Microsoft July 2024 Security Updates

Discussion in 'update alerts' started by NICK ADSL UK, Jul 9, 2024.

Thread Status:
Not open for further replies.
  1. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,508
    Location:
    UK
    July 2024 Security Updates
    This release consists of the following 139 Microsoft CVEs:

    Tag
    CVE Base Score CVSS Vector Exploitability FAQs? Workarounds? Mitigations?

    SQL Server CVE-2024-20701
    SQL Server CVE-2024-21303
    SQL Server CVE-2024-21308
    SQL Server CVE-2024-21317
    SQL Server CVE-2024-21331
    SQL Server CVE-2024-21332
    SQL Server CVE-2024-21333
    SQL Server CVE-2024-21335
    SQL Server CVE-2024-21373
    SQL Server CVE-2024-21398
    SQL Server CVE-2024-21414
    SQL Server CVE-2024-21415
    Windows CoreMessaging CVE-2024-21417
    SQL Server CVE-2024-21425
    SQL Server CVE-2024-21428
    SQL Server CVE-2024-21449
    Windows Secure Boot CVE-2024-26184
    Windows Secure Boot CVE-2024-28899
    SQL Server CVE-2024-28928
    Windows MultiPoint Services CVE-2024-30013
    Microsoft Dynamics CVE-2024-30061
    Windows Remote Access Connection Manager CVE-2024-30071
    Windows Remote Access Connection Manager CVE-2024-30079
    Windows NTLM CVE-2024-30081
    Windows Cryptographic Services CVE-2024-30098
    .NET and Visual Studio CVE-2024-30105
    Microsoft Office SharePoint CVE-2024-32987
    SQL Server CVE-2024-35256
    Azure Network Watcher CVE-2024-35261
    .NET and Visual Studio CVE-2024-35264
    Azure DevOps CVE-2024-35266
    Azure DevOps CVE-2024-35267
    Windows iSCSI CVE-2024-35270
    SQL Server CVE-2024-35271
    SQL Server CVE-2024-35272
    SQL Server CVE-2024-37318
    SQL Server CVE-2024-37319
    SQL Server CVE-2024-37320
    SQL Server CVE-2024-37321
    SQL Server CVE-2024-37322
    SQL Server CVE-2024-37323
    SQL Server CVE-2024-37324
    SQL Server CVE-2024-37326
    SQL Server CVE-2024-37327
    SQL Server CVE-2024-37328
    SQL Server CVE-2024-37329
    SQL Server CVE-2024-37330
    SQL Server CVE-2024-37331
    SQL Server CVE-2024-37332
    SQL Server CVE-2024-37333
    SQL Server CVE-2024-37334
    SQL Server CVE-2024-37336
    Windows Secure Boot CVE-2024-37969
    Windows Secure Boot CVE-2024-37970
    Windows Secure Boot CVE-2024-37971
    Windows Secure Boot CVE-2024-37972
    Windows Secure Boot CVE-2024-37973
    Windows Secure Boot CVE-2024-37974
    Windows Secure Boot CVE-2024-37975
    Windows Secure Boot CVE-2024-37977
    Windows Secure Boot CVE-2024-37978
    Windows Secure Boot CVE-2024-37981
    Windows Secure Boot CVE-2024-37984
    Windows Secure Boot CVE-2024-37986
    Windows Secure Boot CVE-2024-37987
    Windows Secure Boot CVE-2024-37988
    Windows Secure Boot CVE-2024-37989
    Windows Secure Boot CVE-2024-38010
    Windows Secure Boot CVE-2024-38011
    Windows Server Backup CVE-2024-38013
    Windows Remote Desktop CVE-2024-38015
    Windows Message Queuing CVE-2024-38017
    Windows Performance Monitor CVE-2024-38019
    Microsoft Office Outlook CVE-2024-38020
    Microsoft Office CVE-2024-38021
    Windows Image Acquisition CVE-2024-38022
    Microsoft Office SharePoint CVE-2024-38023
    Microsoft Office SharePoint CVE-2024-38024
    Windows Performance Monitor CVE-2024-38025
