Microsoft releases 138 fixes for July 2024 Patch Tuesday, including multiple Critical Threats
This month, Microsoft has rolled out a significant update, deploying an impressive 138 fixes. Among these, several vulnerabilities are deemed weaponized, with some carrying a CVSS score of 9.8. This release, which is the second largest in Microsoft’s history, follows the record-setting 147 fixes issued a few months ago. The latest batch of patches includes 5 critical fixes, 133 important ones, and several moderate updates. These span a wide range of products including Windows, Windows Components, Office, Azure, SQL Server, Visual Studio, Remote Desktop, Hyper-V, and Secure Boot.
Robert Brown, Head of Customer Success at Syxsense, emphasizes the importance of strategic prioritization in vulnerability management. He highlights the presence of threats with the potential to act as Jump Points, urging organizations to remain vigilant. With a combined CVSS score of 1087 for July and an average score of 7.9 — higher than the previous month — the severity of these vulnerabilities requires meticulous attention.
Based on Vendor Severity and CVSS Scores, we recommend integrating the provided CVE numbers into your Patch Management solution. Once thorough testing is complete, deployment should proceed without delay.
CVE-2024-38080 – Windows Hyper-V Elevation of Privilege Vulnerability
Anonymously submitted to Microsoft, CVE-2024-38080 is a Windows Hyper-V Elevation of Privilege vulnerability. If successfully exploited, this vulnerability could allow an attacker to gain SYSTEM privileges, posing a significant risk to affected systems.
Syxscore:
- Vendor Severity: Important
- CVSS: 7.8
- Weaponised: Yes
- Public Awareness: No
- Countermeasure: No
Risk Factors:
- Attack Vector: Local
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Scope / Jump Point: Unchanged / No
Implications:
The fact that this vulnerability has been weaponized underscores its potential danger. With a low attack complexity and minimal privileges required, an attacker could exploit this vulnerability locally without user interaction. The elevated risk associated with gaining SYSTEM privileges makes it critical for organizations to address this promptly.
Despite not being publicly known, the lack of countermeasures highlights the urgency for deploying patches and reinforcing security protocols. Organizations using Windows Hyper-V should prioritize this update to mitigate potential exploitation.
CVE-2024-35264 – .NET and Visual Studio Remote Code Execution Vulnerability
CVE-2024-35264 is a remote code execution vulnerability affecting .NET and Visual Studio. An attacker can exploit this by closing an HTTP/3 stream while the request body is being processed, leading to a race condition and potentially allowing remote code execution.
Syxscore:
- Vendor Severity: Important
- CVSS: 8.1
- Weaponised: No
- Public Aware: Yes
- Countermeasure: No
Risk Factors:
- Attack Vector: Network
- Attack Complexity: High
- Privileges Required: None
- User Interaction: None
- Scope / Jump Point: Unchanged / No
Implications:
The public awareness of this vulnerability heightens its potential threat, despite it not being weaponized. With a CVSS score of 8.1, the severity is significant, indicating that successful exploitation could have serious consequences. This vulnerability is exploited over the network with no required privileges or user interaction, making it a critical issue to address. However, the high attack complexity may limit the number of potential attackers capable of exploiting it. The absence of countermeasures necessitates prompt attention to patching and securing affected systems.
Organizations utilizing .NET and Visual Studio should prioritize updates and patches to mitigate the risk of remote code execution. Given the nature of this vulnerability, proactive measures and vigilance are essential to maintain robust security.
CVE-2024-38074, CVE-2024-38076, & CVE-2024-38077 – Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability
CVE-2024-38074, CVE-2024-38076, and CVE-2024-38077 are critical vulnerabilities affecting the Windows Remote Desktop Licensing Service. An attacker could exploit these vulnerabilities by sending a specially crafted packet to a server configured as a Remote Desktop Licensing server, resulting in remote code execution.
Syxscore:
- Vendor Severity: Critical
- CVSS: 9.8
- Weaponised: No
- Public Aware: No
- Countermeasure: Yes – Disable the Licensing Service
Risk Factors:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope / Jump Point: Unchanged / No
Implications:
These vulnerabilities have been assigned a CVSS score of 9.8, indicating their critical nature. The ability for an attacker to achieve remote code execution by simply sending a specially crafted packet over the network, with no required privileges or user interaction, significantly heightens the risk.
