Microsoft July 2024 Patch Tuesday fixes 142 flaws, 4 zero-days

cbs26.com 07/09/2024
Microsoft July 2024 Patch Tuesday fixes 142 flaws, 4 zero-days

Right this moment time is Microsoft’s July 2024 Patch Tuesday, which incorporates safety updates for 142 flaws, including two actively exploited and two publicly disclosed zero-days.

This Patch Tuesday mounted 5 crucial vulnerabilities, with all being far away code execution flaws.

This month’s Patch Tuesday fixes two actively exploited and two other publicly disclosed zero-day vulnerabilities.

Microsoft classifies a zero-day flaw as one which is publicly disclosed or actively exploited whereas no legit fix is offered.

Microsoft has mounted an actively exploited Hyper-V elevation of privileges vulnerability that offers attackers SYSTEM privileges.

“An attacker who efficiently exploited this vulnerability could well kind SYSTEM privileges,” explains Microsoft.

While Microsoft states that the flaw is actively exploited, it has no longer shared any extra facts about the vulnerability, including who chanced on it.

“Successful exploitation of this vulnerability requires an attacker to plan conclude extra actions earlier than exploitation to prepare the target ambiance,” explains Microsoft.

“An attacker would should ship the sufferer a malicious file that the sufferer would should attain,” endured Microsoft.

Microsoft did no longer allotment any extra facts on how the vulnerability became exploited.

Microsoft mounted a publicly disclosed .NET and Visible Studio RCE.

“An attacker could well exploit this by closing an http/3 bolt whereas the inquire physique is being processed leading to a speed condition. This could well lead to far away code execution,” explains Microsoft.

Microsoft has no longer shared where it became publicly disclosed and said it became internally chanced on by Radek Zikmund of Microsoft Corporation.

CVE-2024-37985 – Arm: CVE-2024-37985 Systematic Identification and Characterization of Proprietary Prefetchers

Microsoft has mounted a beforehand disclosed “FetchBench” aspect-channel assault that could be ragged to steal “secret files.”

“An attacker who efficiently exploited this vulnerability could well glimpse heap memory from a privileged task running on the server,” explains Microsoft.

“Successful exploitation of this vulnerability requires an attacker to plan conclude extra actions earlier than exploitation to prepare the target ambiance,” endured Microsoft.

Below is your whole record of resolved vulnerabilities within the July 2024 Patch Tuesday updates.

To obtain admission to the plump description of each vulnerability and the systems it impacts, it’s essential to well glimpse theplump document right here.

