This video is a summary of security updates released by Microsoft on July 9th, 2024.
Key Takeaways#
Here are the key points in brevity:
- There are
142newly published vulnerabilities in todayβs release, which is higher than the average over the past 13 months. - The highest scored vulnerability from today’s set is 9.8 on a scale of 10.
- There were two vulnerabilities (
CVE-2024-38080andCVE-2024-38112) that were publicly disclosed prior to release and two vulnerabilities known to be exploited at the time of release. - A specific reason for the high number of vulnerabilities and the high average CVSS score is the 37 vulnerabilities in the SQL Server drivers.
- Microsoft is changing the way they document CVEs going forward. They will now be publishing CVEs for vulnerabilities that require no customer action.
Patch Tuesday#
$ ./patch_tuesday.py -k 2024-jul -vc
_____ _ _ _____ _
| _ |___| |_ ___| |_ |_ _|_ _ ___ ___ _| |___ _ _
| __| .'| _| _| | | | | | | -_|_ -| . | .'| | |
|__| |__,|_| |___|_|_| |_| |___|___|___|___|__,|_ |
|___|
[*] Finish fetching [2,435,964 bytes] from https://api.msrc.microsoft.com/cvrf/v3.0/cvrf/2024-jul
Microsoft Patch Tuesday - By MSRC
===============================================
<< July 2024 Security Updates [ 2024-07-09 ] >>
[+] Vulnerabilities : [ 155 ]
[-] High_Severity : [ 51 ]
[-] High_likelihood : [ 14 ]
[-] Exploited in_wild : [ 2 ]
[+] Product Families : [ 8 ]
High_Severity/51
ββββββββββββββββββ³ββββββββββββ³ββββββββββββββββ³βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β CVE β CVSS_Base β CVSS_Temporal β Title_Value β
β‘ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ©
β CVE-2017-17522 β 8.8 β 8.8 β <> β
β CVE-2024-21417 β 8.8 β 7.7 β Windows Text Services Framework Elevation of Privilege Vulnerability β
β CVE-2024-28899 β 8.8 β 7.7 β Secure Boot Security Feature Bypass Vulnerability β
β CVE-2024-38088 β 8.8 β 7.7 β SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability β
β CVE-2024-38087 β 8.8 β 7.7 β SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability β
β CVE-2024-21332 β 8.8 β 7.7 β SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability β
β CVE-2024-21333 β 8.8 β 7.7 β SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability β
β CVE-2024-21335 β 8.8 β 7.7 β SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability β
β CVE-2024-21373 β 8.8 β 7.7 β SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability β
β CVE-2024-21398 β 8.8 β 7.7 β SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability β
β CVE-2024-21414 β 8.8 β 7.7 β SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability β
β CVE-2024-21415 β 8.8 β 7.7 β SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability β
β CVE-2024-21428 β 8.8 β 7.7 β SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability β
β CVE-2024-37318 β 8.8 β 7.7 β SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability β
β CVE-2024-37332 β 8.8 β 7.7 β SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability β
β CVE-2024-37331 β 8.8 β 7.7 β SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability β
β CVE-2024-38060 β 8.8 β 7.7 β Windows Imaging Component Remote Code Execution Vulnerability β
β CVE-2024-38077 β 9.8 β 8.5 β Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability β
β CVE-2024-38104 β 8.8 β 7.7 β Windows Fax Service Remote Code Execution Vulnerability β
β CVE-2024-30013 β 8.8 β 7.7 β Windows MultiPoint Services Remote Code Execution Vulnerability β
β CVE-2024-35271 β 8.8 β 7.7 β SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability β
β CVE-2024-35272 β 8.8 β 7.7 β SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability β
β CVE-2024-20701 β 8.8 β 7.7 β SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability β
β CVE-2024-21303 β 8.8 β 7.7 β SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability β
β CVE-2024-21308 β 8.8 β 7.7 β SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability β
β CVE-2024-21317 β 8.8 β 7.7 β SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability β
β CVE-2024-21331 β 8.8 β 7.7 β SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability β
β CVE-2024-21425 β 8.8 β 7.7 β SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability β
β CVE-2024-37319 β 8.8 β 7.7 β SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability β
β CVE-2024-37320 β 8.8 β 7.7 β SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability β
β CVE-2024-37321 β 8.8 β 7.7 β SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability β
