Microsoft’s July 2024 Patch Tuesday Addresses 138 CVEs (CVE-2024-38080, CVE-2024-38112)
2024-7-10 02:54:33 Author: www.tenable.com(查看原文) 阅读量:9 收藏

Tenable Security Response Team

A blue gradient background with the Tenable Research logo in the top center of the image. Underneath it is a rectangular shaped box with sharp edges onn the top left and bottom right corners. The box contains the word "MICROSOFT" in bold text at the top with the words "PATCH TUESDAY" unbolded underneath it. At the bottom center of the image the words: "Zero-Day Vulnerabilities Exploited." This is the July 2024 Patch Tuesday release which includes fixes for two zero-day vulnerabilities exploited in the wild.

  1. 5Critical
  2. 132Important
  3. 1Moderate
  4. 0Low

Microsoft addresses 138 CVEs in its July 2024 Patch Tuesday release, with five critical vulnerabilities and three zero-day vulnerabilities, two of which were exploited in the wild.

Microsoft released 138 CVEs in July 2024 Patch Tuesday release, with five rated critical, 132 rated important and one rated moderate. Our counts omitted four vulnerabilities, two reported by GitHub, and one reported by CERT/CC and Arm each.

A pie chart showing the severity distribution across the Patch Tuesday CVEs patched in July 2024.

This month’s update includes patches for:

  • .NET and Visual Studio
  • Active Directory Federation Services
  • Azure CycleCloud
  • Azure DevOps
  • Azure Kinect SDK
  • Azure Network Watcher
  • Line Printer Daemon Service (LPD)
  • Microsoft Defender for IoT
  • Microsoft Dynamics
  • Microsoft Graphics Component
  • Microsoft Office
  • Microsoft Office Outlook
  • Microsoft Office SharePoint
  • Microsoft Streaming Service
  • Microsoft WS-Discovery
  • Microsoft Windows Codecs Library
  • Microsoft WS-Discovery
  • NDIS
  • Role: Active Directory Certificate Services; Active Directory Domain Services
  • Role: Windows Hyper-V
  • SQL Server
  • Windows BitLocker
  • Windows COM Session
  • Windows CoreMessaging
  • Windows Cryptographic Services
  • Windows DHCP Server
  • Windows Distributed Transaction Coordinator
  • Windows Enroll Engine
  • Windows Fax and Scan Service
  • Windows Filtering
  • Windows Image Acquisition
  • Windows Internet Connection Sharing (ICS)
  • Windows iSCSI
  • Windows Kernel
  • Windows Kernel-Mode Drivers
  • Windows LockDown Policy (WLDP)
  • Windows Message Queuing
  • Windows MSHTML Platform
  • Windows MultiPoint Services
  • Windows NTLM
  • Windows Online Certificate Status Protocol (OCSP)
  • Windows Performance Monitor
  • Windows PowerShell
  • Windows Remote Access Connection Manager
  • Windows Remote Desktop
  • Windows Remote Desktop Licensing Service
  • Windows Secure Boot
  • Windows Server Backup
  • Windows TCP/IP
  • Windows Themes
  • Windows Win32 Kernel Subsystem
  • Windows Win32K - GRFX
  • Windows Win32K - ICOMP
  • Windows Workstation Service
  • XBox Crypto Graphic Services

A bar chart showing the count by impact of CVEs patched in the July 2024 Patch Tuesday release.

Remote Code Execution (RCE) vulnerabilities accounted for 42.8% of the vulnerabilities patched this month, followed by Elevation of Privilege (EoP) and Security Feature Bypass vulnerabilities at 17.4%.

CVE-2024-38080 | Windows Hyper-V Elevation of Privilege Vulnerability

CVE-2024-38080 is an EoP vulnerability in Microsoft Windows Hyper-V virtualization product. It was assigned a CVSSv3 score of 7.8 and is rated as important. A local, authenticated attacker could exploit this vulnerability to elevate to SYSTEM privileges.

According to Microsoft, this vulnerability was exploited in the wild as a zero-day. It was reported by a researcher that chose to remain Anonymous. No further details have been shared about the in-the-wild exploitation.

There have been 44 vulnerabilities in Windows Hyper-V that have been patched since 2022. This is the first Hyper-V vulnerability that has been exploited in the wild as a zero-day.

CVE-2024-38112 | Windows MSHTML Platform Spoofing Vulnerability

CVE-2024-38112 is a spoofing vulnerability in Windows MSHTML. It was assigned a CVSSv3 score of 7.5 and is rated important. An unauthenticated, remote attacker could exploit this vulnerability by convincing a potential target to open a malicious file. Microsoft notes that in order to successfully exploit this flaw, an attacker would also need to take “additional actions” to “prepare the target environment.”

