Microsoft have released a security advisory on the 10th of July 2024 in line with their regular monthly patch schedule which includes a number of updates to address one (1) high risk and seven (7) medium risk vulnerabilities.
The vulnerabilities could be exploited by attackers to conduct Information Disclosure, Elevation of Privilege, Security Restriction Bypass, Spoofing, Denial of Service and Remote Code Execution.
For more information please see: Microsoft Security Update
This release consists of security updates for the following products, features and roles:
- .NET and Visual Studio
- Active Directory Federation Services
- Azure CycleCloud
- Azure DevOps
- Azure Kinect SDK
- Azure Network Watcher
- Line Printer Daemon Service (LPD)
- Microsoft Defender for IoT
- Microsoft Dynamics
- Microsoft Graphics Component
- Microsoft Office
- Microsoft Office Outlook
- Microsoft Office SharePoint
- Microsoft Streaming Service
- Microsoft Windows Codecs Library
- Microsoft WS-Discovery
- NDIS
- Role: Active Directory Certificate Services; Active Directory Domain Services
- Role: Windows Hyper-V
- SQL Server
- Windows BitLocker
- Windows COM Session
- Windows CoreMessaging
- Windows Cryptographic Services
- Windows DHCP Server
- Windows Distributed Transaction Coordinator
- Windows Enroll Engine
- Windows Fax and Scan Service
- Windows Filtering
- Windows Image Acquisition
- Windows Internet Connection Sharing (ICS)
- Windows iSCSI
- Windows Kernel
- Windows Kernel-Mode Drivers
- Windows LockDown Policy (WLDP)
- Windows Message Queuing
- Windows MSHTML Platform
- Windows MultiPoint Services
- Windows NTLM
- Windows Online Certificate Status Protocol (OCSP)
- Windows Performance Monitor
- Windows PowerShell
- Windows Remote Access Connection Manager
- Windows Remote Desktop
- Windows Remote Desktop Licensing Service
- Windows Secure Boot
- Windows Server Backup
- Windows TCP/IP
- Windows Themes
- Windows Win32 Kernel Subsystem
- Windows Win32K - GRFX
- Windows Win32K - ICOMP
- Windows Workstation Service
- XBox Crypto Graphic Services
CVE-2024-38080 is being exploited in the wild and if fully exploited this vulnerability could gain SYSTEM privileges.
CVE-2024-38112 is being exploited in the wild and can be exploited to perform spoofing on Windows MSHTML platform.
Matsco recommends any affected systems are updated as soon as convenient.
Please contact the Matsco Solutions team on the below if you would like any further information or would like to schedule a maintenance.
support@matscosolutions.com
Beijing +86 400 120 2782
Hong Kong +852 8101 8418
London +44 (0)20 7821 4950
New York +1 866 446 9226
Singapore +65 6100 1090