Heed CVE ID CVE Title Severity
.NET and Visible Studio CVE-2024-30105 .NET Core and Visible Studio Denial of Service Vulnerability Crucial
.NET and Visible Studio CVE-2024-38081 .NET, .NET Framework, and Visible Studio Elevation of Privilege Vulnerability Crucial
.NET and Visible Studio CVE-2024-35264 .NET and Visible Studio Far off Code Execution Vulnerability Crucial
.NET and Visible Studio CVE-2024-38095 .NET and Visible Studio Denial of Service Vulnerability Crucial
Packed with life Itemizing Rights Management Companies CVE-2024-39684 Github: CVE-2024-39684 TenCent RapidJSON Elevation of Privilege Vulnerability Moderate
Packed with life Itemizing Rights Management Companies CVE-2024-38517 Github: CVE-2024-38517 TenCent RapidJSON Elevation of Privilege Vulnerability Moderate
Azure CycleCloud CVE-2024-38092 Azure CycleCloud Elevation of Privilege Vulnerability Crucial
Azure DevOps CVE-2024-35266 Azure DevOps Server Spoofing Vulnerability Crucial
Azure DevOps CVE-2024-35267 Azure DevOps Server Spoofing Vulnerability Crucial
Azure Kinect SDK CVE-2024-38086 Azure Kinect SDK Far off Code Execution Vulnerability Crucial
Azure Community Watcher CVE-2024-35261 Azure Community Watcher VM Extension Elevation of Privilege Vulnerability Crucial
Intel CVE-2024-37985 Arm: CVE-2024-37985 Systematic Identification and Characterization of Proprietary Prefetchers Crucial
Line Printer Daemon Service (LPD) CVE-2024-38027 Windows Line Printer Daemon Service Denial of Service Vulnerability Crucial
Microsoft Defender for IoT CVE-2024-38089 Microsoft Defender for IoT Elevation of Privilege Vulnerability Crucial
Microsoft Dynamics CVE-2024-30061 Microsoft Dynamics 365 (On-Premises) Recordsdata Disclosure Vulnerability Crucial
Microsoft Graphics Ingredient CVE-2024-38079 Windows Graphics Ingredient Elevation of Privilege Vulnerability Crucial
Microsoft Graphics Ingredient CVE-2024-38051 Windows Graphics Ingredient Far off Code Execution Vulnerability Crucial
Microsoft Put of job CVE-2024-38021 Microsoft Put of job Far off Code Execution Vulnerability Crucial
Microsoft Put of job Outlook CVE-2024-38020 Microsoft Outlook Spoofing Vulnerability Moderate
Microsoft Put of job SharePoint CVE-2024-38024 Microsoft SharePoint Server Far off Code Execution Vulnerability Crucial
Microsoft Put of job SharePoint CVE-2024-38023 Microsoft SharePoint Server Far off Code Execution Vulnerability Serious
Microsoft Put of job SharePoint CVE-2024-32987 Microsoft SharePoint Server Recordsdata Disclosure Vulnerability Crucial
Microsoft Put of job SharePoint CVE-2024-38094 Microsoft SharePoint Far off Code Execution Vulnerability Crucial
Microsoft Streaming Service CVE-2024-38057 Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability Crucial
Microsoft Streaming Service CVE-2024-38054 Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability Crucial
Microsoft Streaming Service CVE-2024-38052 Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability Crucial
Microsoft Windows Codecs Library CVE-2024-38055 Microsoft Windows Codecs Library Recordsdata Disclosure Vulnerability Crucial
Microsoft Windows Codecs Library CVE-2024-38056 Microsoft Windows Codecs Library Recordsdata Disclosure Vulnerability Crucial
Microsoft WS-Discovery CVE-2024-38091 Microsoft WS-Discovery Denial of Service Vulnerability Crucial
NDIS CVE-2024-38048 Windows Community Driver Interface Specification (NDIS) Denial of Service Vulnerability Crucial
NPS RADIUS Server CVE-2024-3596 CERT/CC: CVE-2024-3596 RADIUS Protocol Spoofing Vulnerability Crucial
Characteristic: Packed with life Itemizing Certificates Companies; Packed with life Itemizing Domain Companies CVE-2024-38061 DCOM Far off Sinful-Session Activation Elevation of Privilege Vulnerability Crucial
Characteristic: Windows Hyper-V CVE-2024-38080 Windows Hyper-V Elevation of Privilege Vulnerability Crucial
SQL Server CVE-2024-28928 SQL Server Native Client OLE DB Provider Far off Code Execution Vulnerability Crucial
SQL Server CVE-2024-38088 SQL Server Native Client OLE DB Provider Far off Code Execution Vulnerability Crucial
SQL Server CVE-2024-20701 SQL Server Native Client OLE DB Provider Far off Code Execution Vulnerability Crucial
SQL Server CVE-2024-21317 SQL Server Native Client OLE DB Provider Far off Code Execution Vulnerability Crucial
SQL Server CVE-2024-21331 SQL Server Native Client OLE DB Provider Far off Code Execution Vulnerability Crucial
SQL Server CVE-2024-21308 SQL Server Native Client OLE DB Provider Far off Code Execution Vulnerability Crucial
SQL Server CVE-2024-21333 SQL Server Native Client OLE DB Provider Far off Code Execution Vulnerability Crucial
SQL Server CVE-2024-35256 SQL Server Native Client OLE DB Provider Far off Code Execution Vulnerability Crucial
SQL Server CVE-2024-21303 SQL Server Native Client OLE DB Provider Far off Code Execution Vulnerability Crucial
SQL Server CVE-2024-21335 SQL Server Native Client OLE DB Provider Far off Code Execution Vulnerability Crucial
SQL Server CVE-2024-35271 SQL Server Native Client OLE DB Provider Far off Code Execution Vulnerability Crucial
SQL Server CVE-2024-35272 SQL Server Native Client OLE DB Provider Far off Code Execution Vulnerability Crucial
SQL Server CVE-2024-21332 SQL Server Native Client OLE DB Provider Far off Code Execution Vulnerability Crucial
SQL Server CVE-2024-38087 SQL Server Native Client OLE DB Provider Far off Code Execution Vulnerability Crucial