Despite these vulnerabilities not being weaponized or publicly known, their critical severity demands immediate attention. The presence of a countermeasure—disabling the Licensing Service—provides a temporary mitigation strategy while awaiting this permanent fix. Given the low attack complexity and the potential impact of remote code execution, it is crucial for organizations using Windows Remote Desktop Licensing Service to implement the recommended countermeasure and prioritize patching these vulnerabilities. By proactively addressing these vulnerabilities, organizations can significantly reduce the risk of exploitation and maintain the integrity and security of their systems.
| Reference | Description | Vendor Severity | CVSS Score | Weaponised | Publicly Aware | Additional Details | Countermeasure | Impact | Exploitability Assessment |
| CVE-2024-38080 | Windows Hyper-V Elevation of Privilege Vulnerability | Important | 7.8 | Yes | No | An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. | Elevation of Privilege | Exploitation Detected | |
| CVE-2024-38112 | Windows MSHTML Platform Spoofing Vulnerability | Important | 7.5 | Yes | No | Spoofing | Exploitation Detected | ||
| CVE-2024-35264 | .NET and Visual Studio Remote Code Execution Vulnerability | Important | 8.1 | No | Yes | Remote Code Execution | Exploitation Less Likely | ||
| CVE-2024-38074 | Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability | Critical | 9.8 | No | No | An attacker could send a specially crafted packet to a server set up as a Remote Desktop Licensing server, which will cause remote code execution. | Yes If you no longer need this service on your system, consider disabling it as a security best practice. Disabling unused and unneeded services helps reduce your exposure to security vulnerabilities. |
Remote Code Execution | Exploitation Less Likely |
| CVE-2024-38076 | Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability | Critical | 9.8 | No | No | An attacker could send a specially crafted packet to a server set up as a Remote Desktop Licensing server, which will cause remote code execution. | Yes If you no longer need this service on your system, consider disabling it as a security best practice. Disabling unused and unneeded services helps reduce your exposure to security vulnerabilities. |
Remote Code Execution | Exploitation Less Likely |
| CVE-2024-38077 | Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability | Critical | 9.8 | No | No | An attacker could send a specially crafted packet to a server set up as a Remote Desktop Licensing server, which will cause remote code execution. | Yes If you no longer need this service on your system, consider disabling it as a security best practice. Disabling unused and unneeded services helps reduce your exposure to security vulnerabilities. |
Remote Code Execution | Exploitation Less Likely |
| CVE-2024-38089 | Microsoft Defender for IoT Elevation of Privilege Vulnerability | Important | 9.1 | No | No | Scope = Changed, Jump Point = True In this case, a successful attack could be performed from a low privilege AppContainer. The attacker could elevate their privileges and execute code or access resources at a higher integrity level than that of the AppContainer execution environment. |
Elevation of Privilege | Exploitation Less Likely | |
| CVE-2024-38060 | Microsoft Windows Codecs Library Remote Code Execution Vulnerability | Critical | 8.8 | No | No | Remote Code Execution | Exploitation More Likely | ||
| CVE-2024-20701 | SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | Important | 8.8 | No | No | An attacker could exploit the vulnerability by tricking an authenticated user (UI:R) into attempting to connect to a malicious SQL server database via a connection driver (for example: OLE DB or OLEDB as applicable). This could result in the database returning malicious data that could cause arbitrary code execution on the client. | Remote Code Execution | Exploitation Less Likely | |
| CVE-2024-21303 | SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | Important | 8.8 | No | No | An attacker could exploit the vulnerability by tricking an authenticated user (UI:R) into attempting to connect to a malicious SQL server database via a connection driver (for example: OLE DB or OLEDB as applicable). This could result in the database returning malicious data that could cause arbitrary code execution on the client. | Remote Code Execution | Exploitation Less Likely | |
| CVE-2024-21308 | SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | Important | 8.8 | No | No | An attacker could exploit the vulnerability by tricking an authenticated user (UI:R) into attempting to connect to a malicious SQL server database via a connection driver (for example: OLE DB or OLEDB as applicable). This could result in the database returning malicious data that could cause arbitrary code execution on the client. | Remote Code Execution | Exploitation Less Likely | |
