Microsoft’s Security Update in July of High-Risk Vulnerabilities in Multiple Products
2024-7-12 15:59:9 Author: securityboulevard.com(查看原文) 阅读量:8 收藏

Overview

On July 10, NSFOCUS CERT detected that Microsoft released a security update patch for July, which fixed 139 security issues involving Windows, Microsoft SQL Server, Microsoft Office, Azure and other widely used products, including high-risk vulnerabilities such as privilege escalation and remote code execution.

Among the vulnerabilities fixed in Microsoft’s monthly update this month, 5 are critical and 132 are important. These include 2 exploitable vulnerabilities:

Windows Hyper-V privilege escalation vulnerability (CVE-2024-38080)

Windows MSHTML Platform Spoofing Vulnerability (CVE-2024-38112)

Please update patches for protection as soon as possible. For a complete list of vulnerabilities, see the appendix.

Reference link: https://msrc.microsoft.com/update-guide/releaseNote/2024-Jul

Key Vulnerabilities

Screen out the vulnerabilities with great impact in this update according to product popularity and vulnerability importance. Please pay attention to them:

Microsoft SharePoint Server Remote Code Execution Vulnerability (CVE-2024-38023/CVE-2024-38024/CVE-2024-38094):

Multiple remote code execution vulnerabilities are present in Microsoft SharePoint Server due to insecure input validation when processing serialized data within the Microsoft SharePoint Server. An attacker with site owner privileges or higher can execute arbitrary code in the context of SharePoint Server by uploading specially crafted files to the target SharePoint Server and making specialized API requests that trigger deserialization of file parameters.

Official Announcement Link:

https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-38023

https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-38024

https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-38094

Remote Code Execution Vulnerability of Windows Imaging Component (CVE-2024-38060):

The Windows Imaging component has a remote code execution vulnerability. Due to the buffer overflow issue in the Windows Imaging component, an attacker with ordinary user rights can upload malicious TIFF files to the server and execute arbitrary code on the target system.

Official Announcement Link:

https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-38060

Remote code execution vulnerability of Windows remote desktop authorization service (CVE-2024-38074/CVE-2024-38076/CVE-2024-38077):

CVE-2024-38074: The Windows Remote Desktop Authorization Service has a remote code execution vulnerability. Due to integer underflow or wrapback issues in the Windows Remote Desktop Authorization Service, unauthenticated attackers can send special packets to the server set as the remote desktop authorization server, triggering integer underflow and executing arbitrary codes on the target system.

CVE-2024-38076/CVE-2024-38077: The Windows remote desktop authorization service has multiple remote code execution vulnerabilities. Due to the heap-based buffer overflow in the Windows remote desktop authorization service, unauthenticated attackers can send special packets to the server set as the remote desktop authorization server, triggering the buffer overflow and executing arbitrary codes on the target system.

Official Announcement Link:

https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-38074

https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-38076

https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-38077

Windows Hyper-V privilege escalation vulnerability (CVE-2024-38080):

Windows Hyper-V has a privilege escalation vulnerability. Due to integer overflow or wrapping issues in Windows Hyper-V, local attackers authenticated by ordinary users can exploit this vulnerability by running special programs to obtain SYSTEM permissions of the target system. At present, this vulnerability has been found to be exploited.

Official Announcement Link:

https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-38080

Windows MSHTML Platform Spoofing Vulnerability (CVE-2024-38112):

Windows MSHTML Platform has a spoofing vulnerability, which can be exploited by an unauthenticated remote attacker sending a special malicious file to the victim and tricking it into running due to improper input validation. At present, this vulnerability has been found to be exploited.

Official Announcement Link:

https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-38112

Scope of Impact

The following are some affected product versions that focus on vulnerabilities. For the scope of other products affected by vulnerabilities, please refer to the official announcement link.