According to Microsoft, this vulnerability was exploited in the wild as a zero-day. It was disclosed to Microsoft by Haifei Li of Check Point Research. At the time this blog post was published, no further details about in-the-wild exploitation were available. However, we anticipate further details will be made public soon.

CVE-2024-35264 |.NET and Visual Studio Remote Code Execution Vulnerability

CVE-2024-35264 is a RCE vulnerability affecting.NET and Visual Studio. It was assigned a CVSSv3 score of 8.1 and is the third Microsoft zero-day vulnerability patched this month. While it was not exploited in the wild, details were made public prior to the release of a patch. According to the advisory, exploitation requires an attacker to win a race condition and the exploitability reflects this as it is rated as “Exploitation Less Likely.”

CVE-2024-38060 | Windows Imaging Component Remote Code Execution Vulnerability

CVE-2024-38060 is a RCE vulnerability affecting the Windows Imaging Component, a framework used for processing images. Microsoft rates this vulnerability as “Exploitation More Likely” and assigned a CVSSv3 score of 8.8 as well as a critical severity rating. Exploitation of this flaw requires an attacker to be authenticated and utilize this access in order to upload a malicious Tag Image File Format (TIFF) file, an image type used for graphics.

CVE-2024-38059 and CVE-2024-38066 | Windows Win32k Elevation of Privilege Vulnerability

CVE-2024-38059 and CVE-2024-38066 are EoP vulnerabilities affecting Windows Win32k, a core kernel-side driver used in Windows. They were both assigned CVSSv3 scores of 7.8 and are rated as important. An attacker could exploit these vulnerabilities as part of post-compromise activity to elevate privileges to SYSTEM. Microsoft rates these vulnerabilities as “Exploitation More Likely.”

CVE-2024-38021 | Microsoft Office Remote Code Execution Vulnerability

CVE-2024-38021 is a RCE vulnerability affecting Microsoft Office 2016. This vulnerability was assigned a CVSSv3 score of 8.8 and rated as “Exploitation More Likely.” Successful exploitation would allow an attacker to gain elevated privileges, including write, read and delete functionality. MIcrosoft notes that exploitation requires an attacker to create a malicious link that can bypass Protected View Protocol. Based on Microsoft’s description, an attacker would have to entice a user into clicking the link, likely by sending it to an unsuspecting user in a phishing attack. This would result in the attacker gaining access to local NTLM credential information which could be utilized for elevated access to achieve RCE.

38 CVEs | Microsoft OLE DB Driver and SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

This month's release included 38 CVEs for RCEs affecting SQL Server Native Client OLE DB Provider and the OLE DB Driver for SQL Server. All of these CVEs received CVSSv3 scores of 8.8 and were rated as “Exploitation Less Likely.” Successful exploitation of these vulnerabilities can be achieved by convincing an authenticated user into connecting to a malicious SQL server database using an affected driver. A full list of the CVEs are included in the table below.

CVEDescriptionCVSSv3
CVE-2024-20701SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability8.8
CVE-2024-21303SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability8.8
CVE-2024-21308SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability8.8
CVE-2024-21317SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability8.8
CVE-2024-21331SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability8.8
CVE-2024-21332SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability8.8
CVE-2024-21333SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability8.8
CVE-2024-21335SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability8.8
CVE-2024-21373SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability8.8
CVE-2024-21398SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability8.8
CVE-2024-21414SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability8.8
CVE-2024-21415SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability8.8
CVE-2024-21425SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability8.8
CVE-2024-21428SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability8.8
CVE-2024-21449SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability8.8
CVE-2024-28928SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability8.8
CVE-2024-35256SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability8.8
CVE-2024-35271SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability8.8
CVE-2024-35272SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability8.8
CVE-2024-37318SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability8.8
CVE-2024-37319SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability8.8
CVE-2024-37320SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability8.8
CVE-2024-37321SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability8.8
CVE-2024-37322SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability8.8
CVE-2024-37323SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability8.8
CVE-2024-37324SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability8.8
CVE-2024-37326SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability8.8
CVE-2024-37327SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability8.8
CVE-2024-37328SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability8.8
CVE-2024-37329SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability8.8
CVE-2024-37330SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability8.8
CVE-2024-37331SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability8.8
CVE-2024-37332SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability8.8
CVE-2024-37333SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability8.8
CVE-2024-37334Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability8.8
CVE-2024-37336SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability8.8
CVE-2024-38087SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability8.8
CVE-2024-38088SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability8.8

Tenable Solutions

A list of all the plugins released for Microsoft’s July 2024 Patch Tuesday update can be found here. As always, we recommend patching systems as soon as possible and regularly scanning your environment to identify those systems yet to be patched.

