Native Consumer OLE DB Provider Far flung Code Execution Vulnerability | Important |
| SQL Server | CVE-2024-35256 | SQL Server Native Consumer OLE DB Provider Far flung Code Execution Vulnerability | Important |
| SQL Server | CVE-2024-21303 | SQL Server Native Consumer OLE DB Provider Far flung Code Execution Vulnerability | Important |
| SQL Server | CVE-2024-21335 | SQL Server Native Consumer OLE DB Provider Far flung Code Execution Vulnerability | Important |
| SQL Server | CVE-2024-35271 | SQL Server Native Consumer OLE DB Provider Far flung Code Execution Vulnerability | Important |
| SQL Server | CVE-2024-35272 | SQL Server Native Consumer OLE DB Provider Far flung Code Execution Vulnerability | Important |
| SQL Server | CVE-2024-21332 | SQL Server Native Consumer OLE DB Provider Far flung Code Execution Vulnerability | Important |
| SQL Server | CVE-2024-38087 | SQL Server Native Consumer OLE DB Provider Far flung Code Execution Vulnerability | Important |
| SQL Server | CVE-2024-21425 | SQL Server Native Consumer OLE DB Provider Far flung Code Execution Vulnerability | Important |
| SQL Server | CVE-2024-21449 | SQL Server Native Consumer OLE DB Provider Far flung Code Execution Vulnerability | Important |
| SQL Server | CVE-2024-37324 | SQL Server Native Consumer OLE DB Provider Far flung Code Execution Vulnerability | Important |
| SQL Server | CVE-2024-37330 | SQL Server Native Consumer OLE DB Provider Far flung Code Execution Vulnerability | Important |
| SQL Server | CVE-2024-37326 | SQL Server Native Consumer OLE DB Provider Far flung Code Execution Vulnerability | Important |
| SQL Server | CVE-2024-37329 | SQL Server Native Consumer OLE DB Provider Far flung Code Execution Vulnerability | Important |
| SQL Server | CVE-2024-37328 | SQL Server Native Consumer OLE DB Provider Far flung Code Execution Vulnerability | Important |
| SQL Server | CVE-2024-37327 | SQL Server Native Consumer OLE DB Provider Far flung Code Execution Vulnerability | Important |
| SQL Server | CVE-2024-37334 | Microsoft OLE DB Driver for SQL Server Far flung Code Execution Vulnerability | Important |
| SQL Server | CVE-2024-37321 | SQL Server Native Consumer OLE DB Provider Far flung Code Execution Vulnerability | Important |
| SQL Server | CVE-2024-37320 | SQL Server Native Consumer OLE D B Provider Far flung Code Execution Vulnerability | Important |
| SQL Server | CVE-2024-37319 | SQL Server Native Consumer OLE DB Provider Far flung Code Execution Vulnerability | Important |
| SQL Server | CVE-2024-37322 | SQL Server Native Consumer OLE DB Provider Far flung Code Execution Vulnerability | Important |
| SQL Server | CVE-2024-37333 | SQL Server Native Consumer OLE DB Provider Far flung Code Execution Vulnerability | Important |
| SQL Server | CVE-2024-37336 | SQL Server Native Consumer OLE DB Provider Far flung Code Execution Vulnerability | Important |
| SQL Server | CVE-2024-37323 | SQL Server Native Consumer OLE DB Provider Far flung Code Execution Vulnerability | Important |
| SQL Server | CVE-2024-37331 | SQL Server Native Consumer OLE DB Provider Far flung Code Execution Vulnerability | Important |
| SQL Server | CVE-2024-21398 | SQL Server Native Consumer OLE DB Provider Far flung Code Execution Vulnerability | Important |
| SQL Server | CVE-2024-21373 | SQL Server Native Consumer OLE DB Provider Far flung Code Execution Vulnerability | Important |
| SQL Server | CVE-2024-37318 | SQL Server Native Consumer OLE DB Provider Far flung Code Execution Vulnerability | Important |
