CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
97.9%
July's Patch Tuesday brings a midsummer wave of updates, addressing critical vulnerabilities and enhancing security across the Microsoft ecosystem. Let's discover the highlights from Microsoft's Patch Tuesday updates for July 2024.
Microsoft Patch Tuesday's July 2024 edition addressed 142vulnerabilities, including five critical and134 important severity vulnerabilities. In this month's security updates, Microsoft has addressed fourzero-day vulnerabilities known to be exploited in the wild. Microsoft did not address any** **vulnerabilities in Microsoft Edge (Chromium-based).
Microsoft Patch Tuesday, July edition includes updates for vulnerabilities in Microsoft Office and Components, .NET and Visual Studio, Windows Kernel, Windows DHCP Server, Windows TCP/IP, Windows Internet Connection Sharing (ICS), Microsoft Streaming Service, Windows Hyper-V, Microsoft Windows Codecs Library, and more.
Microsoft has fixed several flaws in multiple software, including Spoofing, Denial of Service (DoS), Elevation of Privilege (EoP), Information Disclosure, Security Feature Bypass, and Remote Code Execution (RCE).
The July 2024 Microsoft vulnerabilities are classified as follows:
Vulnerability Category | Quantity | Severities |
---|---|---|
Spoofing Vulnerability | 7 | Important: 7 |
Denial of Service Vulnerability | 17 | Important: 17 |
Elevation of Privilege Vulnerability | 26 | Important: 26 |
Information Disclosure Vulnerability | 9 | Important: 9 |
Remote Code Execution Vulnerability | 59 | Critical: 5 |
Important: 54 | ||
Security Feature Bypass Vulnerability | 24 | Important: 24 |
Adobe has releasedthree security advisories to addressseven vulnerabilities in Adobe Premiere Pro, Adobe InDesign, and Adobe Bridge. Six vulnerabilities are given critical severity ratings. Successful exploitation of these vulnerabilities may lead to arbitrary code execution.
Windows MSHTML is a browser engine that renders web pages frequently connected to Internet Explorer. Even though the Internet Explorer (IE) 11 desktop application has reached the end of support, MSHTML vulnerabilities are still relevant today and are being patched by Microsoft.
An attacker must send the victim a malicious file and convince the victim to execute it.
CISA acknowledged the active exploitation of CVE-2024-38112 by adding it to its Known Exploited Vulnerabilities Catalog and requesting users patch the flaw before July 30, 2024.
An attacker must win a race condition to exploit the vulnerability. An attacker may exploit this vulnerability by closing an http/3 stream while the request body is being processed, leading to a race condition. Successful exploitation of the vulnerability may allow an attacker to perform remote code execution on target systems.
An attacker must take additional actions before exploitation to successfully prepare the target environment to exploit the vulnerability. On successful exploitation, an attacker may view heap memory from a privileged process running on the server.
Windows Hyper-V allows hardware virtualization. IT professionals and software developers use virtualization to test software on multiple operating systems. Hyper-V enables working professionals to perform these tasks smoothly. With the help of Hyper-V, one can create virtual hard drives, virtual switches, and numerous different virtual devices, all of which can be added to virtual machines.
Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges.
CISA acknowledged the active exploitation of CVE-2024-38080 by adding it to its Known Exploited Vulnerabilities Catalog and requesting users patch the flaw before July 30, 2024.
Microsoft SharePoint is a web-based document management and collaboration platform that helps share files, data, news, and resources. The application transforms business processes by providing simple sharing and seamless collaboration.
An authenticated attacker with Site Owner permissions may exploit the vulnerability by uploading a specially crafted file to the targeted SharePoint Server and crafting specialized API requests to trigger the deserialization of the file's parameters. This would enable the attacker to execute remote code in the SharePoint Server context.
The Microsoft Windows Codecs Library is a collection of codecs that Windows Media Player and other apps use to play and create media files. Codecs can comprise two parts: an encoder that compresses the media file and a decoder that decompresses it.
An authenticated attacker may exploit the vulnerability by uploading a malicious TIFF file to a server.
Windows Remote Desktop Services (RDS) licensing, also known as Remote Desktop Protocol (RDP) licensing, is a Windows component allowing users to control a remote computer over a network connection. RDS licensing is important when setting up RDS environments, and the Remote Desktop License Server is a critical element of this process.
An unauthenticated attacker could connect to the Remote Desktop Licensing Service and send a malicious message that may lead to remote code execution.
An attacker may send a specially crafted packet to a server set up as a Remote Desktop Licensing server. Successful exploitation of the vulnerability may lead to remote code execution.