SQL Server CVE-2024-21425 SQL Server Native Client OLE DB Provider Far off Code Execution Vulnerability Crucial
SQL Server CVE-2024-21449 SQL Server Native Client OLE DB Provider Far off Code Execution Vulnerability Crucial
SQL Server CVE-2024-37324 SQL Server Native Client OLE DB Provider Far off Code Execution Vulnerability Crucial
SQL Server CVE-2024-37330 SQL Server Native Client OLE DB Provider Far off Code Execution Vulnerability Crucial
SQL Server CVE-2024-37326 SQL Server Native Client OLE DB Provider Far off Code Execution Vulnerability Crucial
SQL Server CVE-2024-37329 SQL Server Native Client OLE DB Provider Far off Code Execution Vulnerability Crucial
SQL Server CVE-2024-37328 SQL Server Native Client OLE DB Provider Far off Code Execution Vulnerability Crucial
SQL Server CVE-2024-37327 SQL Server Native Client OLE DB Provider Far off Code Execution Vulnerability Crucial
SQL Server CVE-2024-37334 Microsoft OLE DB Driver for SQL Server Far off Code Execution Vulnerability Crucial
SQL Server CVE-2024-37321 SQL Server Native Client OLE DB Provider Far off Code Execution Vulnerability Crucial
SQL Server CVE-2024-37320 SQL Server Native Client OLE DB Provider Far off Code Execution Vulnerability Crucial
SQL Server CVE-2024-37319 SQL Server Native Client OLE DB Provider Far off Code Execution Vulnerability Crucial
SQL Server CVE-2024-37322 SQL Server Native Client OLE DB Provider Far off Code Execution Vulnerability Crucial
SQL Server CVE-2024-37333 SQL Server Native Client OLE DB Provider Far off Code Execution Vulnerability Crucial
SQL Server CVE-2024-37336 SQL Server Native Client OLE DB Provider Far off Code Execution Vulnerability Crucial
SQL Server CVE-2024-37323 SQL Server Native Client OLE DB Provider Far off Code Execution Vulnerability Crucial
SQL Server CVE-2024-37331 SQL Server Native Client OLE DB Provider Far off Code Execution Vulnerability Crucial
SQL Server CVE-2024-21398 SQL Server Native Client OLE DB Provider Far off Code Execution Vulnerability Crucial
SQL Server CVE-2024-21373 SQL Server Native Client OLE DB Provider Far off Code Execution Vulnerability Crucial
SQL Server CVE-2024-37318 SQL Server Native Client OLE DB Provider Far off Code Execution Vulnerability Crucial
SQL Server CVE-2024-21428 SQL Server Native Client OLE DB Provider Far off Code Execution Vulnerability Crucial
SQL Server CVE-2024-21415 SQL Server Native Client OLE DB Provider Far off Code Execution Vulnerability Crucial
SQL Server CVE-2024-37332 SQL Server Native Client OLE DB Provider Far off Code Execution Vulnerability Crucial
SQL Server CVE-2024-21414 SQL Server Native Client OLE DB Provider Far off Code Execution Vulnerability Crucial
Windows BitLocker CVE-2024-38058 BitLocker Safety Characteristic Bypass Vulnerability Crucial
Windows COM Session CVE-2024-38100 Windows File Explorer Elevation of Privilege Vulnerability Crucial
Windows CoreMessaging CVE-2024-21417 Windows Textual vow Companies Framework Elevation of Privilege Vulnerability Crucial
Windows Cryptographic Companies CVE-2024-30098 Windows Cryptographic Companies Safety Characteristic Bypass Vulnerability Crucial
Windows DHCP Server CVE-2024-38044 DHCP Server Service Far off Code Execution Vulnerability Crucial
Windows Dispensed Transaction Coordinator CVE-2024-38049 Windows Dispensed Transaction Coordinator Far off Code Execution Vulnerability Crucial
Windows Sign up Engine CVE-2024-38069 Windows Sign up Engine Safety Characteristic Bypass Vulnerability Crucial
Windows Fax and Scan Service CVE-2024-38104 Windows Fax Service Far off Code Execution Vulnerability Crucial
Windows Filtering CVE-2024-38034 Windows Filtering Platform Elevation of Privilege Vulnerability Crucial
Windows Image Acquisition CVE-2024-38022 Windows Image Acquisition Elevation of Privilege Vulnerability Crucial
Windows Imaging Ingredient CVE-2024-38060 Windows Imaging Ingredient Far off Code Execution Vulnerability Serious
Windows Web Connection Sharing (ICS) CVE-2024-38105 Windows Layer-2 Bridge Community Driver Denial of Service Vulnerability Crucial
Windows Web Connection Sharing (ICS) CVE-2024-38053 Windows Layer-2 Bridge Community Driver Far off Code Execution Vulnerability Crucial
Windows Web Connection Sharing (ICS) CVE-2024-38102 Windows Layer-2 Bridge Community Driver Denial of Service Vulnerability Crucial
Windows Web Connection Sharing (ICS) CVE-2024-38101 Windows Layer-2 Bridge Community Driver Denial of Service Vulnerability Crucial
Windows iSCSI CVE-2024-35270 Windows iSCSI Service Denial of Service Vulnerability Crucial
Windows Kernel CVE-2024-38041 Windows Kernel Recordsdata Disclosure Vulnerability Crucial
Windows Kernel-Mode Drivers CVE-2024-38062 Windows Kernel-Mode Driver Elevation of Privilege Vulnerability Crucial
Windows LockDown Policy (WLDP) CVE-2024-38070 Windows LockDown Policy (WLDP) Safety Characteristic Bypass Vulnerability Crucial
Windows Message Queuing CVE-2024-38017 Microsoft Message Queuing Recordsdata Disclosure Vulnerability Crucial
Windows MSHTML Platform CVE-2024-38112 Windows MSHTML Platform Spoofing Vulnerability Crucial
Windows MultiPoint Companies CVE-2024-30013 Windows MultiPoint Companies Far off Code Execution Vulnerability Crucial
Windows NTLM CVE-2024-30081 Windows NTLM Spoofing Vulnerability Crucial
Windows On-line Certificates Space Protocol (OCSP) CVE-2024-38068 Windows On-line Certificates Space Protocol (OCSP) Server Denial of Service Vulnerability Crucial
