Summary
Microsoft has released monthly security updates that address a total of 142 new vulnerabilities, including 4 0-day vulnerabilities.
Note: The vendor states that an exploit for CVE-2024-35264 and CVE-2024-37985 is available online.
Note: The vendor states that CVE-2024-38080 and CVE-2024-38112 are actively being exploited online.
Risk
Vulnerability community impact estimate: SEVERE/RED (77.05/100)1.
Type
- Information Disclosure
- Spoofing
- Elevation of Privilege
- Remote Code Execution
- Security Feature Bypass
- Denial of Service
Affected products and versions
- .NET and Visual Studio
- Active Directory Certificate Services; Active Directory Domain Services
- Active Directory Federation Services
- Azure CycleCloud
- Azure DevOps
- Azure Kinect SDK
- Azure Network Watcher
- GroupMe
- Line Printer Daemon Service (LPD)
- Microsoft Defender for IoT
- Microsoft Dynamics
- Microsoft Edge (Chromium-based)
- Microsoft Graphics Component
- Microsoft Office
- Microsoft Office Outlook
- Microsoft Office SharePoint
- Microsoft Streaming Service
- Microsoft Windows Codecs Library
- Microsoft WS-Discovery
- NDIS
- SQL Server
- Windows BitLocker
- Windows COM Session
- Windows CoreMessaging
- Windows Cryptographic Services
- Windows DHCP Server
- Windows Distributed Transaction Coordinator
- Windows Enroll Engine
- Windows Fax and Scan Service
- Windows Filtering
- Windows Hyper-V
- Windows Image Acquisition
- Windows Internet Connection Sharing (ICS)
- Windows iSCSI
- Windows Kernel
- Windows Kernel-Mode Drivers
- Windows LockDown Policy (WLDP)
- Windows Message Queuing
- Windows MSHTML Platform
- Windows MultiPoint Services
- Windows NTLM
- Windows Online Certificate Status Protocol (OCSP)
- Windows Performance Monitor
- Windows PowerShell
- Windows Remote Access Connection Manager
- Windows Remote Desktop
- Windows Remote Desktop Licensing Service
- Windows Secure Boot
- Windows Server Backup
- Windows TCP/IP
- Windows Themes
- Windows Win32 Kernel Subsystem
- Windows Win32K – GRFX
- Windows Win32K – ICOMP
- Windows Workstation Service
- XBox Crypto Graphic Services
Mitigation Actions
In line with vendor statements, it is recommended to update impacted products through the appropriate Windows Update function.
Unique Vulnerability Identifiers
References
https://msrc.microsoft.com/update-guide/releaseNote/2024-Jul
https://msrc.microsoft.com/update-guide (NB: filtro: patch tuesday – July 2024)
1This estimate is made taking into account several parameters, including: CVSS, availability of patches/workarounds and PoC, diffusion of the affected software/devices in the reference community.
