July 2024 – Microsoft Patch Tuesday Highlights
Background
Microsoft has released the July 2024 Patch Tuesday updates to improve and reinforce its products’ security against a variety of security risks. Three of the 139 CVEs addressed in the most recent release are zero-day vulnerabilities, and five are critical.
Updates for vulnerabilities in Windows Kernel, Windows DHCP Server, Windows TCP/IP, Windows Internet Connection Sharing (ICS), Microsoft Office and Components,.NET and Visual Studio, Microsoft Streaming Service, Windows Hyper-V, Microsoft Windows Codecs Library, and more are included in the July edition of Microsoft Patch Tuesday.
Spoofing, Denial of Service (DoS), Elevation of Privilege (EoP), Information Disclosure, Security Feature Bypass, and Remote Code Execution (RCE) are among the vulnerabilities that Microsoft has addressed in a number of software products.
The July 2024 Microsoft vulnerabilities are classified as follows:
| Vulnerability Category | Quantity | Severities |
| Spoofing Vulnerability | 7 | Important: 7 |
| Denial of Service Vulnerability | 17 | Important: 17 |
| Elevation of Privilege Vulnerability | 26 | Important: 26 |
| Information Disclosure Vulnerability | 9 | Important: 9 |
| Remote Code Execution Vulnerability | 59 | Critical: 5
Important: 54 |
| Security Feature Bypass Vulnerability | 24 | Important: 24 |
Zero-day Vulnerabilities:
CVE-2024-38112: Windows MSHTML Platform Spoofing Vulnerability:
One browser engine that is often used in conjunction with Internet Explorer is Windows MSHTML. Despite the fact that Microsoft is continually patching MSHTML vulnerabilities, the Internet Explorer (IE) 11 desktop program is no longer supported.
The target must be sent a malicious file by the attacker, who must also persuade them to run it.
CVE-2024-35264: .NET and Visual Studio Remote Code Execution Vulnerability:
To take advantage of the vulnerability, an attacker needs to satisfy a race condition. By terminating a http/3 stream while the requested content is being processed, an attacker may take advantage of this vulnerability and create a race condition. If the vulnerability is successfully exploited, the attacker might be able to execute code remotely on the target system.
CVE-2024-37985 – Arm: CVE-2024-37985 Systematic Identification and Characterization of Proprietary Prefetchers:
To properly set up the target environment for vulnerability exploitation, an attacker needs to do extra steps before exploitation. An attacker may be able to examine heap memory from a privileged server process after successful exploitation.
CVE-2024-38080: Windows Hyper-V Elevation of Privilege Vulnerability:
Virtualization is a tool used by software developers and IT specialists to test applications across many operating systems. Working professionals may complete these duties with ease thanks to Hyper-V. Virtual switches, virtual hard drives, and a variety of other virtual devices can all be created using Hyper-V and attached to virtual machines.
If the vulnerability is successfully exploited, an attacker might be able to obtain SYSTEM rights.
Critical vulnerabilities:
CVE-2024-38023: Microsoft SharePoint Server Remote Code Execution Vulnerability:
A web-based platform for document management and collaboration, Microsoft SharePoint facilitates the sharing of documents, data, news, and resources. The program offers easy sharing and seamless collaboration, which changes the way business activities are done.
Using specific API queries and a specially designed file uploaded to the targeted SharePoint Server, an authenticated attacker with Site Owner access can take advantage of this vulnerability by initiating the deserialization of the file’s parameters. The attacker would then be able to run remote code within the context of the SharePoint Server.
CVE-2024-38060: Microsoft Windows Codecs Library Remote Code Execution Vulnerability:
Windows Media Player and other applications use the Microsoft Windows Codecs Library to play and generate media files. An encoder that compresses the media file and a decoder that decompresses it can make up a codec.
The vulnerability can be exploited by an authenticated attacker sending a malicious TIFF file to a server.
CVE-2024-38077: Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability:
A Windows component that enables users to take control of a remote computer via a network connection is Windows Remote Desktop Services (RDS) licensing, commonly referred to as Remote Desktop Protocol (RDP) licensing. When establishing RDS settings, RDS licensing is crucial, and the Remote Desktop License Server is a vital component of this procedure.
A malicious message that could result in remote code execution could be sent by an unauthorized attacker who connects to the Remote Desktop Licensing Service.
