National Cyber Warfare Foundation (NCWF)

Microsoft has published 139 vulnerabilities this July 2024 Patch Tuesday, two of which had already been seen exploited in the wild.

Patch Tuesday - July 2024

Microsoft is addressing 139 vulnerabilities this July 2024 Patch Tuesday, which is on the high side in terms of typical CVE counts. They’ve also republished details for 4 CVEs issued by other vendors that affect Microsoft products. Microsoft has evidence of in-the-wild exploitation for 2 of the vulnerabilities published today. At time of writing, none of the vulnerabilities patched today are listed in CISA’s Known Exploited Vulnerabilities catalog, though we can expect CVE-2024-38080 and CVE-2024-38112 to appear there in short order. Microsoft is also patching 5 critical remote code execution (RCE) vulnerabilities today.

Windows Hyper-V: zero-day EoP

CVE-2024-38080 is an elevation of privilege (EoP) vulnerability affecting Microsoft’s Hyper-V virtualization functionality. Successful exploitation will give an attacker SYSTEM-level privileges. Only more recent editions of Windows are affected; Windows 11 since version 21H2 and Windows Server 2022 (including Server Core).

Windows MSHTML Platform: zero-day Spoofing

The other vulnerability seen exploited in the wild this month is CVE-2024-38112, a Spoofing vulnerability affecting Microsoft’s MSHTML browser engine which can be found on all versions of Windows, including Server editions. User interaction is required for exploitation – for example, a threat actor would need to send the victim a malicious file and convince them to open it. Microsoft is characteristically cagey about what exactly can be spoofed here, though they do indicate that the associated Common Weakness Enumeration (CWE) is CWE-668: Exposure of Resource to Wrong Sphere, which is defined as providing unintended actors with inappropriate access to a resource.

SharePoint: critical post-auth RCE

Similar to a vulnerability seen in May, CVE-2024-38023 is a SharePoint vulnerability that could allow an authenticated attacker with Site Owner permissions or higher to upload a specially crafted file to a SharePoint Server, then craft malicious API requests to trigger deserialization of the file's parameters, thus enabling them to achieve remote code execution in the context of the SharePoint Server. The CVSS base score of 7.2 reflects the requirement of Site Owner privileges or higher to exploit the vulnerability.

Windows Imaging: critical RCE

All supported versions of Windows (and almost certainly unsupported versions as well) are vulnerable to CVE-2024-38060, a flaw in the Windows Imaging Component related to TIFF (Tagged Image File Format) image processing that could allow an attacker to execute arbitrary code on a system. The example scenario Microsoft provides is simply of an authenticated attacker uploading a specially crafted TIFF image to a server in order to exploit this.

Remote Desktop Licensing Service: multiple critical RCEs

Three critical CVEs related to the Windows Remote Desktop Licensing Service were patched this month. CVE-2024-38074, CVE-2024-38076, and CVE-2024-38077. All three of these carry a CVSS 3.1 base score of 9.8 – if you rely on the Remote Desktop licensing service, best get patching immediately. As a mitigation, consider disabling the service entirely until there is an opportunity to apply the update.

SQL Server

Microsoft has patched a host of CVEs affecting SQL Server, all with a CVSS 3.1 base score of 8.8 and allowing RCE. These specifically affect the OLE DB Provider, so not only do SQL Server instances need to be updated, but client code running vulnerable versions of the connection driver will also need to be addressed. For example, an attacker could use social engineering tactics to dupe an authenticated user into attempting to connect to a SQL Server database configured to return malicious data, allowing arbitrary code execution on the client.

Lifecycle update

Also in SQL Server news this month, Microsoft SQL Server 2014 moves past the end of extended support. From this point onward, Microsoft only guarantees to provide SQL Server 2014 security updates to customers who pay for the Extended Security Updates program.

Summary charts

Summary tables

Azure vulnerabilities

CVE	Title	Exploited?	Publicly disclosed?	CVSSv3 base score
CVE-2024-38092	Azure CycleCloud Elevation of Privilege Vulnerability	No	No	8.8
CVE-2024-35261	Azure Network Watcher VM Extension Elevation of Privilege Vulnerability	No	No	7.8
CVE-2024-35266	Azure DevOps Server Spoofing Vulnerability	No	No	7.6
CVE-2024-35267	Azure DevOps Server Spoofing Vulnerability	No	No	7.6
CVE-2024-38086	Azure Kinect SDK Remote Code Execution Vulnerability	No	No	6.4