Vulnerability No. Affected product versions
CVE-2024-38023
CVE-2024-38024
CVE-2024-38094
Microsoft SharePoint Server Subscription Edition
Microsoft SharePoint Server 2019
Microsoft SharePoint Enterprise Server 2016
CVE-2024-38060 Windows Server 2012 R2 (Server Core installation)
Windows Server 2012 R2
Windows Server 2012 (Server Core installation)
Windows Server 2012
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2016 (Server Core installation)
Windows Server 2016
Windows 10 Version 1607 for x64-based Systems
Windows 10 Version 1607 for 32-bit Systems
Windows 10 for x64-based Systems
Windows 10 for 32-bit Systems
Windows Server 2022, 23H2 Edition (Server Core installation)
Windows 11 Version 23H2 for x64-based Systems
Windows 11 Version 23H2 for ARM64-based Systems
Windows 10 Version 22H2 for 32-bit Systems
Windows 10 Version 22H2 for ARM64-based Systems
Windows 10 Version 22H2 for x64-based Systems
Windows 11 Version 22H2 for x64-based Systems
Windows 11 Version 22H2 for ARM64-based Systems
Windows 10 Version 21H2 for x64-based Systems
Windows 10 Version 21H2 for ARM64-based Systems
Windows 10 Version 21H2 for 32-bit Systems
Windows 11 version 21H2 for ARM64-based Systems
Windows 11 version 21H2 for x64-based Systems
Windows Server 2022 (Server Core installation)
Windows Server 2022
Windows Server 2019 (Server Core installation)
Windows Server 2019
Windows 10 Version 1809 for ARM64-based Systems
Windows 10 Version 1809 for x64-based Systems
Windows 10 Version 1809 for 32-bit Systems
CVE-2024-38074 Windows Server 2012 R2 (Server Core installation)
Windows Server 2012 R2
Windows Server 2012 (Server Core installation)
Windows Server 2012
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2016 (Server Core installation)
Windows Server 2016
Windows Server 2022, 23H2 Edition (Server Core installation)
Windows Server 2022 (Server Core installation)
Windows Server 2022
Windows Server 2019 (Server Core installation)
Windows Server 2019
CVE-2024-38076 Windows Server 2016 (Server Core installation)
Windows Server 2016
Windows Server 2022, 23H2 Edition (Server Core installation)
Windows Server 2022 (Server Core installation)
Windows Server 2022
Windows Server 2019 (Server Core installation)
Windows Server 2019
CVE-2024-38077 Windows Server 2012 R2 (Server Core installation)
Windows Server 2012 R2
Windows Server 2012 (Server Core installation)
Windows Server 2012
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2016 (Server Core installation)
Windows Server 2016
Windows Server 2022, 23H2 Edition (Server Core installation)
Windows Server 2022 (Server Core installation)
Windows Server 2022
Windows Server 2019 (Server Core installation)
Windows Server 2019
CVE-2024-38080 Windows Server 2022, 23H2 Edition (Server Core installation)
Windows 11 Version 23H2 for x64-based Systems
Windows 11 Version 23H2 for ARM64-based Systems
Windows 11 Version 22H2 for x64-based Systems
Windows 11 Version 22H2 for ARM64-based Systems
Windows 11 version 21H2 for ARM64-based Systems
Windows 11 version 21H2 for x64-based Systems
Windows Server 2022 (Server Core installation)
Windows Server 2022
CVE-2024-38112 Windows 10 Version 1809 for 32-bit Systems
Windows Server 2019
Windows 11 Version 22H2 for x64-based Systems
Windows 10 Version 21H2 for x64-based Systems
Windows Server 2022
Windows 11 version 21H2 for x64-based Systems
Windows 11 version 21H2 for ARM64-based Systems
Windows Server 2019 (Server Core installation)
Windows Server 2022, 23H2 Edition (Server Core installation)
Windows Server 2022 (Server Core installation)
Windows 10 Version 21H2 for ARM64-based Systems
Windows Server 2012 R2 (Server Core installation)
Windows 10 Version 22H2 for 32-bit Systems
Windows 11 Version 23H2 for ARM64-based Systems
Windows Server 2012 R2
Windows 10 Version 22H2 for ARM64-based Systems
Windows 10 Version 1809 for x64-based Systems
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows 10 Version 1809 for ARM64-based Systems
Windows Server 2016 (Server Core installation)
Windows 10 Version 21H2 for 32-bit Systems
Windows Server 2016
Windows 10 Version 1607 for x64-based Systems
Windows 10 Version 1607 for 32-bit Systems
Windows 10 for x64-based Systems
Windows 11 Version 22H2 for ARM64-based Systems
Windows 10 for 32-bit Systems
Windows 11 Version 23H2 for x64-based Systems
Windows 10 Version 22H2 for x64-based Systems

Mitigation

Patch update

At present, Microsoft has officially released security patches to fix the above vulnerabilities for supported product versions. It is strongly recommended that affected users install patches as soon as possible for protection. The official download link:

https://msrc.microsoft.com/update-guide/releaseNote/2024-Jul

Note: Patch update of Windows Update may fail due to network problems, computer environment problems and other reasons. After installing the patch, users shall check whether the patch is successfully updated in time.

