Patch Tuesday Update – July 2024
2024-7-10 05:3:46 Author: securityboulevard.com(查看原文) 阅读量:0 收藏

CVE/Advisory Title Tag Microsoft Severity Rating Base Score Microsoft Impact Exploited Publicly Disclosed
CVE-2024-30061 Microsoft Dynamics 365 (On-Premises) Information Disclosure Vulnerability Microsoft Dynamics Important 7.3 Information Disclosure No No
CVE-2024-21417 Windows Text Services Framework Elevation of Privilege Vulnerability Windows CoreMessaging Important 8.8 Elevation of Privilege No No
CVE-2024-28899 Secure Boot Security Feature Bypass Vulnerability Windows Secure Boot Important 8.8 Security Feature Bypass No No
CVE-2024-30081 Windows NTLM Spoofing Vulnerability Windows NTLM Important 7.1 Spoofing No No
CVE-2024-30098 Windows Cryptographic Services Security Feature Bypass Vulnerability Windows Cryptographic Services Important 7.5 Security Feature Bypass No No
CVE-2024-35264 .NET and Visual Studio Remote Code Execution Vulnerability .NET and Visual Studio Important 8.1 Remote Code Execution No Yes
CVE-2024-35270 Windows iSCSI Service Denial of Service Vulnerability Windows iSCSI Important 5.3 Denial of Service No No
CVE-2024-38088 SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability SQL Server Important 8.8 Remote Code Execution No No
CVE-2024-38087 SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability SQL Server Important 8.8 Remote Code Execution No No
CVE-2024-21332 SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability SQL Server Important 8.8 Remote Code Execution No No
CVE-2024-21333 SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability SQL Server Important 8.8 Remote Code Execution No No
CVE-2024-21335 SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability SQL Server Important 8.8 Remote Code Execution No No
CVE-2024-21373 SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability SQL Server Important 8.8 Remote Code Execution No No
CVE-2024-21398 SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability SQL Server Important 8.8 Remote Code Execution No No
CVE-2024-21414 SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability SQL Server Important 8.8 Remote Code Execution No No
CVE-2024-21415 SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability SQL Server Important 8.8 Remote Code Execution No No
CVE-2024-21428 SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability SQL Server Important 8.8 Remote Code Execution No No
CVE-2024-37318 SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability SQL Server Important 8.8 Remote Code Execution No No
CVE-2024-37332 SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability SQL Server Important 8.8 Remote Code Execution No No
CVE-2024-37331 SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability SQL Server Important 8.8 Remote Code Execution No No
CVE-2024-37969 Secure Boot Security Feature Bypass Vulnerability Windows Secure Boot Important 8 Security Feature Bypass No No
CVE-2024-37970 Secure Boot Security Feature Bypass Vulnerability Windows Secure Boot Important 8 Security Feature Bypass No No
CVE-2024-37974 Secure Boot Security Feature Bypass Vulnerability Windows Secure Boot Important 8 Security Feature Bypass No No
CVE-2024-37981 Secure Boot Security Feature Bypass Vulnerability Windows Secure Boot Important 8 Security Feature Bypass No No
CVE-2024-37986 Secure Boot Security Feature Bypass Vulnerability Windows Secure Boot Important 8 Security Feature Bypass No No
CVE-2024-37987 Secure Boot Security Feature Bypass Vulnerability Windows Secure Boot Important 8 Security Feature Bypass No No
CVE-2024-38013 Microsoft Windows Server Backup Elevation of Privilege Vulnerability Windows Server Backup Important 6.7 Elevation of Privilege No No
CVE-2024-38015 Windows Remote Desktop Gateway (RD Gateway) Denial of Service Vulnerability Windows Remote Desktop Important 7.5 Denial of Service No No
CVE-2024-38022 Windows Image Acquisition Elevation of Privilege Vulnerability Windows Image Acquisition Important 7 Elevation of Privilege No No
