Microsoft’s July 2024 Patch Tuesday Addresses 138 CVEs

On July 9, Microsoft released its July 2024 Patch Tuesday release which patched 138 CVEs with five rated as critical, 132 rated as important and one rated moderate.

This month’s release included patches for three zero-day vulnerabilities, two of which were exploited in the wild. CVE-2024-38080 is an Elevation of Privilege (EoP) vulnerability affecting Microsoft Windows Hyper-V virtualization. The second zero-day vulnerability is CVE-2024-38112, a spoofing vulnerability in Windows MSHTML. CVE-2024-38112 was disclosed to Microsoft by Haifei Li of Check Point Research. At the time this blog post was published, no further details about in-the-wild exploitation were available. However, we anticipate further details will be made public soon. The final zero-day vulnerability is CVE-2024-35264, a remote code execution vulnerability affecting .NET and Visual Studio. While this flaw was not exploited in the wild, details about the vulnerability were made public prior to a patch being available.

This month’s update includes patches for:

• .NET and Visual Studio
• Active Directory Federation Services
• Azure CycleCloud
• Azure DevOps
• Azure Kinect SDK
• Azure Network Watcher
• Line Printer Daemon Service (LPD)
• Microsoft Defender for IoT
• Microsoft Dynamics
• Microsoft Graphics Component
• Microsoft Office
• Microsoft Office Outlook
• Microsoft Office SharePoint
• Microsoft Streaming Service
• Microsoft WS-Discovery
• Microsoft Windows Codecs Library
• Microsoft WS-Discovery
• NDIS
• Role: Active Directory Certificate Services; Active Directory Domain Services
• Role: Windows Hyper-V
• SQL Server
• Windows BitLocker
• Windows COM Session
• Windows CoreMessaging
• Windows Cryptographic Services
• Windows DHCP Server
• Windows Distributed Transaction Coordinator
• Windows Enroll Engine
• Windows Fax and Scan Service
• Windows Filtering
• Windows Image Acquisition
• Windows Internet Connection Sharing (ICS)
• Windows iSCSI
• Windows Kernel
• Windows Kernel-Mode Drivers
• Windows LockDown Policy (WLDP)
• Windows Message Queuing
• Windows MSHTML Platform
• Windows MultiPoint Services
• Windows NTLM
• Windows Online Certificate Status Protocol (OCSP)
• Windows Performance Monitor
• Windows PowerShell
• Windows Remote Access Connection Manager
• Windows Remote Desktop
• Windows Remote Desktop Licensing Service
• Windows Secure Boot
• Windows Server Backup
• Windows TCP/IP
• Windows Themes
• Windows Win32 Kernel Subsystem
• Windows Win32K - GRFX
• Windows Win32K - ICOMP
• Windows Workstation Service
• XBox Crypto Graphic Services

For more information, please visit our blog.