Right-click on the Windows icon, select “Settings (N)”, select “Updates and Security”-“Windows Updates” to view prompts on this page, or click “View Update History” to view historical updates. For updates that have not been successfully installed, you can click the name of the update to jump to Microsoft’s official download page. It is recommended that users click on the link on this page and go to the “Microsoft Update Catalog” website to download the independent package and install it.

Appendix: Vulnerability List

Affected products CVE No. Vulnerability Name Severity
Microsoft Office CVE-2024-38023 Microsoft SharePoint Server Remote Execution Vulnerability Critical
Windows CVE-2024-38060 Windows Imaging Component Remote Code Execution Vulnerability Critical
Windows CVE-2024-38077 Windows Remote Desktop Licensing Service Vulnerability Critical
Windows CVE-2024-38074 Windows Remote Desktop Licensing Service Vulnerability Critical
Windows CVE-2024-38076 Windows Remote Desktop Licensing Service Vulnerability Critical
Microsoft Dynamics CVE-2024-30061 Microsoft Dynamics 365 (On-Premises) Vulnerability Important
Windows CVE-2024-21417 Windows Text Services Framework Permission Escalation Vulnerability Important
Windows CVE-2024-28899 Secure Boot security function bypasses vulnerabilities Important
Windows CVE-2024-30081 Windows NTLM spoofing vulnerability Important
Windows CVE-2024-30098 Windows Cryptographic Services Security Features Bypass Vulnerabilities Important
.NET,Microsoft Visual Studio CVE-2024-35264 .NET and Visual Studio remote code execution vulnerabilities Important
Windows CVE-2024-35270 Windows iSCSI Service Denial of Service Vulnerability Important
Microsoft SQL Server CVE-2024-38088 SQL Server Native Client OLE DB Provider Remote Execution Vulnerability Important
Microsoft SQL Server CVE-2024-38087 SQL Server Native Client OLE DB Provider Remote Execution Vulnerability Important
Microsoft SQL Server CVE-2024-21332 SQL Server Native Client OLE DB Provider Remote Execution Vulnerability Important
Microsoft SQL Server CVE-2024-21333 SQL Server Native Client OLE DB Provider Remote Execution Vulnerability Important
Microsoft SQL Server CVE-2024-21335 SQL Server Native Client OLE DB Provider Remote Execution Vulnerability Important
Microsoft SQL Server CVE-2024-21373 SQL Server Native Client OLE DB Provider Remote Execution Vulnerability Important
Microsoft SQL Server CVE-2024-21398 SQL Server Native Client OLE DB Provider Remote Execution Vulnerability Important
Microsoft SQL Server CVE-2024-21414 SQL Server Native Client OLE DB Provider Remote Execution Vulnerability Important
Microsoft SQL Server CVE-2024-21415 SQL Server Native Client OLE DB Provider Remote Execution Vulnerability Important
Microsoft SQL Server CVE-2024-21428 SQL Server Native Client OLE DB Provider Remote Execution Vulnerability Important
Microsoft SQL Server CVE-2024-37318 SQL Server Native Client OLE DB Provider Remote Execution Vulnerability Important
Microsoft SQL Server CVE-2024-37332 SQL Server Native Client OLE DB Provider Remote Execution Vulnerability Important
Microsoft SQL Server CVE-2024-37331 SQL Server Native Client OLE DB Provider Remote Execution Vulnerability Important
Windows CVE-2024-37969 Secure Boot security function bypasses vulnerabilities Important
Windows CVE-2024-37970 Secure Boot security function bypasses vulnerabilities Important
Windows CVE-2024-37974 Secure Boot security function bypasses vulnerabilities Important
Windows CVE-2024-37981 Secure Boot security function bypasses vulnerabilities Important
Windows CVE-2024-37986 Secure Boot security function bypasses vulnerabilities Important
Windows CVE-2024-37987 Secure Boot security function bypasses vulnerabilities Important
Windows CVE-2024-38013 Microsoft Windows Server Backup Permission Escalation Vulnerability Important
Windows CVE-2024-38015 Windows Remote Desktop Gateway (RD Gateway) Denial-of-Service Vulnerability Important
Windows CVE-2024-38022 Windows Image Acquisition Permission Escalation Vulnerability Important
Microsoft Office CVE-2024-38024 Microsoft SharePoint Server Remote Execution Vulnerability Important
Windows CVE-2024-38025 Microsoft Windows Performance Data Helper Library Remote Code Execution Vulnerability Important
Windows CVE-2024-38034 Windows Filtering Platform Privilege Escalation Vulnerability Important
Windows CVE-2024-38041 Windows Kernel Information Disclosure Vulnerability Important
Windows CVE-2024-38043 PowerShell privilege escalation vulnerability Important
Windows CVE-2024-38051 Windows Graphics Component Remote Code Execution Vulnerability Important
Windows CVE-2024-38054 Kernel Streaming WOW Thunk Service Driver Permission Upgrade Vulnerability Important
Windows CVE-2024-38055 Microsoft Windows Codecs Library Information Disclosure Vulnerabilities Important