CVE-2024-38023 Microsoft SharePoint Server Remote Code Execution Vulnerability Microsoft Office SharePoint Critical 7.2 Remote Code Execution No No
CVE-2024-38024 Microsoft SharePoint Server Remote Code Execution Vulnerability Microsoft Office SharePoint Important 7.2 Remote Code Execution No No
CVE-2024-38025 Microsoft Windows Performance Data Helper Library Remote Code Execution Vulnerability Windows Performance Monitor Important 7.2 Remote Code Execution No No
CVE-2024-38034 Windows Filtering Platform Elevation of Privilege Vulnerability Windows Filtering Important 7.8 Elevation of Privilege No No
CVE-2024-38041 Windows Kernel Information Disclosure Vulnerability Windows Kernel Important 5.5 Information Disclosure No No
CVE-2024-38043 PowerShell Elevation of Privilege Vulnerability Windows PowerShell Important 7.8 Elevation of Privilege No No
CVE-2024-38517 Github: CVE-2024-38517 TenCent RapidJSON Elevation of Privilege Vulnerability Active Directory Rights Management Services Moderate 7.8 Elevation of Privilege No No
CVE-2024-38051 Windows Graphics Component Remote Code Execution Vulnerability Microsoft Graphics Component Important 7.8 Remote Code Execution No No
CVE-2024-38054 Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability Microsoft Streaming Service Important 7.8 Elevation of Privilege No No
CVE-2024-38055 Microsoft Windows Codecs Library Information Disclosure Vulnerability Microsoft Windows Codecs Library Important 5.5 Information Disclosure No No
CVE-2024-38056 Microsoft Windows Codecs Library Information Disclosure Vulnerability Microsoft Windows Codecs Library Important 5.5 Information Disclosure No No
CVE-2024-38059 Win32k Elevation of Privilege Vulnerability Windows Win32K – ICOMP Important 7.8 Elevation of Privilege No No
CVE-2024-38060 Windows Imaging Component Remote Code Execution Vulnerability Windows Imaging Component Critical 8.8 Remote Code Execution No No
CVE-2024-38061 DCOM Remote Cross-Session Activation Elevation of Privilege Vulnerability Role: Active Directory Certificate Services; Active Directory Domain Services Important 7.5 Elevation of Privilege No No
CVE-2024-38062 Windows Kernel-Mode Driver Elevation of Privilege Vulnerability Windows Kernel-Mode Drivers Important 7.8 Elevation of Privilege No No
CVE-2024-38064 Windows TCP/IP Information Disclosure Vulnerability Windows TCP/IP Important 7.5 Information Disclosure No No
CVE-2024-38071 Windows Remote Desktop Licensing Service Denial of Service Vulnerability Windows Remote Desktop Licensing Service Important 7.5 Denial of Service No No
CVE-2024-38072 Windows Remote Desktop Licensing Service Denial of Service Vulnerability Windows Remote Desktop Licensing Service Important 7.5 Denial of Service No No
CVE-2024-38077 Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability Windows Remote Desktop Licensing Service Critical 9.8 Remote Code Execution No No
CVE-2024-38080 Windows Hyper-V Elevation of Privilege Vulnerability Role: Windows Hyper-V Important 7.8 Elevation of Privilege Yes No
CVE-2024-38085 Windows Graphics Component Elevation of Privilege Vulnerability Windows Win32 Kernel Subsystem Important 7.8 Elevation of Privilege No No
CVE-2024-38086 Azure Kinect SDK Remote Code Execution Vulnerability Azure Kinect SDK Important 6.4 Remote Code Execution No No
CVE-2024-38091 Microsoft WS-Discovery Denial of Service Vulnerability Microsoft WS-Discovery Important 7.5 Denial of Service No No
CVE-2024-38100 Windows File Explorer Elevation of Privilege Vulnerability Windows COM Session Important 7.8 Elevation of Privilege No No
CVE-2024-38102 Windows Layer-2 Bridge Network Driver Denial of Service Vulnerability Windows Internet Connection Sharing (ICS) Important 6.5 Denial of Service No No
CVE-2024-38104 Windows Fax Service Remote Code Execution Vulnerability Windows Fax and Scan Service Important 8.8 Remote Code Execution No No
