Home

Alcune aziende che ci hanno scelto

Privacy Officer e consulente privacy
Schema CDP secondo la norma ISO/IEC 17024:2012
European Privacy Auditor
Schema di Certificazione ISDP©10003 secondo la norma ISO/IEC 17065:2012
Valutatore Privacy
Secondo la norma UNI 11697:2017
Lead Auditor ISO/IEC 27001:2022
Secondo la norma ISO/IEC 17024:2012
Data Protection Officer
Secondo la norma ISO/IEC 17024:2012
Anti-Bribery Lead Auditor Expert
Secondo la norma ISO/IEC 17024:2012
ICT Security Manager
Secondo la norma UNI 11506:2017
IT Service Management (ITSM)
Secondo l’Ente ITIL Foundation
Ethical Hacker (CEH)
Secondo l’Ente EC-Council
Network Defender (CND)
Secondo l’Ente EC-Council
Computer Hacking Forensics Investigator (CHFI)
Secondo l’Ente EC-Council
Penetration Testing Professional (CPENT)
Secondo l’Ente EC-Council

Qualifiche professionali

Rimani aggiornato sulle notizie dal mondo!

Seleziona gli argomenti di tuo interesse:
ALLERTA CYBER
Home / ALLERTA CYBER
/
Aggiornamenti Mensili Microsoft (AL01/240710/CSIRT-ITA)

Aggiornamenti Mensili Microsoft (AL01/240710/CSIRT-ITA)

Sintesi

Microsoft ha rilasciato gli aggiornamenti di sicurezza mensili che risolvono un totale di 142 nuove vulnerabilità, di cui 4 di tipo 0-day.

Note: un Proof of Concept (PoC) per lo sfruttamento delle CVE-2024-35264 e CVE-2024-37985 risulta disponibile in rete.

Note: il vendor afferma che le CVE-2024-38080 e CVE-2024-38112 risultano essere sfruttate attivamente in rete.

Rischio

Stima d’impatto della vulnerabilità sulla comunità di riferimento: GRAVE/ROSSO (77,05/100)1.

Tipologia

  • Information Disclosure
  • Spoofing
  • Elevation of Privilege
  • Remote Code Execution
  • Security Feature Bypass
  • Denial of Service

Prodotti e versioni affette

  • .NET and Visual Studio
  • Active Directory Certificate Services; Active Directory Domain Services
  • Active Directory Federation Services
  • Azure CycleCloud
  • Azure DevOps
  • Azure Kinect SDK
  • Azure Network Watcher
  • Line Printer Daemon Service (LPD)
  • Microsoft Defender for IoT
  • Microsoft Dynamics
  • Microsoft Graphics Component
  • Microsoft Office
  • Microsoft Office Outlook
  • Microsoft Office SharePoint
  • Microsoft Streaming Service
  • Microsoft Windows Codecs Library
  • Microsoft WS-Discovery
  • NDIS
  • SQL Server
  • Windows BitLocker
  • Windows COM Session
  • Windows CoreMessaging
  • Windows Cryptographic Services
  • Windows DHCP Server
  • Windows Distributed Transaction Coordinator
  • Windows Enroll Engine
  • Windows Fax and Scan Service
  • Windows Filtering
  • Windows Hyper-V
  • Windows Image Acquisition
  • Windows Internet Connection Sharing (ICS)
  • Windows iSCSI
  • Windows Kernel
  • Windows Kernel-Mode Drivers
  • Windows LockDown Policy (WLDP)
  • Windows Message Queuing
  • Windows MSHTML Platform
  • Windows MultiPoint Services
  • Windows NTLM
  • Windows Online Certificate Status Protocol (OCSP)
  • Windows Performance Monitor
  • Windows PowerShell
  • Windows Remote Access Connection Manager
  • Windows Remote Desktop
  • Windows Remote Desktop Licensing Service
  • Windows Secure Boot
  • Windows Server Backup
  • Windows TCP/IP
  • Windows Themes
  • Windows Win32 Kernel Subsystem
  • Windows Win32K – GRFX
  • Windows Win32K – ICOMP
  • Windows Workstation Service
  • XBox Crypto Graphic Services

Azioni di mitigazione

In linea con le dichiarazioni del vendor, si raccomanda di procedere all’aggiornamento dei prodotti impattati attraverso l’apposita funzione di Windows Update.