Windows CVE-2024-38056 Microsoft Windows Codecs Library Information Disclosure Vulnerabilities Important
Windows CVE-2024-38059 Win32k privilege escalation vulnerability Important
Windows CVE-2024-38061 DCOM Remote Cross-Session Activation Privilege Escalation Vulnerability Important
Windows CVE-2024-38062 Windows Kernel-Mode Driver Privilege Escalation Vulnerability Important
Windows CVE-2024-38064 Windows TCP/IP Information Disclosure Vulnerability Important
Windows CVE-2024-38071 Windows Remote Desktop Licensing Service Vulnerability Important
Windows CVE-2024-38072 Windows Remote Desktop Licensing Service Vulnerability Important
Windows CVE-2024-38080 Windows Hyper-V privilege escalation vulnerability Important
Windows CVE-2024-38085 Windows Graphics Component Permission Escalation Vulnerability Important
Azure CVE-2024-38086 Remote code execution vulnerability in Azure Kinect SDK Important
Windows CVE-2024-38091 Microsoft WS-Discovery Denial of Service Vulnerability Important
Windows CVE-2024-38100 Windows File Explorer privilege escalation vulnerability Important
Windows CVE-2024-38102 Windows Layer-2 Bridge Network Driver Denial of Service Vulnerability Important
Windows CVE-2024-38104 Windows Fax Service Remote Code Execution Vulnerability Important
Windows CVE-2024-38112 Windows MSHTML Platform Spoofing Vulnerability Important
Windows CVE-2024-26184 Secure Boot security function bypasses vulnerabilities Important
Windows CVE-2024-30013 Windows MultiPoint Services remote code execution vulnerability Important
Microsoft Office CVE-2024-32987 Microsoft SharePoint Server Disclosure Vulnerability Important
Windows CVE-2024-30071 Windows Remote Access Connection Manager Information Disclosure Vulnerability Important
Windows CVE-2024-30079 Windows Remote Access Connection Manager Privilege Escalation Vulnerability Important
.NET,Microsoft Visual Studio CVE-2024-30105 .NET Core and Visual Studio Denial-of-Service Vulnerabilities Important
Azure CVE-2024-35261 Azure Network Watcher VM Extension Permission Escalation Vulnerability Important
Azure CVE-2024-35266 Azure DevOps Server Spoofing Vulnerability Important
Azure CVE-2024-35267 Azure DevOps Server Spoofing Vulnerability Important
Microsoft SQL Server CVE-2024-35271 SQL Server Native Client OLE DB Provider Remote Execution Vulnerability Important
Microsoft SQL Server CVE-2024-35272 SQL Server Native Client OLE DB Provider Remote Execution Vulnerability Important
Microsoft SQL Server CVE-2024-20701 SQL Server Native Client OLE DB Provider Remote Execution Vulnerability Important
Microsoft SQL Server CVE-2024-21303 SQL Server Native Client OLE DB Provider Remote Execution Vulnerability Important
Microsoft SQL Server CVE-2024-21308 SQL Server Native Client OLE DB Provider Remote Execution Vulnerability Important
Microsoft SQL Server CVE-2024-21317 SQL Server Native Client OLE DB Provider Remote Execution Vulnerability Important
Microsoft SQL Server CVE-2024-21331 SQL Server Native Client OLE DB Provider Remote Execution Vulnerability Important
Microsoft SQL Server CVE-2024-21425 SQL Server Native Client OLE DB Provider Remote Execution Vulnerability Important
Microsoft SQL Server CVE-2024-37319 SQL Server Native Client OLE DB Provider Remote Execution Vulnerability Important
Microsoft SQL Server CVE-2024-37320 SQL Server Native Client OLE DB Provider Remote Execution Vulnerability Important
Microsoft SQL Server CVE-2024-37321 SQL Server Native Client OLE DB Provider Remote Execution Vulnerability Important
Microsoft SQL Server CVE-2024-37322 SQL Server Native Client OLE DB Provider Remote Execution Vulnerability Important
Microsoft SQL Server CVE-2024-37323 SQL Server Native Client OLE DB Provider Remote Execution Vulnerability Important
Microsoft SQL Server CVE-2024-37324 SQL Server Native Client OLE DB Provider Remote Execution Vulnerability Important
Microsoft SQL Server CVE-2024-21449 SQL Server Native Client OLE DB Provider Remote Execution Vulnerability Important
Microsoft SQL Server CVE-2024-37326 SQL Server Native Client OLE DB Provider Remote Execution Vulnerability Important
Microsoft SQL Server CVE-2024-37327 SQL Server Native Client OLE DB Provider Remote Execution Vulnerability Important
Microsoft SQL Server CVE-2024-37328 SQL Server Native Client OLE DB Provider Remote Execution Vulnerability Important
Microsoft SQL Server CVE-2024-37329 SQL Server Native Client OLE DB Provider Remote Execution Vulnerability Important
Microsoft SQL Server CVE-2024-37330 SQL Server Native Client OLE DB Provider Remote Execution Vulnerability Important
Microsoft SQL Server,Microsoft OLE DB Driver CVE-2024-37334 Microsoft OLE DB Driver for SQL Server RemoteCodeExecutionVulnerability Important
Microsoft SQL Server CVE-2024-37333 SQL Server Native Client OLE DB Provider Remote Execution Vulnerability Important