    Line Printer Daemon Service (LPD) CVE-2024-38027
    Windows Performance Monitor CVE-2024-38028
    Windows Themes CVE-2024-38030
    Windows Online Certificate Status Protocol (OCSP) CVE-2024-38031
    XBox Crypto Graphic Services CVE-2024-38032
    Windows PowerShell CVE-2024-38033
    Windows Filtering CVE-2024-38034
    Windows Kernel CVE-2024-38041
    Windows PowerShell CVE-2024-38043
    Windows DHCP Server CVE-2024-38044
    Windows PowerShell CVE-2024-38047
    NDIS CVE-2024-38048
    Windows Distributed Transaction Coordinator CVE-2024-38049
    Windows Workstation Service CVE-2024-38050
    Microsoft Graphics Component CVE-2024-38051
    Microsoft Streaming Service CVE-2024-38052
    Windows Internet Connection Sharing (ICS) CVE-2024-38053
    Microsoft Streaming Service CVE-2024-38054
    Microsoft Windows Codecs Library CVE-2024-38055
    Microsoft Windows Codecs Library CVE-2024-38056
    Microsoft Streaming Service CVE-2024-38057
    Windows BitLocker CVE-2024-38058
    Windows Win32K - ICOMP CVE-2024-38059
    Microsoft Windows Codecs Library CVE-2024-38060
    Role: Active Directory Certificate Services; Active Directory Domain Services CVE-2024-38061
    Windows Kernel-Mode Drivers CVE-2024-38062
    Windows TCP/IP CVE-2024-38064
    Windows Secure Boot CVE-2024-38065
    Windows Win32K - GRFX CVE-2024-38066
    Windows Online Certificate Status Protocol (OCSP) CVE-2024-38067
    Windows Online Certificate Status Protocol (OCSP) CVE-2024-38068
    Windows Enroll Engine CVE-2024-38069
    Windows LockDown Policy (WLDP) CVE-2024-38070
    Windows Remote Desktop Licensing Service CVE-2024-38071
    Windows Remote Desktop Licensing Service CVE-2024-38072
    Windows Remote Desktop Licensing Service CVE-2024-38073
    Windows Remote Desktop Licensing Service CVE-2024-38074
    Active Directory Federation Services CVE-2024-38075
    Windows Remote Desktop CVE-2024-38076
    Windows Remote Desktop Licensing Service CVE-2024-38077
    XBox Crypto Graphic Services CVE-2024-38078
    Microsoft Graphics Component CVE-2024-38079
    Role: Windows Hyper-V CVE-2024-38080
    .NET and Visual Studio CVE-2024-38081
    Windows Win32 Kernel Subsystem CVE-2024-38085
    Azure Kinect SDK CVE-2024-38086
    SQL Server CVE-2024-38087
    SQL Server CVE-2024-38088
    Microsoft Defender for IoT CVE-2024-38089
    Microsoft WS-Discovery CVE-2024-38091
    Azure CycleCloud CVE-2024-38092
    Microsoft Office SharePoint CVE-2024-38094
    .NET and Visual Studio CVE-2024-38095
    Windows Remote Desktop Licensing Service CVE-2024-38099
    Windows COM Session CVE-2024-38100
    Windows Internet Connection Sharing (ICS) CVE-2024-38101
    Windows Internet Connection Sharing (ICS) CVE-2024-38102
    Windows Fax and Scan Service CVE-2024-38104
    Windows Internet Connection Sharing (ICS) CVE-2024-38105
    Windows MSHTML Platform CVE-2024-38112

    We are republishing 4 non-Microsoft CVEs:
    CNA
    Tag CVE FAQs? Workarounds? Mitigations?
    CERT/CC NPS RADIUS Server CVE-2024-3596 Yes No No
    Intel Intel CVE-2024-37985 Yes No No
    GitHub Active Directory Rights Management Services CVE-2024-38517 Yes No No
    Github Active Directory Rights Management Services CVE-2024-39684 Yes No No