CVE-2024-38074 & CVE-2024-38076: Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability:
A server configured as a Remote Desktop Licensing server may receive a specially crafted packet from an attacker. Remote code execution could result from the vulnerability’s successful exploitation.
Other vulnerabilities:
- CVE-2024-38024 & CVE-2024-38094:
A remote code execution vulnerability exists in Microsoft SharePoint Server (CVE-2024-38024 & CVE-2024-38094). To cause the deserialization of the file’s arguments, an authorized attacker with Site Owner access or above could upload a specially created file to the targeted SharePoint Server and create unique API queries. The attacker would then be able to remotely execute code within the context of the SharePoint Server.
- CVE-2024-38054 & CVE-2024-38052:
The Kernel Streaming WOW Thunk Service Driver has two elevation of privilege vulnerabilities, CVE-2024-38054 and CVE-2024-38052. If the vulnerability is successfully exploited, an attacker might be able to obtain SYSTEM rights.
- CVE-2024-38059:
A Win32k elevation of privilege vulnerability is identified as CVE-2024-38059. If the vulnerability is successfully exploited, an attacker might be able to obtain SYSTEM rights.
- CVE-2024-38085:
An elevation of privilege vulnerability in the Windows Graphics Component is identified as CVE-2024-38085. If the vulnerability is successfully exploited, an attacker might be able to obtain SYSTEM rights.
- CVE-2024-38100:
Windows File Explorer has an elevation of privilege vulnerability (CVE-2024-38100). If the vulnerability is successfully exploited, the attacker may be able to obtain administrator rights.
- CVE-2024-38021:
Microsoft Office has a remote code execution vulnerability (CVE-2024-38021). A malicious link could be created by an attacker to get around the Protected View Protocol. By using the vulnerability, an attacker might execute remote code and obtain local NTLM credential information.
- CVE-2024-38066:
A Windows Win32k elevation of privilege vulnerability is identified as CVE-2024-38066. If the vulnerability is successfully exploited, the attacker may be able to obtain administrator rights.
- CVE-2024-38079:
An elevation of privilege vulnerability in the Windows Graphics Component is identified as CVE-2024-38079. The system must be logged in for an attacker to take advantage of this vulnerability. The vulnerability might then be exploited and a compromised system could be taken over by an attacker using a specially designed program. If the vulnerability is successfully exploited, an attacker might be able to obtain SYSTEM rights.
- CVE-2024-38099:
The Windows Remote Desktop Licensing Service denial-of-service vulnerability is identified by the CVE-2024-38099. To take advantage of this vulnerability and obtain unauthorized access to particular remote procedure call (RPC) endpoints, an attacker must figure out the required algorithm.
Recommendations
To stop possible exploitation, we highly advise updating all affected products with the security updates that are currently available.
Note: To prevent operational effects, please adhere to your organization’s patching and testing policies.
| Product | Vulnerability | Article | Download |
| Windows Server 2022, 23H2 Edition | CVE-2024-38074, CVE-2024-38076, CVE-2024-38077, CVE-2024-38112, CVE-2024-38080, CVE-2024-38060 | 5040438 | Security Update |
| Windows Server 2022 | CVE-2024-38074, CVE-2024-38076, CVE-2024-38077, CVE-2024-38112, CVE-2024-38080, CVE-2024-38060 | 5040437 | Security Update |
| Windows Server 2019 | CVE-2024-38074, CVE-2024-38076, CVE-2024-38077, CVE-2024-38112, CVE-2024-38060 | 5040430 | Security Update |
| Windows Server 2016 | CVE-2024-38074, CVE-2024-38076, CVE-2024-38077, CVE-2024-38112, CVE-2024-38060 | 5040434 | Security Update |
| Windows Server 2012 R2 | CVE-2024-38074, CVE-2024-38077, CVE-2024-38112, CVE-2024-38060 | 5040456, 5040426 | Monthly Rollup |