This month's release notes cover multiple Microsoft product families and products/versions affected, including, but not limited to, Windows Remote Desktop, Windows Message Queuing, Windows Performance Monitor, Microsoft Office Outlook, Microsoft Office, Windows Image Acquisition, Line Printer Daemon Service (LPD), Windows Themes, Windows Online Certificate Status Protocol (OCSP), XBox Crypto Graphic Services, Windows PowerShell, Windows Filtering, , NDIS, Windows Distributed Transaction Coordinator, Windows Workstation Service, Microsoft Graphics Component, Windows BitLocker, Windows Win32K - ICOMP, Active Directory Certificate Services, Active Directory Domain Services, Windows Kernel-Mode Drivers, Windows Win32K - GRFX, Windows Enroll Engine, Windows LockDown Policy (WLDP), Windows Remote Desktop Licensing Service, Active Directory Federation Services, Windows Win32 Kernel Subsystem, Azure Kinect SDK, Microsoft Defender for IoT, Microsoft WS-Discovery, Azure CycleCloud, Windows COM Session, Windows Fax and Scan Service, Windows MSHTML Platform, NPS RADIUS Server, Intel, and Active Directory Rights Management Services.
Qualys VMDR automatically detects new Patch Tuesday vulnerabilities using continuous updates to its Knowledgebase (KB).
You can see all your impacted hosts by these vulnerabilities using the following QQL query:
_vulnerabilities.vulnerability: ( qid:`110470` OR qid:`110471` OR qid:`110472` OR qid:`380159` OR qid:`380160` OR qid:`92148` OR qid:`92149` OR qid:`92150` OR qid:`92151` OR qid:`92152` OR qid:`92153` )_
VMDR rapidly remediates Windows hosts by deploying the most relevant and applicable per-technology version patches. You can simply select respective QIDs in the Patch Catalog and filter on the “Missing” patches to identify and deploy the applicable, available patches with one click.
The following QQL will return the missing patches for this Patch Tuesday:
_( qid:`110470` OR qid:`110471` OR qid:`110472` OR qid:`380159` OR qid:`380160` OR qid:`92148` OR qid:`92149` OR qid:`92150` OR qid:`92151` OR qid:`92152` OR qid:`92153` )_
With Qualys Policy Compliance’s Out-of-the-Box Mitigation or Compensatory Controls reduce the risk of a vulnerability being exploited because the remediation (fix/patch) cannot be done now, these security controls are not recommended by any industry standards such as CIS, DISA-STIG.
Qualys Policy Compliance team releases these exclusive controls based on Vendor-suggested Mitigation/Workaround.
Mitigation refers to a setting, common configuration, or general best practice, existing in a default state, that could reduce the severity of exploitation of a vulnerability.
A workaround is a method, sometimes used temporarily, for achieving a task or goal when the usual or planned method isn’t working. Information technology often uses a workaround to overcome hardware, programming, or communication problems. Once a problem is fixed, a workaround is usually abandoned.
The following Qualys Policy Compliance Control IDs (CIDs), and System Defined Controls (SDC) have been updated to support Microsoft recommended mitigation(s) for this Patch Tuesday:
This vulnerability has a CVSS:3.1 7.5 / 6.5
Policy Compliance Control IDs (CIDs):
The following QQL will return a posture assessment for the CIDs for this Patch Tuesday:
control.id: [24842]
This vulnerability has a CVSS:3.1 9.8 / 8.5
Policy Compliance Control IDs (CIDs):
The following QQL will return a posture assessment for the CIDs for this Patch Tuesday:
control.id: [9786]
This vulnerability has a CVSS:3.1 9.8 / 8.5
Policy Compliance Control IDs (CIDs):
The following QQL will return a posture assessment for the CIDs for this Patch Tuesday:
control.id: [9786]
This vulnerability has a CVSS:3.1 9.8 / 8.5
Policy Compliance Control IDs (CIDs):
The following QQL will return a posture assessment for the CIDs for this Patch Tuesday:
control.id: [9786]
This vulnerability has a CVSS:3.1 6.5 / 5.7
Policy Compliance Control IDs (CIDs):
The following QQL will return a posture assessment for the CIDs for this Patch Tuesday:
control.id: [8243, 8230]
The next Patch Tuesday falls on August 13, and we'll be back with details and patch analysis. Until next Patch Tuesday, stay safe and secure. Be sure to subscribe to the 'This Month in Vulnerabilities and Patch's webinar.'
The Qualys Research team hosts a monthly webinar series to help our existing customers leverage the seamless integration between Qualys Vulnerability Management Detection Response (VMDR) and Qualys Patch Management. Combining these two solutions can reduce the median time to remediate critical vulnerabilities.
During the webcast, we will discuss this month's high-impact vulnerabilities, including those that are a part of this month's Patch Tuesday alert. We will walk you through the necessary steps to address the key vulnerabilities using Qualys VMDR and Qualys Patch Management.
Join the webinar
This Month in Vulnerabilities & Patches
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
97.9%