CVE-2024-38112 Windows MSHTML Platform Spoofing Vulnerability Windows MSHTML Platform Important 7.5 Spoofing Yes No
CVE-2024-26184 Secure Boot Security Feature Bypass Vulnerability Windows Secure Boot Important 6.8 Security Feature Bypass No No
CVE-2024-30013 Windows MultiPoint Services Remote Code Execution Vulnerability Windows MultiPoint Services Important 8.8 Remote Code Execution No No
CVE-2024-32987 Microsoft SharePoint Server Information Disclosure Vulnerability Microsoft Office SharePoint Important 7.5 Information Disclosure No No
CVE-2024-30071 Windows Remote Access Connection Manager Information Disclosure Vulnerability Windows Remote Access Connection Manager Important 4.7 Information Disclosure No No
CVE-2024-30079 Windows Remote Access Connection Manager Elevation of Privilege Vulnerability Windows Remote Access Connection Manager Important 7.8 Elevation of Privilege No No
CVE-2024-30105 .NET Core and Visual Studio Denial of Service Vulnerability .NET and Visual Studio Important 7.5 Denial of Service No No
CVE-2024-35261 Azure Network Watcher VM Extension Elevation of Privilege Vulnerability Azure Network Watcher Important 7.8 Elevation of Privilege No No
CVE-2024-35266 Azure DevOps Server Spoofing Vulnerability Azure DevOps Important 7.6 Spoofing No No
CVE-2024-35267 Azure DevOps Server Spoofing Vulnerability Azure DevOps Important 7.6 Spoofing No No
CVE-2024-35271 SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability SQL Server Important 8.8 Remote Code Execution No No
CVE-2024-35272 SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability SQL Server Important 8.8 Remote Code Execution No No
CVE-2024-20701 SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability SQL Server Important 8.8 Remote Code Execution No No
CVE-2024-21303 SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability SQL Server Important 8.8 Remote Code Execution No No
CVE-2024-21308 SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability SQL Server Important 8.8 Remote Code Execution No No
CVE-2024-21317 SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability SQL Server Important 8.8 Remote Code Execution No No
CVE-2024-21331 SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability SQL Server Important 8.8 Remote Code Execution No No
CVE-2024-21425 SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability SQL Server Important 8.8 Remote Code Execution No No
CVE-2024-37319 SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability SQL Server Important 8.8 Remote Code Execution No No
CVE-2024-37320 SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability SQL Server Important 8.8 Remote Code Execution No No
CVE-2024-37321 SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability SQL Server Important 8.8 Remote Code Execution No No
CVE-2024-37322 SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability SQL Server Important 8.8 Remote Code Execution No No
CVE-2024-37323 SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability SQL Server Important 8.8 Remote Code Execution No No
CVE-2024-37324 SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability SQL Server Important 8.8 Remote Code Execution No No
CVE-2024-21449 SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability SQL Server Important 8.8 Remote Code Execution No No
CVE-2024-37326 SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability SQL Server Important 8.8 Remote Code Execution No No
CVE-2024-37327 SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability SQL Server Important 8.8 Remote Code Execution No No
CVE-2024-37328 SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability SQL Server Important 8.8 Remote Code Execution No No
CVE-2024-37329 SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability SQL Server Important 8.8 Remote Code Execution No No
CVE-2024-37330 SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability SQL Server Important 8.8 Remote Code Execution No No