    Security Update Guide Blog Posts
    Date
    Blog Post
    June 27, 2024 Toward greater transparency: Unveiling Cloud Service CVEs
    April 9, 2024 Toward greater transparency: Security Update Guide now shares CWEs for CVEs
    January 6, 2023 Publishing CBL-Mariner CVEs on the Security Update Guide CVRF API
    January 11, 2022 Coming Soon: New Security Update Guide Notification System
    February 9, 2021 Continuing to Listen: Good News about the Security Update Guide API
    January 13, 2021 Security Update Guide Supports CVEs Assigned by Industry Partners
    December 8, 2020 Security Update Guide: Let’s keep the conversation going
    November 9, 2020 Vulnerability Descriptions in the New Version of the Security Update Guide

    Relevant Resources
    • The new Hotpatching feature is now generally available. Please see Hotpatching feature for Windows Server Azure Edition virtual machines (VMs) for more information.
    • Windows 10 and Windows 11 updates are cumulative. The monthly security release includes all security fixes for vulnerabilities that affect Windows 10 and Windows 11, in addition to non-security updates. The updates are available via the Microsoft Update Catalog. For information on lifecycle and support dates for Windows 10 and Windows 11 operating systems, please see Windows Lifecycle Facts Sheet.
    • Microsoft is improving Windows Release Notes. For more information, please see What's next for Windows release notes.
    • A list of the latest servicing stack updates for each operating system can be found in ADV990001. This list will be updated whenever a new servicing stack update is released. It is important to install the latest servicing stack update.
    • In addition to security changes for the vulnerabilities, updates include defense-in-depth updates to help improve security-related features.
    • Customers running Windows Server 2008 R2, or Windows Server 2008 need to purchase the Extended Security Update to continue receiving security updates. See 4522133 for more information.
    Known Issues
    You can see these in more detail from the Deployments tab by selecting Known Issues column in the Edit Columns panel.

    For more information about Windows Known Issues, please see Windows message center (links to currently-supported versions of Windows are in the left pane).

    KB Article Applies To
    5040427 Windows 10, version 21H2, Windows 10, version 22H2
    5040430 Windows 10, version 1809, Windows Server 2019
    5040431 Windows 11, version 21H2
    5040437 Windows Server 2022
    5040442 Windows 11, version 22H2, Windows 11, version 23H2
    5040490 Windows Server 2008 (Security-only update)
    5040499 Windows Server 2008 (Monthly Rollup)

    Released: Jul 9, 2024
    July 2024 Security Updates - Release Notes - Security Update Guide - Microsoft
     
  2. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,508
    Location:
    UK
    CVEs have been published or revised in the Security Update Guide
    July 10, 2024

    These common vulnerabilities and exposures (CVEs) were recently published or revised in the Microsoft Security Update Guide:

    CVE-2024-30098

    · Title: Windows Cryptographic Services Security Feature Bypass Vulnerability

    · Version: 1.1

    · Reason for revision: Added FAQ to explain how this vulnerability is being addressed and further actions customers must take to be protected from it. This is an informational change only.

    · Originally released: July 9, 2024

    · Last updated: July 10, 2024

    Aggregate CVE Severity Rating: Important
     
  3. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,508
    Location:
    UK
    CVEs have been published or revised in the Security Update Guide
    July 12, 2024

    These common vulnerabilities and exposures (CVEs) were recently published or revised in the Microsoft Security Update Guide:

    CVE-2024-6387

    · Title: RedHat Openssh: CVE-2024-6387 Remote Code Execution Due To A Race Condition In Signal Handling

    · Version: 1.0

    · Reason for revision: Information published.

    · Originally released: July 12, 2024

    · Last updated: July 12, 2024

    Aggregate CVE Severity Rating:
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.