| SQL Server | CVE-2024-21428 | SQL Server Native Consumer OLE DB Provider Far flung Code Execution Vulnerability | Important |
| SQL Server | CVE-2024-21415 | SQL Server Native Consumer OLE DB Provider Far flung Code Execution Vulnerability | Important |
| SQL Server | CVE-2024-37332 | SQL Server Native Consumer OLE DB Provider Far flung Code Execution Vulnerability | Important |
| SQL Server | CVE-2024-21414 | SQL Server Native Consumer OLE DB Provider Far flung Code Execution Vulnerability | Important |
| Dwelling windows BitLocker | CVE-2024-38058 | BitLocker Security Aim Bypass Vulnerability | Important |
| Dwelling windows COM Session | CVE-2024-38100 | Dwelling windows File Explorer Elevation of Privilege Vulnerability | Important |
| Dwelling windows CoreMessaging | CVE-2024-21417 | Dwelling windows Text Products and services Framework Elevation of Privilege Vulnerability | Important |
| Dwelling windows Cryptographic Products and services | CVE-2024-30098 | Dwelling windows Cryptographic Products and services Security Aim Bypass Vulnerability | Important |
| Dwelling windows DHCP Server | CVE-2024-38044 | DHCP Server Carrier Far flung Code Execution Vulnerability | Important |
| Dwelling windows Dispensed Transaction Coordinator | CVE-2024-38049 | Dwelling windows Dispensed Transaction Coordinator Far flung Code Execution Vulnerability | Important |
| Dwelling windows Be half of Engine | CVE-2024-38069 | Dwelling windows Be half of Engine Security Aim Bypass Vulnerability | Important |
| Dwelling windows Fax and Scan Carrier | CVE-2024-38104 | Dwelling windows Fax Carrier Far flung Code Execution Vulnerability | Important |
| Dwelling windows Filtering | CVE-2024-38034 | Dwelling windows Filtering Platform Elevation of Privilege Vulnerability | Important |
| Dwelling windows Image Acquisition | CVE-2024-38022 | Dwelling windows Image Acquisition Elevation of Privilege Vulnerability | Important |
| Dwelling windows Imaging Factor | CVE-2024-38060 | Dwelling windows Imaging Factor Far flung Code Execution Vulnerability | Important |
| Dwelling windows Cyber web Connection Sharing (ICS) | CVE-2024-38105 | Dwelling windows Layer-2 Bridge Network Driver Denial of Carrier Vulnerability | Important |
| Dwelling windows Cyber web Connection Sharing (ICS) | CVE-2024-38053 | Dwelling windows Layer-2 Bridge Network Driver Far flung Code Execution Vulnerability | Important |
| Dwelling windows Cyber web Connection Sharing (ICS) | CVE-2024-38102 | Dwelling windows Layer-2 Bridge Network Driver Denial of Carrier Vulnerability | Important |
| Dwelling windows Cyber web Connection Sharing (ICS) | CVE-2024-38101 | Dwelling windows Layer-2 Bridge Network Driver Denial of Carrier Vulnerability | Important |
| Dwelling windows iSCSI | CVE-2024-35270 | Dwelling windows iSCSI Carrier Denial of Carrier Vulnerability | Important |
| Dwelling windows Kernel | CVE-2024-38041 | Dwelling windows Kernel Details Disclosure Vulnerability | Important |
| Dwelling windows Kernel-Mode Drivers | CVE-2024-38062 | Dwelling windows Kernel-Mode Driver Elevation of Privilege Vulnerability | Important |
| Dwelling windows LockDown Coverage (WLDP) | CVE-2024-38070 | Dwelling windows LockDown Coverage (WLDP) Security Aim Bypass Vulnerability | Important |
| Dwelling windows Message Queuing | CVE-2024-38017 | Microsoft Message Queuing Details Disclosure Vulnerability | Important |