CVE-2024-37334 Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability SQL Server Important 8.8 Remote Code Execution No No
CVE-2024-37333 SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability SQL Server Important 8.8 Remote Code Execution No No
CVE-2024-37336 SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability SQL Server Important 8.8 Remote Code Execution No No
CVE-2024-28928 SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability SQL Server Important 8.8 Remote Code Execution No No
CVE-2024-35256 SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability SQL Server Important 8.8 Remote Code Execution No No
CVE-2024-37971 Secure Boot Security Feature Bypass Vulnerability Windows Secure Boot Important 8 Security Feature Bypass No No
CVE-2024-37972 Secure Boot Security Feature Bypass Vulnerability Windows Secure Boot Important 8 Security Feature Bypass No No
CVE-2024-37973 Secure Boot Security Feature Bypass Vulnerability Windows Secure Boot Important 8.4 Security Feature Bypass No No
CVE-2024-37975 Secure Boot Security Feature Bypass Vulnerability Windows Secure Boot Important 8 Security Feature Bypass No No
CVE-2024-37977 Secure Boot Security Feature Bypass Vulnerability Windows Secure Boot Important 8 Security Feature Bypass No No
CVE-2024-37978 Secure Boot Security Feature Bypass Vulnerability Windows Secure Boot Important 8 Security Feature Bypass No No
CVE-2024-37984 Secure Boot Security Feature Bypass Vulnerability Windows Secure Boot Important 8.4 Security Feature Bypass No No
CVE-2024-37988 Secure Boot Security Feature Bypass Vulnerability Windows Secure Boot Important 8 Security Feature Bypass No No
CVE-2024-37989 Secure Boot Security Feature Bypass Vulnerability Windows Secure Boot Important 8 Security Feature Bypass No No
CVE-2024-38010 Secure Boot Security Feature Bypass Vulnerability Windows Secure Boot Important 8 Security Feature Bypass No No
CVE-2024-38011 Secure Boot Security Feature Bypass Vulnerability Windows Secure Boot Important 8 Security Feature Bypass No No
CVE-2024-38017 Microsoft Message Queuing Information Disclosure Vulnerability Windows Message Queuing Important 5.5 Information Disclosure No No
CVE-2024-38019 Microsoft Windows Performance Data Helper Library Remote Code Execution Vulnerability Windows Performance Monitor Important 7.2 Remote Code Execution No No
CVE-2024-38020 Microsoft Outlook Spoofing Vulnerability Microsoft Office Outlook Moderate 6.5 Spoofing No No
CVE-2024-38021 Microsoft Office Remote Code Execution Vulnerability Microsoft Office Important 8.8 Remote Code Execution No No
CVE-2024-38027 Windows Line Printer Daemon Service Denial of Service Vulnerability Line Printer Daemon Service (LPD) Important 6.5 Denial of Service No No
CVE-2024-38028 Microsoft Windows Performance Data Helper Library Remote Code Execution Vulnerability Windows Performance Monitor Important 7.2 Remote Code Execution No No
CVE-2024-38030 Windows Themes Spoofing Vulnerability Windows Themes Important 6.5 Spoofing No No
CVE-2024-38031 Windows Online Certificate Status Protocol (OCSP) Server Denial of Service Vulnerability Windows Online Certificate Status Protocol (OCSP) Important 7.5 Denial of Service No No
CVE-2024-38032 Microsoft Xbox Remote Code Execution Vulnerability XBox Crypto Graphic Services Important 7.1 Remote Code Execution No No
CVE-2024-38033 PowerShell Elevation of Privilege Vulnerability Windows PowerShell Important 7.3 Elevation of Privilege No No
CVE-2024-38044 DHCP Server Service Remote Code Execution Vulnerability Windows DHCP Server Important 7.2 Remote Code Execution No No
CVE-2024-38047 PowerShell Elevation of Privilege Vulnerability Windows PowerShell Important 7.8 Elevation of Privilege No No
CVE-2024-38048 Windows Network Driver Interface Specification (NDIS) Denial of Service Vulnerability NDIS Important 6.5 Denial of Service No No
CVE-2024-38049 Windows Distributed Transaction Coordinator Remote Code Execution Vulnerability Windows Distributed Transaction Coordinator Important 6.6 Remote Code Execution No No