Developer Tools vulnerabilities

CVE	Title	Exploited?	Publicly disclosed?	CVSSv3 base score
CVE-2024-35264	.NET and Visual Studio Remote Code Execution Vulnerability	No	Yes	8.1
CVE-2024-38095	.NET and Visual Studio Denial of Service Vulnerability	No	No	7.5
CVE-2024-30105	.NET Core and Visual Studio Denial of Service Vulnerability	No	No	7.5
CVE-2024-38081	.NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability	No	No	7.3

ESU Windows vulnerabilities

CVE	Title	Exploited?	Publicly disclosed?	CVSSv3 base score
CVE-2024-38077	Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability	No	No	9.8
CVE-2024-38074	Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability	No	No	9.8
CVE-2024-38053	Windows Layer-2 Bridge Network Driver Remote Code Execution Vulnerability	No	No	8.8
CVE-2024-38060	Windows Imaging Component Remote Code Execution Vulnerability	No	No	8.8
CVE-2024-38104	Windows Fax Service Remote Code Execution Vulnerability	No	No	8.8
CVE-2024-28899	Secure Boot Security Feature Bypass Vulnerability	No	No	8.8
CVE-2024-37973	Secure Boot Security Feature Bypass Vulnerability	No	No	8.4
CVE-2024-37984	Secure Boot Security Feature Bypass Vulnerability	No	No	8.4
CVE-2024-37969	Secure Boot Security Feature Bypass Vulnerability	No	No	8
CVE-2024-37970	Secure Boot Security Feature Bypass Vulnerability	No	No	8
CVE-2024-37974	Secure Boot Security Feature Bypass Vulnerability	No	No	8
CVE-2024-37986	Secure Boot Security Feature Bypass Vulnerability	No	No	8
CVE-2024-37987	Secure Boot Security Feature Bypass Vulnerability	No	No	8
CVE-2024-37971	Secure Boot Security Feature Bypass Vulnerability	No	No	8
CVE-2024-37972	Secure Boot Security Feature Bypass Vulnerability	No	No	8
CVE-2024-37975	Secure Boot Security Feature Bypass Vulnerability	No	No	8
CVE-2024-37988	Secure Boot Security Feature Bypass Vulnerability	No	No	8
CVE-2024-37989	Secure Boot Security Feature Bypass Vulnerability	No	No	8
CVE-2024-38010	Secure Boot Security Feature Bypass Vulnerability	No	No	8
CVE-2024-38011	Secure Boot Security Feature Bypass Vulnerability	No	No	8
CVE-2024-38050	Windows Workstation Service Elevation of Privilege Vulnerability	No	No	7.8
CVE-2024-38066	Windows Win32k Elevation of Privilege Vulnerability	No	No	7.8
CVE-2024-30079	Windows Remote Access Connection Manager Elevation of Privilege Vulnerability	No	No	7.8
CVE-2024-38070	Windows LockDown Policy (WLDP) Security Feature Bypass Vulnerability	No	No	7.8
CVE-2024-38051	Windows Graphics Component Remote Code Execution Vulnerability	No	No	7.8
CVE-2024-38085	Windows Graphics Component Elevation of Privilege Vulnerability	No	No	7.8
CVE-2024-38079	Windows Graphics Component Elevation of Privilege Vulnerability	No	No	7.8
CVE-2024-38034	Windows Filtering Platform Elevation of Privilege Vulnerability	No	No	7.8
CVE-2024-38054	Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability	No	No	7.8
CVE-2024-38052	Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability	No	No	7.8
CVE-2024-38057	Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability	No	No	7.8
CVE-2024-39684	Github: CVE-2024-39684 TenCent RapidJSON Elevation of Privilege Vulnerability	No	No	7.8
CVE-2024-38064	Windows TCP/IP Information Disclosure Vulnerability	No	No	7.5