| Dwelling windows MSHTML Platform | CVE-2024-38112 | Dwelling windows MSHTML Platform Spoofing Vulnerability | Important |
| Dwelling windows MultiPoint Products and services | CVE-2024-30013 | Dwelling windows MultiPoint Products and services Far flung Code Execution Vulnerability | Important |
| Dwelling windows NTLM | CVE-2024-30081 | Dwelling windows NTLM Spoofing Vulnerability | Important |
| Dwelling windows On-line Certificate Residing Protocol (OCSP) | CVE-2024-38068 | Dwelling windows On-line Certificate Residing Protocol (OCSP) Server Denial of Carrier Vulnerability | Important |
| Dwelling windows On-line Certificate Residing Protocol (OCSP) | CVE-2024-38067 | Dwelling windows On-line Certificate Residing Protocol (OCSP) Server Denial of Carrier Vulnerability | Important |
| Dwelling windows On-line Certificate Residing Protocol (OCSP) | CVE-2024-38031 | Dwelling windows On-line Certificate Residing Protocol (OCSP) Server Denial of Carrier Vulnerability | Important |
| Dwelling windows Efficiency Video show | CVE-2024-38028 | Microsoft Dwelling windows Efficiency Details Helper Library Far flung Code Execution Vulnerability | Important |
| Dwelling windows Efficiency Video show | CVE-2024-38019 | Microsoft Dwelling windows Efficiency Details Helper Library Far flung Code Execution Vulnerability | Important |
| Dwelling windows Efficiency Video show | CVE-2024-38025 | Microsoft Dwelling windows Efficiency Details Helper Library Far flung Code Execution Vulnerability | Important |
| Dwelling windows PowerShell | CVE-2024-38043 | PowerShell Elevation of Privilege Vulnerability | Important |
| Dwelling windows PowerShell | CVE-2024-38047 | PowerShell Elevation of Privilege Vulnerability | Important |
| Dwelling windows PowerShell | CVE-2024-38033 | PowerShell Elevation of Privilege Vulnerability | Important |
| Dwelling windows Far flung In finding admission to Connection Manager | CVE-2024-30071 | Dwelling windows Far flung In finding admission to Connection Manager Details Disclosure Vulnerability | Important |
| Dwelling windows Far flung In finding admission to Connection Manager | CVE-2024-30079 | Dwelling windows Far flung In finding admission to Connection Manager Elevation of Privilege Vulnerability | Important |
| Dwelling windows Far flung Desktop | CVE-2024-38076 | Dwelling windows Far flung Desktop Licensing Carrier Far flung Code Execution Vulnerability | Important |
| Dwelling windows Far flung Desktop | CVE-2024-38015 | Dwelling windows Far flung Desktop Gateway (RD Gateway) Denial of Carrier Vulnerability | Important |
| Dwelling windows Far flung Desktop Licensing Carrier | CVE-2024-38071 | Dwelling windows Far flung Desktop Licensing Carrier Denial of Carrier Vulnerability | Important |
| Dwelling windows Far flung Desktop Licensing Carrier | CVE-2024-38073 | Dwelling windows Far flung Desktop Licensing Carrier Denial of Carrier Vulnerability | Important |
| Dwelling windows Far flung Desktop Licensing Carrier | CVE-2024-38074 | Dwelling windows Far flung Desktop Licensing Carrier Far flung Code Execution Vulnerability | Important |
| Dwelling windows Far flung Desktop Licensing Carrier | CVE-2024-38072 | Dwelling windows Far flung Desktop Licensing Carrier Denial of Carrier Vulnerability | Important |
| Dwelling windows Far flung Desktop Licensing Carrier | CVE-2024-38077 | Dwelling windows Far flung Desktop Licensing Carrier Far flung Code Execution Vulnerability | Important |