| Windows Server 2012 | CVE-2024-38074, CVE-2024-38077, CVE-2024-38060 | 5040485 | Monthly Rollup |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | CVE-2024-38074, CVE-2024-38077, CVE-2024-38060 | 5040497, 5040498 | Monthly Rollup, Security Only |
| Windows Server 2008 for x64-based Systems Service Pack 2 | CVE-2024-38077, CVE-2024-38112 | 5040499, 5040490, 5040426 | Monthly Rollup, Security Only, IE Cumulative |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | CVE-2024-38077, CVE-2024-38112 | 5040499, 5040490, 5040426 | Monthly Rollup, Security Only, IE Cumulative |
| Windows 11 Version 23H2 for x64-based Systems | CVE-2024-38112, CVE-2024-38080, CVE-2024-38060 | 5040442 | Security Update |
| Windows 11 Version 23H2 for ARM64-based Systems | CVE-2024-38112, CVE-2024-38080, CVE-2024-38060 | 5040442 | Security Update |
| Windows 11 Version 22H2 for x64-based Systems | CVE-2024-38112, CVE-2024-38080, CVE-2024-38060 | 5040442 | Security Update |
| Windows 11 Version 22H2 for ARM64-based Systems | CVE-2024-38112, CVE-2024-38080, CVE-2024-38060 | 5040442 | Security Update |
| Windows 11 version 21H2 for x64-based Systems | CVE-2024-38112, CVE-2024-38080, CVE-2024-38060 | 5040431 | Security Update |
| Windows 11 version 21H2 for ARM64-based Systems | CVE-2024-38112, CVE-2024-38080, CVE-2024-38060 | 5040431 | Security Update |
| Windows 10 Version 22H2 for x64-based Systems | CVE-2024-38112, CVE-2024-38060 | 5040427 | Security Update |
| Windows 10 Version 22H2 for ARM64-based Systems | CVE-2024-38112, CVE-2024-38060 | 5040427 | Security Update |
| Windows 10 Version 22H2 for 32-bit Systems | CVE-2024-38112, CVE-2024-38060 | 5040427 | Security Update |
| Windows 10 Version 21H2 for x64-based Systems | CVE-2024-38112, CVE-2024-38060 | 5040427 | Security Update |
| Windows 10 Version 21H2 for ARM64-based Systems | CVE-2024-38112, CVE-2024-38060 | 5040427 | Security Update |
| Windows 10 Version 21H2 for 32-bit Systems | CVE-2024-38112, CVE-2024-38060 | 5040427 | Security Update |
| Windows 10 Version 1809 for x64-based Systems | CVE-2024-38112, CVE-2024-38060 | 5040430 | Security Update |
| Windows 10 Version 1809 for ARM64-based Systems | CVE-2024-38112, CVE-2024-38060 | 5040430 | Security Update |
| Windows 10 Version 1809 for 32-bit Systems | CVE-2024-38112, CVE-2024-38060 | 5040430 | Security Update |
| Windows 10 Version 1607 for x64-based Systems | CVE-2024-38112, CVE-2024-38060 | 5040434 | Security Update |
| Windows 10 Version 1607 for 32-bit Systems | CVE-2024-38112, CVE-2024-38060 | 5040434 | Security Update |
| Windows 10 for x64-based Systems | CVE-2024-38112, CVE-2024-38060 | 5040448 | Security Update |
| Windows 10 for 32-bit Systems | CVE-2024-38112, CVE-2024-38060 | 5040448 | Security Update |
| Microsoft Office LTSC 2021 for 64-bit editions | CVE-2024-38021 | Click to Run | See Run link to the left |
| Microsoft Office LTSC 2021 for 32-bit editions | CVE-2024-38021 | Click to Run | See Run link to the left |
| Microsoft Office 2019 for 64-bit editions | CVE-2024-38021 | Click to Run | See Run link to the left |
| Microsoft Office 2019 for 32-bit editions | CVE-2024-38021 | Click to Run | See Run link to the left |
| Microsoft Office 2016 (64-bit edition) | CVE-2024-38021 | 5002620 | Security Update |
| Microsoft Office 2016 (32-bit edition) | CVE-2024-38021 | 5002620 | Security Update |
| Microsoft 365 Apps for Enterprise for 64-bit Systems | CVE-2024-38021 | Click to Run | See Run link to the left |
| Microsoft 365 Apps for Enterprise for 32-bit Systems | CVE-2024-38021 | Click to Run | See Run link to the left |
Microsoft advises turning off the Remote Desktop Licensing Service when not in use in order to mitigate CVE-2024-38076, CVE-2024-38074, and CVE-2024-38077 if a fix cannot be applied. Enabling unnecessary services will generally lessen the attack surface of your system.
References:
- https://msrc.microsoft.com/update-guide/en-us/releaseNote/2024-Jul