Microsoft SQL Server CVE-2024-37336 SQL Server Native Client OLE DB Provider Remote Execution Vulnerability Important
Microsoft SQL Server CVE-2024-28928 SQL Server Native Client OLE DB Provider Remote Execution Vulnerability Important
Microsoft SQL Server CVE-2024-35256 SQL Server Native Client OLE DB Provider Remote Execution Vulnerability Important
Windows CVE-2024-37971 Secure Boot security function bypasses vulnerabilities Important
Windows CVE-2024-37972 Secure Boot security function bypasses vulnerabilities Important
Windows CVE-2024-37973 Secure Boot security function bypasses vulnerabilities Important
Windows CVE-2024-37975 Secure Boot security function bypasses vulnerabilities Important
Windows CVE-2024-37977 Secure Boot security function bypasses vulnerabilities Important
Windows CVE-2024-37978 Secure Boot security function bypasses vulnerabilities Important
Windows CVE-2024-37984 Secure Boot security function bypasses vulnerabilities Important
Windows CVE-2024-37988 Secure Boot security function bypasses vulnerabilities Important
Windows CVE-2024-37989 Secure Boot security function bypasses vulnerabilities Important
Windows CVE-2024-38010 Secure Boot security function bypasses vulnerabilities Important
Windows CVE-2024-38011 Secure Boot security function bypasses vulnerabilities Important
Windows CVE-2024-38017 Microsoft Message Queuing Vulnerability Important
Windows CVE-2024-38019 Microsoft Windows Performance Data Helper Library Remote Code Execution Vulnerability Important
Microsoft Office CVE-2024-38021 Microsoft Office remote code execution vulnerability Important
Windows CVE-2024-38027 Windows Line Printer Daemon Service Vulnerability Important
Windows CVE-2024-38028 Microsoft Windows Performance Data Helper Library Remote Code Execution Vulnerability Important
Windows CVE-2024-38030 Windows Themes Spoofing Vulnerability Important
Windows CVE-2024-38031 Windows Online Certificate Status Protocol (OCSP) Server Denial-of-Service Vulnerability Important
Windows CVE-2024-38032 Microsoft Xbox remote code execution vulnerability Important
Windows CVE-2024-38033 PowerShell privilege escalation vulnerability Important
Windows CVE-2024-38044 DHCP Server Service remote code execution vulnerability Important
Windows CVE-2024-38047 PowerShell privilege escalation vulnerability Important
Windows CVE-2024-38048 Windows Network Driver Interface Specification (NDIS) Denial-of-Service Vulnerability Important
Windows CVE-2024-38049 Windows Distributed Transaction Coordinator Remote Code Execution Vulnerability Important
Windows CVE-2024-38050 Windows Workstation Service privilege escalation vulnerability Important
Windows CVE-2024-38052 Kernel Streaming WOW Thunk Service Driver Permission Upgrade Vulnerability Important
Windows CVE-2024-38053 Windows Layer-2 Bridge Network Driver Remote Code Execution Vulnerability Important
Windows CVE-2024-38057 Kernel Streaming WOW Thunk Service Driver Permission Upgrade Vulnerability Important
Windows CVE-2024-38058 BitLocker security function bypasses vulnerabilities Important
Windows CVE-2024-38065 Secure Boot security function bypasses vulnerabilities Important
Windows CVE-2024-38066 Windows Win32k privilege escalation vulnerability Important
Windows CVE-2024-38067 Windows Online Certificate Status Protocol (OCSP) Server Denial-of-Service Vulnerability Important
Windows CVE-2024-38068 Windows Online Certificate Status Protocol (OCSP) Server Denial-of-Service Vulnerability Important
Windows CVE-2024-38069 Windows Enroll Engine Security Feature Bypass Vulnerabilities Important
Windows CVE-2024-38070 Windows LockDown Policy (WLDP) Security Feature Bypass Vulnerabilities Important
Windows CVE-2024-38073 Windows Remote Desktop Licensing Service Vulnerability Important
Windows CVE-2024-38078 Xbox Wireless Adapter remote code execution vulnerability Important
Windows CVE-2024-38079 Windows Graphics Component Permission Escalation Vulnerability Important
Microsoft .NET Framework,.NET,Microsoft Visual Studio CVE-2024-38081 .NET, .NET Framework, and Visual Studio Permissions Escalation vulnerability Important
System Center CVE-2024-38089 Microsoft Defender for IoT Privilege Elevation Vulnerability Important
Azure CVE-2024-38092 Azure CycleCloud privilege escalation vulnerability Important
Microsoft Office CVE-2024-38094 Microsoft SharePoint remote code execution vulnerability Important
.NET,Microsoft Visual Studio CVE-2024-38095 .NET and Visual Studio Denial of Service Vulnerabilities Important
Windows CVE-2024-38099 Windows Remote Desktop Licensing Service Vulnerability Important
Windows CVE-2024-38101 Windows Layer-2 Bridge Network Driver Denial of Service Vulnerability Important
Windows CVE-2024-38105 Windows Layer-2 Bridge Network Driver Denial of Service Vulnerability Important
Microsoft Office CVE-2024-38020 Microsoft Outlook Spoofing Vulnerability Moderate