| Dwelling windows Far flung Desktop Licensing Carrier | CVE-2024-38099 | Dwelling windows Far flung Desktop Licensing Carrier Denial of Carrier Vulnerability | Important |
| Dwelling windows Obtain Boot | CVE-2024-38065 | Obtain Boot Security Aim Bypass Vulnerability | Important |
| Dwelling windows Obtain Boot | CVE-2024-37986 | Obtain Boot Security Aim Bypass Vulnerability | Important |
| Dwelling windows Obtain Boot | CVE-2024-37981 | Obtain Boot Security Aim Bypass Vulnerability | Important |
| Dwelling windows Obtain Boot | CVE-2024-37987 | Obtain Boot Security Aim Bypass Vulnerability | Important |
| Dwelling windows Obtain Boot | CVE-2024-28899 | Obtain Boot Security Aim Bypass Vulnerability | Important |
| Dwelling windows Obtain Boot | CVE-2024-26184 | Obtain Boot Security Aim Bypass Vulnerability | Important |
| Dwelling windows Obtain Boot | CVE-2024-38011 | Obtain Boot Security Aim Bypass Vulnerability | Important |
| Dwelling windows Obtain Boot | CVE-2024-37984 | Obtain Boot Security Aim Bypass Vulnerability | Important |
| Dwelling windows Obtain Boot | CVE-2024-37988 | Obtain Boot Security Aim Bypass Vulnerability | Important |
| Dwelling windows Obtain Boot | CVE-2024-37977 | Obtain Boot Security Aim Bypass Vulnerability | Important |
| Dwelling windows Obtain Boot | CVE-2024-37978 | Obtain Boot Security Aim Bypass Vulnerability | Important |
| Dwelling windows Obtain Boot | CVE-2024-37974 | Obtain Boot Security Aim Bypass Vulnerability | Important |
| Dwelling windows Obtain Boot | CVE-2024-38010 | Obtain Boot Security Aim Bypass Vulnerability | Important |
| Dwelling windows Obtain Boot | CVE-2024-37989 | Obtain Boot Security Aim Bypass Vulnerability | Important |
| Dwelling windows Obtain Boot | CVE-2024-37970 | Obtain Boot Security Aim Bypass Vulnerability | Important |
| Dwelling windows Obtain Boot | CVE-2024-37975 | Obtain Boot Security Aim Bypass Vulnerability | Important |
| Dwelling windows Obtain Boot | CVE-2024-37972 | Obtain Boot Security Aim Bypass Vulnerability | Important |
| Dwelling windows Obtain Boot | CVE-2024-37973 | Obtain Boot Security Aim Bypass Vulnerability | Important |
| Dwelling windows Obtain Boot | CVE-2024-37971 | Obtain Boot Security Aim Bypass Vulnerability | Important |
| Dwelling windows Obtain Boot | CVE-2024-37969 | Obtain Boot Security Aim Bypass Vulnerability | Important |
| Dwelling windows Server Backup | CVE-2024-38013 | Microsoft Dwelling windows Server Backup Elevation of Privilege Vulnerability | Important |
| Dwelling windows TCP/IP | CVE-2024-38064 | Dwelling windows TCP/IP Details Disclosure Vulnerability | Important |
| Dwelling windows Topics | CVE-2024-38030 | Dwelling windows Topics Spoofing Vulnerability | Important |
| Dwelling windows Win32 Kernel Subsystem | CVE-2024-38085 | Dwelling windows Graphics Factor Elevation of Privilege Vulnerability | Important |
| Dwelling windows Win32K – GRFX | CVE-2024-38066 | Dwelling windows Win32k Elevation of Privilege Vulnerability | Important |
| Dwelling windows Win32K – ICOMP | CVE-2024-38059 | Win32k Elevation of Privilege Vulnerability | Important |
| Dwelling windows Workstation Carrier | CVE-2024-38050 | Dwelling windows Workstation Carrier Elevation of Privilege Vulnerability | Important |
| XBox Crypto Graphic Products and services | CVE-2024-38032 | Microsoft Xbox Far flung Code Execution Vulnerability | Important |
| XBox Crypto Graphic Products and services | CVE-2024-38078 | Xbox Wireless Adapter Far flung Code Execution Vulnerability | Important |