β CVE-2024-37322 β 8.8 β 7.7 β SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability β
β CVE-2024-37323 β 8.8 β 7.7 β SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability β
β CVE-2024-37324 β 8.8 β 7.7 β SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability β
β CVE-2024-21449 β 8.8 β 7.7 β SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability β
β CVE-2024-37326 β 8.8 β 7.7 β SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability β
β CVE-2024-37327 β 8.8 β 7.7 β SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability β
β CVE-2024-37328 β 8.8 β 7.7 β SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability β
β CVE-2024-37329 β 8.8 β 7.7 β SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability β
β CVE-2024-37330 β 8.8 β 7.7 β SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability β
β CVE-2024-37334 β 8.8 β 7.7 β Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability β
β CVE-2024-37333 β 8.8 β 7.7 β SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability β
β CVE-2024-37336 β 8.8 β 7.7 β SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability β
β CVE-2024-28928 β 8.8 β 7.7 β SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability β
β CVE-2024-35256 β 8.8 β 7.7 β SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability β
β CVE-2024-38021 β 8.8 β 7.7 β Microsoft Office Remote Code Execution Vulnerability β
β CVE-2024-38053 β 8.8 β 7.7 β Windows Layer-2 Bridge Network Driver Remote Code Execution Vulnerability β
β CVE-2024-38074 β 9.8 β 8.5 β Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability β
β CVE-2024-38076 β 9.8 β 8.5 β Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability β
β CVE-2024-38089 β 9.1 β 7.9 β Microsoft Defender for IoT Elevation of Privilege Vulnerability β
β CVE-2024-38092 β 8.8 β 7.9 β Azure CycleCloud Elevation of Privilege Vulnerability β
ββββββββββββββββββ΄ββββββββββββ΄ββββββββββββββββ΄βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
High_Likelihood/14
ββββββββββββββββββ³ββββββββββββ³ββββββββββββββββ³βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β CVE β CVSS_Base β CVSS_Temporal β Title_Value β
β‘ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ©
β CVE-2024-38023 β 7.2 β 6.3 β Microsoft SharePoint Server Remote Code Execution Vulnerability β
β CVE-2024-38024 β 7.2 β 6.3 β Microsoft SharePoint Server Remote Code Execution Vulnerability β
β CVE-2024-38054 β 7.8 β 6.8 β Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability β
β CVE-2024-38059 β 7.8 β 6.8 β Win32k Elevation of Privilege Vulnerability β
β CVE-2024-38060 β 8.8 β 7.7 β Windows Imaging Component Remote Code Execution Vulnerability β
β CVE-2024-38085 β 7.8 β 6.8 β Windows Graphics Component Elevation of Privilege Vulnerability β
β CVE-2024-38100 β 7.8 β 6.8 β Windows File Explorer Elevation of Privilege Vulnerability β
β CVE-2024-38021 β 8.8 β 7.7 β Microsoft Office Remote Code Execution Vulnerability β
β CVE-2024-38052 β 7.8 β 6.8 β Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability β
β CVE-2024-38066 β 7.8 β 6.8 β Windows Win32k Elevation of Privilege Vulnerability β
β CVE-2024-38079 β 7.8 β 6.8 β Windows Graphics Component Elevation of Privilege Vulnerability β
β CVE-2024-38094 β 7.2 β 6.3 β Microsoft SharePoint Remote Code Execution Vulnerability β
β CVE-2024-38099 β 5.9 β 5.2 β Windows Remote Desktop Licensing Service Denial of Service Vulnerability β
β CVE-2024-39684 β 7.8 β 6.8 β Github: CVE-2024-39684 TenCent RapidJSON Elevation of Privilege Vulnerability β
ββββββββββββββββββ΄ββββββββββββ΄ββββββββββββββββ΄βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
Exploited_in_Wild/2
ββββββββββββββββββ³ββββββββββββ³ββββββββββββββββ³βββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β CVE β CVSS_Base β CVSS_Temporal β Title_Value β
β‘ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ©
β CVE-2024-38080 β 7.8 β 6.8 β Windows Hyper-V Elevation of Privilege Vulnerability β
β CVE-2024-38112 β 7.5 β 7.0 β Windows MSHTML Platform Spoofing Vulnerability β
ββββββββββββββββββ΄ββββββββββββ΄ββββββββββββββββ΄βββββββββββββββββββββββββββββββββββββββββββββββββββββββ
[+] Product Families (8)
Developer Tools βββββββββββββββββββββββ 77
Azure βββββββββ 29
Windows ββββββββ 26
Microsoft Office ββββ 13
ESU βββ 10
SQL Server βββ 10
Microsoft Dynamics β 1
System Center β 1
[*] "July 2024 Security Updates" (Rev 20)
[-] Initial Release date: 2024-07-09T07:00:00
[-] Current Release date: 2024-07-09T00:00:00
[*] [2024-07-10] main(): Completed within [6.8730 sec].