Windows On-line Certificates Space Protocol (OCSP) CVE-2024-38067 Windows On-line Certificates Space Protocol (OCSP) Server Denial of Service Vulnerability Crucial
Windows On-line Certificates Space Protocol (OCSP) CVE-2024-38031 Windows On-line Certificates Space Protocol (OCSP) Server Denial of Service Vulnerability Crucial
Windows Performance Note CVE-2024-38028 Microsoft Windows Performance Records Helper Library Far off Code Execution Vulnerability Crucial
Windows Performance Note CVE-2024-38019 Microsoft Windows Performance Records Helper Library Far off Code Execution Vulnerability Crucial
Windows Performance Note CVE-2024-38025 Microsoft Windows Performance Records Helper Library Far off Code Execution Vulnerability Crucial
Windows PowerShell CVE-2024-38043 PowerShell Elevation of Privilege Vulnerability Crucial
Windows PowerShell CVE-2024-38047 PowerShell Elevation of Privilege Vulnerability Crucial
Windows PowerShell CVE-2024-38033 PowerShell Elevation of Privilege Vulnerability Crucial
Windows Far off Secure entry to Connection Supervisor CVE-2024-30071 Windows Far off Secure entry to Connection Supervisor Recordsdata Disclosure Vulnerability Crucial
Windows Far off Secure entry to Connection Supervisor CVE-2024-30079 Windows Far off Secure entry to Connection Supervisor Elevation of Privilege Vulnerability Crucial
Windows Far off Desktop CVE-2024-38076 Windows Far off Desktop Licensing Service Far off Code Execution Vulnerability Serious
Windows Far off Desktop CVE-2024-38015 Windows Far off Desktop Gateway (RD Gateway) Denial of Service Vulnerability Crucial
Windows Far off Desktop Licensing Service CVE-2024-38071 Windows Far off Desktop Licensing Service Denial of Service Vulnerability Crucial
Windows Far off Desktop Licensing Service CVE-2024-38073 Windows Far off Desktop Licensing Service Denial of Service Vulnerability Crucial
Windows Far off Desktop Licensing Service CVE-2024-38074 Windows Far off Desktop Licensing Service Far off Code Execution Vulnerability Serious
Windows Far off Desktop Licensing Service CVE-2024-38072 Windows Far off Desktop Licensing Service Denial of Service Vulnerability Crucial
Windows Far off Desktop Licensing Service CVE-2024-38077 Windows Far off Desktop Licensing Service Far off Code Execution Vulnerability Serious
Windows Far off Desktop Licensing Service CVE-2024-38099 Windows Far off Desktop Licensing Service Denial of Service Vulnerability Crucial
Windows Stable Boot CVE-2024-38065 Stable Boot Safety Characteristic Bypass Vulnerability Crucial
Windows Stable Boot CVE-2024-37986 Stable Boot Safety Characteristic Bypass Vulnerability Crucial
Windows Stable Boot CVE-2024-37981 Stable Boot Safety Characteristic Bypass Vulnerability Crucial
Windows Stable Boot CVE-2024-37987 Stable Boot Safety Characteristic Bypass Vulnerability Crucial
Windows Stable Boot CVE-2024-28899 Stable Boot Safety Characteristic Bypass Vulnerability Crucial
Windows Stable Boot CVE-2024-26184 Stable Boot Safety Characteristic Bypass Vulnerability Crucial
Windows Stable Boot CVE-2024-38011 Stable Boot Safety Characteristic Bypass Vulnerability Crucial
Windows Stable Boot CVE-2024-37984 Stable Boot Safety Characteristic Bypass Vulnerability Crucial
Windows Stable Boot CVE-2024-37988 Stable Boot Safety Characteristic Bypass Vulnerability Crucial
Windows Stable Boot CVE-2024-37977 Stable Boot Safety Characteristic Bypass Vulnerability Crucial
Windows Stable Boot CVE-2024-37978 Stable Boot Safety Characteristic Bypass Vulnerability Crucial
Windows Stable Boot CVE-2024-37974 Stable Boot Safety Characteristic Bypass Vulnerability Crucial
Windows Stable Boot CVE-2024-38010 Stable Boot Safety Characteristic Bypass Vulnerability Crucial
Windows Stable Boot CVE-2024-37989 Stable Boot Safety Characteristic Bypass Vulnerability Crucial
Windows Stable Boot CVE-2024-37970 Stable Boot Safety Characteristic Bypass Vulnerability Crucial
Windows Stable Boot CVE-2024-37975 Stable Boot Safety Characteristic Bypass Vulnerability Crucial
Windows Stable Boot CVE-2024-37972 Stable Boot Safety Characteristic Bypass Vulnerability Crucial
Windows Stable Boot CVE-2024-37973 Stable Boot Safety Characteristic Bypass Vulnerability Crucial
Windows Stable Boot CVE-2024-37971 Stable Boot Safety Characteristic Bypass Vulnerability Crucial
Windows Stable Boot CVE-2024-37969 Stable Boot Safety Characteristic Bypass Vulnerability Crucial
Windows Server Backup CVE-2024-38013 Microsoft Windows Server Backup Elevation of Privilege Vulnerability Crucial
Windows TCP/IP CVE-2024-38064 Windows TCP/IP Recordsdata Disclosure Vulnerability Crucial
Windows Topics CVE-2024-38030 Windows Topics Spoofing Vulnerability Crucial
Windows Win32 Kernel Subsystem CVE-2024-38085 Windows Graphics Ingredient Elevation of Privilege Vulnerability Crucial
Windows Win32K – GRFX CVE-2024-38066 Windows Win32k Elevation of Privilege Vulnerability Crucial
Windows Win32K – ICOM P CVE-2024-38059 Win32k Elevation of Privilege Vulnerability Crucial
Windows Workstation Service CVE-2024-38050 Windows Workstation Service Elevation of Privilege Vulnerability Crucial
XBox Crypto Graphic Companies CVE-2024-38032 Microsoft Xbox Far off Code Execution Vulnerability Crucial
XBox Crypto Graphic Companies CVE-2024-38078 Xbox Wireless Adapter Far off Code Execution Vulnerability Crucial