Identificatori univoci vulnerabilità

CVE-ID
CVE-2024-38092CVE-2024-21417CVE-2024-21428CVE-2024-38010
CVE-2024-38058CVE-2024-39684CVE-2024-38069CVE-2024-38078
CVE-2024-38033CVE-2024-38052CVE-2024-38072CVE-2024-30071
CVE-2024-35264CVE-2024-38079CVE-2024-38064CVE-2024-21425
CVE-2024-30081CVE-2024-38085CVE-2024-38013CVE-2024-37328
CVE-2024-21415CVE-2024-38112CVE-2024-38059CVE-2024-38067
CVE-2024-38091CVE-2024-37975CVE-2024-28899CVE-2024-37327
CVE-2024-38022CVE-2024-37330CVE-2024-38095CVE-2024-21414
CVE-2024-37970CVE-2024-38080CVE-2024-38017CVE-2024-38068
CVE-2024-37326CVE-2024-38027CVE-2024-37977CVE-2024-38054
CVE-2024-38104CVE-2024-38053CVE-2024-30061CVE-2024-38088
CVE-2024-35267CVE-2024-38073CVE-2024-21398CVE-2024-38028
CVE-2024-37320CVE-2024-21331CVE-2024-38057CVE-2024-37971
CVE-2024-38024CVE-2024-37969CVE-2024-38517CVE-2024-21333
CVE-2024-38044CVE-2024-37972CVE-2024-38055CVE-2024-38048
CVE-2024-35256CVE-2024-21332CVE-2024-37981CVE-2024-35272
CVE-2024-28928CVE-2024-38101CVE-2024-35261CVE-2024-37973
CVE-2024-21317CVE-2024-38086CVE-2024-21449CVE-2024-37974
CVE-2024-30079CVE-2024-38070CVE-2024-38087CVE-2024-37321
CVE-2024-37989CVE-2024-37978CVE-2024-38050CVE-2024-35270
CVE-2024-30013CVE-2024-38061CVE-2024-38060CVE-2024-35266
CVE-2024-38102CVE-2024-38047CVE-2024-26184CVE-2024-38100
CVE-2024-38049CVE-2024-37322CVE-2024-38043CVE-2024-20701
CVE-2024-21303CVE-2024-37324CVE-2024-38062CVE-2024-21308
CVE-2024-38071CVE-2024-37336CVE-2024-38066CVE-2024-38094
CVE-2024-37332CVE-2024-37323CVE-2024-38031CVE-2024-38034
CVE-2024-35271CVE-2024-37988CVE-2024-38025CVE-2024-38105
CVE-2024-37334CVE-2024-37318CVE-2024-37333CVE-2024-38099
CVE-2024-37319CVE-2024-37329CVE-2024-37986CVE-2024-21373
CVE-2024-38041CVE-2024-38089CVE-2024-30098CVE-2024-37987
CVE-2024-38015CVE-2024-38032CVE-2024-3596CVE-2024-38030
CVE-2024-30105CVE-2024-38019CVE-2024-21335CVE-2024-37331
CVE-2024-38020CVE-2024-32987CVE-2024-38051CVE-2024-38011
CVE-2024-38076CVE-2024-37985CVE-2024-38081CVE-2024-37984
CVE-2024-38023CVE-2024-38056CVE-2024-38077CVE-2024-38065
CVE-2024-38074CVE-2024-38021

Riferimenti

https://msrc.microsoft.com/update-guide/releaseNote/2024-Jul

https://msrc.microsoft.com/update-guide (NB: filtro: patch tuesday – July 2024)

1La presente stima è effettuata tenendo conto di diversi parametri, tra i quali: CVSS, disponibilità di patch/workaround e PoC, diffusione dei software/dispositivi interessati nella comunità di riferimento.

Suggeriti per te

Ricerca in 365TRUST

I nostri servizi