CVE-2024-38050 Windows Workstation Service Elevation of Privilege Vulnerability Windows Workstation Service Important 7.8 Elevation of Privilege No No
CVE-2024-38052 Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability Microsoft Streaming Service Important 7.8 Elevation of Privilege No No
CVE-2024-38053 Windows Layer-2 Bridge Network Driver Remote Code Execution Vulnerability Windows Internet Connection Sharing (ICS) Important 8.8 Remote Code Execution No No
CVE-2024-38057 Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability Microsoft Streaming Service Important 7.8 Elevation of Privilege No No
CVE-2024-38058 BitLocker Security Feature Bypass Vulnerability Windows BitLocker Important 6.8 Security Feature Bypass No No
CVE-2024-38065 Secure Boot Security Feature Bypass Vulnerability Windows Secure Boot Important 6.8 Security Feature Bypass No No
CVE-2024-38066 Windows Win32k Elevation of Privilege Vulnerability Windows Win32K – GRFX Important 7.8 Elevation of Privilege No No
CVE-2024-38067 Windows Online Certificate Status Protocol (OCSP) Server Denial of Service Vulnerability Windows Online Certificate Status Protocol (OCSP) Important 7.5 Denial of Service No No
CVE-2024-38068 Windows Online Certificate Status Protocol (OCSP) Server Denial of Service Vulnerability Windows Online Certificate Status Protocol (OCSP) Important 7.5 Denial of Service No No
CVE-2024-38069 Windows Enroll Engine Security Feature Bypass Vulnerability Windows Enroll Engine Important 7 Security Feature Bypass No No
CVE-2024-38070 Windows LockDown Policy (WLDP) Security Feature Bypass Vulnerability Windows LockDown Policy (WLDP) Important 7.8 Security Feature Bypass No No
CVE-2024-38073 Windows Remote Desktop Licensing Service Denial of Service Vulnerability Windows Remote Desktop Licensing Service Important 7.5 Denial of Service No No
CVE-2024-38074 Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability Windows Remote Desktop Licensing Service Critical 9.8 Remote Code Execution No No
CVE-2024-38076 Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability Windows Remote Desktop Critical 9.8 Remote Code Execution No No
CVE-2024-38078 Xbox Wireless Adapter Remote Code Execution Vulnerability XBox Crypto Graphic Services Important 7.5 Remote Code Execution No No
CVE-2024-38079 Windows Graphics Component Elevation of Privilege Vulnerability Microsoft Graphics Component Important 7.8 Elevation of Privilege No No
CVE-2024-38081 .NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability .NET and Visual Studio Important 7.3 Elevation of Privilege No No
CVE-2024-38089 Microsoft Defender for IoT Elevation of Privilege Vulnerability Microsoft Defender for IoT Important 9.1 Elevation of Privilege No No
CVE-2024-38092 Azure CycleCloud Elevation of Privilege Vulnerability Azure CycleCloud Important 8.8 Elevation of Privilege No No
CVE-2024-38094 Microsoft SharePoint Remote Code Execution Vulnerability Microsoft Office SharePoint Important 7.2 Remote Code Execution No No
CVE-2024-38095 .NET and Visual Studio Denial of Service Vulnerability .NET and Visual Studio Important 7.5 Denial of Service No No
CVE-2024-38099 Windows Remote Desktop Licensing Service Denial of Service Vulnerability Windows Remote Desktop Licensing Service Important 5.9 Denial of Service No No
CVE-2024-38101 Windows Layer-2 Bridge Network Driver Denial of Service Vulnerability Windows Internet Connection Sharing (ICS) Important 6.5 Denial of Service No No
CVE-2024-38105 Windows Layer-2 Bridge Network Driver Denial of Service Vulnerability Windows Internet Connection Sharing (ICS) Important 6.5 Denial of Service No No
CVE-2024-39684 Github: CVE-2024-39684 TenCent RapidJSON Elevation of Privilege Vulnerability Active Directory Rights Management Services Moderate 7.8 Elevation of Privilege No No

文章来源: https://securityboulevard.com/2024/07/patch-tuesday-update-july-2024/
如有侵权请联系:admin#unsafe.sh