For more specific guidance on best practices for vulnerability assessments, please refer to our blog post on How to Perform Efficient Vulnerability Assessments with Tenable.

Get more information

Join Tenable's Security Response Team on the Tenable Community.
Learn more about Tenable One, the Exposure Management Platform for the modern attack surface.

Tenable Security Response Team

Tenable Security Response Team

The Tenable Security Response Team (SRT) tracks threat and vulnerability intelligence feeds to ensure our research teams can deliver sensor coverage to our products as quickly as possible. The SRT also works to analyze and assess technical details and writes white papers, blogs and additional communications to ensure stakeholders are fully informed of the latest risks and threats. The SRT provides breakdowns for the latest vulnerabilities on the Tenable blog.

Related Articles

  • Exposure Management
  • Vulnerability Management

Cybersecurity News You Can Use

Enter your email and never miss timely alerts and security guidance from the experts at Tenable.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Tenable Vulnerability Management trials created everywhere except UAE will also include Tenable Lumin and Tenable Web App Scanning.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose Your Subscription Option:

Thank You

Thank you for your interest in Tenable Vulnerability Management. A representative will be in touch soon.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Tenable Vulnerability Management trials created everywhere except UAE will also include Tenable Lumin and Tenable Web App Scanning.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose Your Subscription Option:

Thank You

Thank you for your interest in Tenable.io. A representative will be in touch soon.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Tenable Vulnerability Management trials created everywhere except UAE will also include Tenable Lumin and Tenable Web App Scanning.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose Your Subscription Option:

Thank You

Thank you for your interest in Tenable Vulnerability Management. A representative will be in touch soon.

Try Tenable Web App Scanning

Enjoy full access to our latest web application scanning offering designed for modern applications as part of the Tenable One Exposure Management platform. Safely scan your entire online portfolio for vulnerabilities with a high degree of accuracy without heavy manual effort or disruption to critical web applications. Sign up now.

Your Tenable Web App Scanning trial also includes Tenable Vulnerability Management and Tenable Lumin.

Buy Tenable Web App Scanning

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

Try Tenable Lumin

Visualize and explore your exposure management, track risk reduction over time and benchmark against your peers with Tenable Lumin.

Your Tenable Lumin trial also includes Tenable Vulnerability Management and Tenable Web App Scanning.

Buy Tenable Lumin

Contact a Sales Representative to see how Tenable Lumin can help you gain insight across your entire organization and manage cyber risk.

Thank You

Thank you for your interest in Tenable Lumin. A representative will be in touch soon.

Request a demo of Tenable Security Center

Please fill out this form with your contact information.

A sales representative will contact you shortly to schedule a demo.

* Field is required

Request a demo of Tenable OT Security

Get the Operational Technology Security You Need.

Reduce the Risk You Don’t.

Request a demo of Tenable Identity Exposure

Continuously detect and respond to Active Directory attacks. No agents. No privileges.

On-prem and in the cloud.

Request a Demo of Tenable Cloud Security

Exceptional unified cloud security awaits you!

We’ll show you exactly how Tenable Cloud Security helps you deliver multi-cloud asset discovery, prioritized risk assessments and automated compliance/audit reports.

See
Tenable One
In Action

Exposure management for the modern attack surface.

See Tenable Attack Surface Management In Action

Know the exposure of every asset on any platform.

Thank You

Thank you for your interest in Tenable Attack Surface Management. A representative will be in touch soon.

Try Tenable Nessus Professional Free

FREE FOR 7 DAYS

Tenable Nessus is the most comprehensive vulnerability scanner on the market today.

NEW - Tenable Nessus Expert
Now Available

Nessus Expert adds even more features, including external attack surface scanning, and the ability to add domains and scan cloud infrastructure. Click here to Try Nessus Expert.

Fill out the form below to continue with a Nessus Pro Trial.

Buy Tenable Nessus Professional

Tenable Nessus is the most comprehensive vulnerability scanner on the market today. Tenable Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy a multi-year license and save. Add Advanced Support for access to phone, community and chat support 24 hours a day, 365 days a year.

Try Tenable Nessus Expert Free

FREE FOR 7 DAYS

Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.

Already have Tenable Nessus Professional?
Upgrade to Nessus Expert free for 7 days.

Buy Tenable Nessus Expert

Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.

Learn How Tenable Helps Achieve SLCGP Cybersecurity Plan Requirements

Tenable solutions help fulfill all SLCGP requirements. Connect with a Tenable representative to learn more.


文章来源: https://www.tenable.com/blog/microsofts-july-2024-patch-tuesday-addresses-138-cves-cve-2024-38080-cve-2024-38112
如有侵权请联系:admin#unsafe.sh