High Threat Security Alert (A24-07-05): Multiple Vulnerabilities in Microsoft Products (July 2024)


 

Published on: 10 July 2024

  
  

Description:

Microsoft has released security updates addressing multiple vulnerabilities which affect several Microsoft products or components. The list of security updates can be found at:
https://msrc.microsoft.com/update-guide/releaseNote/2024-Jul

Reports indicated that the vulnerabilities (CVE-2024-38080 and CVE-2024-38112) in Microsoft Windows and Server are being exploited in the wild and the technical details of vulnerabilities (CVE-2024-35264 and CVE-2024-37985) in Microsoft Windows, Visual Studio and .NET were publicly disclosed. In addition, multiple remote code execution vulnerabilities (CVE-2024-38023, CVE-2024-38060, CVE-2024-38074, CVE-2024-38076 and CVE-2024-38077) are also at a high risk of exploitation. System administrators and users are advised to take immediate action to patch your affected systems to mitigate the elevated risk of cyber attacks.

 

Affected Systems:

  • Microsoft Windows 10, 11
  • Microsoft Windows Server 2008, 2008 R2, 2012, 2012 R2, 2016, 2019, 2022, 2022, 23H2 Edition
  • Microsoft Office 2016, 2019, LTSC 2021
  • Microsoft Outlook 2016
  • Microsoft SharePoint Enterprise Server 2016
  • Microsoft SharePoint Server 2019, Subscription Edition
  • Microsoft Visual Studio 2022
  • Microsoft Dynamics 365 (on-premises) version 9.1
  • Microsoft .NET Framework 2.0, 3.0, 3.5, 3.5.1, 4.6, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8, 4.8.1
  • .NET 8.0
  • Microsoft SQL Server 2016, 2017, 2019, 2022
  • Microsoft OLE DB Driver 18, 19 for SQL Server
  • Microsoft Defender for IoT
  • Microsoft 365 Apps for Enterprise
  • Azure CycleCloud
  • Azure DevOps Server 2022
  • Azure Kinect SDK
  • Azure Network Watcher VM Extension for Windows

 

Impact:

Successful exploitation of the vulnerabilities could lead to remote code execution, denial of service, elevation of privilege, information disclosure, security feature bypass or spoofing on an affected system.

 

Recommendation:

Patches for affected systems are available from the Windows Update / Microsoft Update Catalog. System administrators and users of affected systems should follow the recommendations provided by the vendor and take immediate actions to mitigate the risk.

 

More Information:

  • https://msrc.microsoft.com/update-guide/releaseNote/2024-Jul
  • https://www.hkcert.org/security-bulletin/microsoft-monthly-security-update-july-2024
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-3596
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20701
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21303
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21308
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21317
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21331 (to CVE-2024-21333)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21335
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21373
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21398
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21414 (to CVE-2024-21415)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21417
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21425
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21428
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21449
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26184
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-28899
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-28928
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-30013
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-30061
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-30071
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-30079
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-30081
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-30098
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-30105
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-32987
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35256
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35261
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35264
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35266 (to CVE-2024-35267)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35270 (to CVE-2024-35272)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37318 (to CVE-2024-37324)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37326 (to CVE-2024-37334)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37336
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37969 (to CVE-2024-37975)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37977 (to CVE-2024-37978)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37981
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37984 (to CVE-2024-37989)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38010 (to CVE-2024-38011)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38013
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38015
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38017
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38019 (to CVE-2024-38025)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38027 (to CVE-2024-38028)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38030 (to CVE-2024-38034)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38041
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38043 (to CVE-2024-38044)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38047 (to CVE-2024-38062)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38064 (to CVE-2024-38074)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38076 (to CVE-2024-38081)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38085 (to CVE-2024-38089)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38091 (to CVE-2024-38092)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38094 (to CVE-2024-38095)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38099 (to CVE-2024-38102)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38104 (to CVE-2024-38105)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38112
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38517
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39684


Tag: Microsoft , Windows , Windows Server , Microsoft Office , Outlook , SharePoint , Visual Studio , Dynamics 365 , .NET Framework , .NET , SQL Server , Microsoft Defender , Microsoft 365 Apps , Microsoft Azure
Tags