CVE-2024-38071	Windows Remote Desktop Licensing Service Denial of Service Vulnerability	No	No	7.5
CVE-2024-38073	Windows Remote Desktop Licensing Service Denial of Service Vulnerability	No	No	7.5
CVE-2024-38015	Windows Remote Desktop Gateway (RD Gateway) Denial of Service Vulnerability	No	No	7.5
CVE-2024-38031	Windows Online Certificate Status Protocol (OCSP) Server Denial of Service Vulnerability	No	No	7.5
CVE-2024-38067	Windows Online Certificate Status Protocol (OCSP) Server Denial of Service Vulnerability	No	No	7.5
CVE-2024-38068	Windows Online Certificate Status Protocol (OCSP) Server Denial of Service Vulnerability	No	No	7.5
CVE-2024-38112	Windows MSHTML Platform Spoofing Vulnerability	Yes	No	7.5
CVE-2024-30098	Windows Cryptographic Services Security Feature Bypass Vulnerability	No	No	7.5
CVE-2024-38091	Microsoft WS-Discovery Denial of Service Vulnerability	No	No	7.5
CVE-2024-38061	DCOM Remote Cross-Session Activation Elevation of Privilege Vulnerability	No	No	7.5
CVE-2024-3596	CERT/CC: CVE-2024-3596 RADIUS Protocol Spoofing Vulnerability	No	No	7.5
CVE-2024-38033	PowerShell Elevation of Privilege Vulnerability	No	No	7.3
CVE-2024-38025	Microsoft Windows Performance Data Helper Library Remote Code Execution Vulnerability	No	No	7.2
CVE-2024-38019	Microsoft Windows Performance Data Helper Library Remote Code Execution Vulnerability	No	No	7.2
CVE-2024-38028	Microsoft Windows Performance Data Helper Library Remote Code Execution Vulnerability	No	No	7.2
CVE-2024-38044	DHCP Server Service Remote Code Execution Vulnerability	No	No	7.2
CVE-2024-30081	Windows NTLM Spoofing Vulnerability	No	No	7.1
CVE-2024-38022	Windows Image Acquisition Elevation of Privilege Vulnerability	No	No	7
CVE-2024-38065	Secure Boot Security Feature Bypass Vulnerability	No	No	6.8
CVE-2024-38058	BitLocker Security Feature Bypass Vulnerability	No	No	6.8
CVE-2024-38013	Microsoft Windows Server Backup Elevation of Privilege Vulnerability	No	No	6.7
CVE-2024-38049	Windows Distributed Transaction Coordinator Remote Code Execution Vulnerability	No	No	6.6
CVE-2024-38030	Windows Themes Spoofing Vulnerability	No	No	6.5
CVE-2024-38048	Windows Network Driver Interface Specification (NDIS) Denial of Service Vulnerability	No	No	6.5
CVE-2024-38027	Windows Line Printer Daemon Service Denial of Service Vulnerability	No	No	6.5
CVE-2024-38102	Windows Layer-2 Bridge Network Driver Denial of Service Vulnerability	No	No	6.5
CVE-2024-38101	Windows Layer-2 Bridge Network Driver Denial of Service Vulnerability	No	No	6.5
CVE-2024-38105	Windows Layer-2 Bridge Network Driver Denial of Service Vulnerability	No	No	6.5
CVE-2024-38099	Windows Remote Desktop Licensing Service Denial of Service Vulnerability	No	No	5.9
CVE-2024-38055	Microsoft Windows Codecs Library Information Disclosure Vulnerability	No	No	5.5
CVE-2024-38056	Microsoft Windows Codecs Library Information Disclosure Vulnerability	No	No	5.5
CVE-2024-38017	Microsoft Message Queuing Information Disclosure Vulnerability	No	No	5.5
CVE-2024-35270	Windows iSCSI Service Denial of Service Vulnerability	No	No	5.3
CVE-2024-30071	Windows Remote Access Connection Manager Information Disclosure Vulnerability	No	No	4.7