Read More

Check this out

Microsoft Enviornment of job is loyal $23 this July

Microsoft Enviornment of job is loyal $23 this July

cbs26.com 07/07/2024
Microsoft is bringing passkeys to all customers

Microsoft is bringing passkeys to all customers

cbs26.com 05/15/2024
LoL Patch 14.10 – Necessary ingredients, Open Date, and more

LoL Patch 14.10 – Necessary ingredients, Open Date, and more

cbs26.com 05/01/2024

Leave a Reply

Your email address will not be published. Required fields are marked *

Today’s News Brief

Elizabeth Gutfahr, former Santa Cruz County Treasurer pleads guilty to embezzling nearly $40 million

cbs26.com 11/21/2024
4 critically hurt, including child, after fiery crash in west Phoenix

4 critically hurt, including child, after fiery crash in west Phoenix

cbs26.com 11/21/2024
Man convicted in road rage shooting that killed Phoenix girl; he’s on the run

Man convicted in road rage shooting that killed Phoenix girl; he’s on the run

cbs26.com 11/21/2024

Sober living scheme: Dept. of Justice investigating ongoing Medicaid fraud impacting Native Americans

cbs26.com 11/21/2024

Body found in Glendale IDed; new nominee for Attorney General

cbs26.com 11/21/2024