Statement

This advisory is only used to describe a potential risk. NSFOCUS does not provide any commitment or promise on this advisory. NSFOCUS and the author will not bear any liability for any direct and/or indirect consequences and losses caused by transmitting and/or using this advisory. NSFOCUS reserves all the rights to modify and interpret this advisory. Please include this statement paragraph when reproducing or transferring this advisory. Do not modify this advisory, add/delete any information to/from it, or use this advisory for commercial purposes without permission from NSFOCUS.

About NSFOCUS

NSFOCUS, a pioneering leader in cybersecurity, is dedicated to safeguarding telecommunications, Internet service providers, hosting providers, and enterprises from sophisticated cyberattacks.

Founded in 2000, NSFOCUS operates globally with over 4000 employees at two headquarters in Beijing, China, and Santa Clara, CA, USA, and over 50 offices worldwide. It has a proven track record of protecting over 25% of the Fortune Global 500 companies, including four of the five largest banks and six of the world’s top ten telecommunications companies.

Leveraging technical prowess and innovation, NSFOCUS delivers a comprehensive suite of security solutions, including the Intelligent Security Operations Platform (ISOP) for modern SOC, DDoS Protection, Continuous Threat Exposure Management (CTEM) Service and Web Application and API Protection (WAAP). All the solutions and services are augmented by the Security Large Language Model (SecLLM), ML, patented algorithms and other cutting-edge research achievements developed by NSFOCUS.

The post Microsoft’s Security Update in July of High-Risk Vulnerabilities in Multiple Products appeared first on NSFOCUS, Inc., a global network and cyber security leader, protects enterprises and carriers from advanced cyber attacks..

*** This is a Security Bloggers Network syndicated blog from NSFOCUS, Inc., a global network and cyber security leader, protects enterprises and carriers from advanced cyber attacks. authored by NSFOCUS. Read the original post at: https://nsfocusglobal.com/microsofts-security-update-in-july-of-high-risk-vulnerabilities-in-multiple-products/


文章来源: https://securityboulevard.com/2024/07/microsofts-security-update-in-july-of-high-risk-vulnerabilities-in-multiple-products/
如有侵权请联系:admin#unsafe.sh