Microsoft Dynamics vulnerabilities

CVE	Title	Exploited?	Publicly disclosed?	CVSSv3 base score
CVE-2024-30061	Microsoft Dynamics 365 (On-Premises) Information Disclosure Vulnerability	No	No	7.3

Microsoft Office vulnerabilities

CVE	Title	Exploited?	Publicly disclosed?	CVSSv3 base score
CVE-2024-38021	Microsoft Office Remote Code Execution Vulnerability	No	No	8.8
CVE-2024-32987	Microsoft SharePoint Server Information Disclosure Vulnerability	No	No	7.5
CVE-2024-38023	Microsoft SharePoint Server Remote Code Execution Vulnerability	No	No	7.2
CVE-2024-38024	Microsoft SharePoint Server Remote Code Execution Vulnerability	No	No	7.2
CVE-2024-38094	Microsoft SharePoint Remote Code Execution Vulnerability	No	No	7.2
CVE-2024-38020	Microsoft Outlook Spoofing Vulnerability	No	No	6.5

SQL Server vulnerabilities

CVE	Title	Exploited?	Publicly disclosed?	CVSSv3 base score
CVE-2024-38088	SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability	No	No	8.8
CVE-2024-38087	SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability	No	No	8.8
CVE-2024-21332	SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability	No	No	8.8
CVE-2024-21333	SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability	No	No	8.8
CVE-2024-21335	SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability	No	No	8.8
CVE-2024-21373	SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability	No	No	8.8
CVE-2024-21398	SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability	No	No	8.8
CVE-2024-21414	SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability	No	No	8.8
CVE-2024-21415	SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability	No	No	8.8
CVE-2024-21428	SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability	No	No	8.8
CVE-2024-37318	SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability	No	No	8.8
CVE-2024-37332	SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability	No	No	8.8
CVE-2024-37331	SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability	No	No	8.8
CVE-2024-35271	SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability	No	No	8.8
CVE-2024-35272	SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability	No	No	8.8
CVE-2024-20701	SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability	No	No	8.8
CVE-2024-21303	SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability	No	No	8.8
CVE-2024-21308	SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability	No	No	8.8
CVE-2024-21317	SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability	No	No	8.8
CVE-2024-21331	SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability	No	No	8.8
CVE-2024-21425	SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability	No	No	8.8
CVE-2024-37319	SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability	No	No	8.8
CVE-2024-37320	SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability	No	No	8.8
CVE-2024-37321	SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability	No	No	8.8
CVE-2024-37322	SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability	No	No	8.8
CVE-2024-37323	SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability	No	No	8.8
CVE-2024-37324	SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability	No	No	8.8
CVE-2024-21449	SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability	No	No	8.8
CVE-2024-37326	SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability	No	No	8.8
CVE-2024-37327	SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability	No	No	8.8
CVE-2024-37328	SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability	No	No	8.8
CVE-2024-37329	SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability	No	No	8.8
CVE-2024-37330	SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability	No	No	8.8
CVE-2024-37333	SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability	No	No	8.8
CVE-2024-37336	SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability	No	No	8.8
CVE-2024-28928	SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability	No	No	8.8
CVE-2024-35256	SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability	No	No	8.8
CVE-2024-37334	Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability	No	No	8.8

System Center vulnerabilities

CVE	Title	Exploited?	Publicly disclosed?	CVSSv3 base score
CVE-2024-38089	Microsoft Defender for IoT Elevation of Privilege Vulnerability	No	No	9.1

Windows vulnerabilities

CVE	Title	Exploited?	Publicly disclosed?	CVSSv3 base score
CVE-2024-38076	Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability	No	No	9.8
CVE-2024-21417	Windows Text Services Framework Elevation of Privilege Vulnerability	No	No	8.8
CVE-2024-30013	Windows MultiPoint Services Remote Code Execution Vulnerability	No	No	8.8
CVE-2024-37981	Secure Boot Security Feature Bypass Vulnerability	No	No	8
CVE-2024-37977	Secure Boot Security Feature Bypass Vulnerability	No	No	8
CVE-2024-37978	Secure Boot Security Feature Bypass Vulnerability	No	No	8
CVE-2024-38062	Windows Kernel-Mode Driver Elevation of Privilege Vulnerability	No	No	7.8
CVE-2024-38080	Windows Hyper-V Elevation of Privilege Vulnerability	Yes	No	7.8
CVE-2024-38100	Windows File Explorer Elevation of Privilege Vulnerability	No	No	7.8
CVE-2024-38059	Win32k Elevation of Privilege Vulnerability	No	No	7.8
CVE-2024-38043	PowerShell Elevation of Privilege Vulnerability	No	No	7.8
CVE-2024-38047	PowerShell Elevation of Privilege Vulnerability	No	No	7.8
CVE-2024-38517	Github: CVE-2024-38517 TenCent RapidJSON Elevation of Privilege Vulnerability	No	No	7.8
CVE-2024-38078	Xbox Wireless Adapter Remote Code Execution Vulnerability	No	No	7.5
CVE-2024-38072	Windows Remote Desktop Licensing Service Denial of Service Vulnerability	No	No	7.5
CVE-2024-38032	Microsoft Xbox Remote Code Execution Vulnerability	No	No	7.1
CVE-2024-38069	Windows Enroll Engine Security Feature Bypass Vulnerability	No	No	7
CVE-2024-26184	Secure Boot Security Feature Bypass Vulnerability	No	No	6.8
CVE-2024-37985	Arm: CVE-2024-37985 Systematic Identification and Characterization of Proprietary Prefetchers	No	Yes	5.9
CVE-2024-38041	Windows Kernel Information Disclosure Vulnerability	No	No	5.5

Source: Rapid7
Source Link: https://blog.rapid7.com/2024/07/09/patch-tuesday-july-2024/