| CVE-2024-21317 | SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | Important | 8.8 | No | No | An attacker could exploit the vulnerability by tricking an authenticated user (UI:R) into attempting to connect to a malicious SQL server database via a connection driver (for example: OLE DB or OLEDB as applicable). This could result in the database returning malicious data that could cause arbitrary code execution on the client. | Remote Code Execution | Exploitation Less Likely | |
| CVE-2024-21331 | SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | Important | 8.8 | No | No | Remote Code Execution | Exploitation Less Likely | ||
| CVE-2024-21332 | SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | Important | 8.8 | No | No | Remote Code Execution | Exploitation Less Likely | ||
| CVE-2024-21333 | SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | Important | 8.8 | No | No | Remote Code Execution | Exploitation Less Likely | ||
| CVE-2024-21335 | SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | Important | 8.8 | No | No | Remote Code Execution | Exploitation Less Likely | ||
| CVE-2024-21373 | SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | Important | 8.8 | No | No | Remote Code Execution | Exploitation Less Likely | ||
| CVE-2024-21398 | SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | Important | 8.8 | No | No | Remote Code Execution | Exploitation Less Likely | ||
| CVE-2024-21414 | SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | Important | 8.8 | No | No | Remote Code Execution | Exploitation Less Likely | ||
| CVE-2024-21415 | SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | Important | 8.8 | No | No | Remote Code Execution | Exploitation Less Likely | ||
| CVE-2024-21417 | Windows Text Services Framework Elevation of Privilege Vulnerability | Important | 8.8 | No | No | Scope = Changed, Jump Point = True An attacker could use this vulnerability to elevate privileges from a Low Integrity Level in a contained (“sandboxed”) execution environment to a Medium Integrity Level or a High Integrity Level. |
Elevation of Privilege | Exploitation Less Likely | |
| CVE-2024-21425 | SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | Important | 8.8 | No | No | An attacker could exploit the vulnerability by tricking an authenticated user (UI:R) into attempting to connect to a malicious SQL server database via a connection driver (for example: OLE DB or OLEDB as applicable). This could result in the database returning malicious data that could cause arbitrary code execution on the client. | Remote Code Execution | Exploitation Less Likely | |
| CVE-2024-21428 | SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | Important | 8.8 | No | No | An attacker could exploit the vulnerability by tricking an authenticated user (UI:R) into attempting to connect to a malicious SQL server database via a connection driver (for example: OLE DB or OLEDB as applicable). This could result in the database returning malicious data that could cause arbitrary code execution on the client. | Remote Code Execution | Exploitation Less Likely | |
| CVE-2024-21449 | SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | Important | 8.8 | No | No | An attacker could exploit the vulnerability by tricking an authenticated user (UI:R) into attempting to connect to a malicious SQL server database via a connection driver (for example: OLE DB or OLEDB as applicable). This could result in the database returning malicious data that could cause arbitrary code execution on the client. | Remote Code Execution | Exploitation Less Likely | |
| CVE-2024-28899 | Secure Boot Security Feature Bypass Vulnerability | Important | 8.8 | No | No | An attacker who successfully exploited this vulnerability could bypass Secure Boot. | Security Feature Bypass | Exploitation Less Likely | |
| CVE-2024-28928 | SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | Important | 8.8 | No | No | An attacker could exploit the vulnerability by tricking an authenticated user (UI:R) into attempting to connect to a malicious SQL server database via a connection driver (for example: OLE DB or OLEDB as applicable). This could result in the database returning malicious data that could cause arbitrary code execution on the client. | Remote Code Execution | Exploitation Less Likely | |
| CVE-2024-30013 | Windows MultiPoint Services Remote Code Execution Vulnerability | Important | 8.8 | No | No | An unauthenticated attacker can exploit this vulnerability by sending a malicious request packet via a client machine to a Windows Server configured to be a Multipoint Service over a network, and then waiting for the server to stop or restart. | Remote Code Execution | Exploitation Less Likely | |
| CVE-2024-35256 | SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | Important | 8.8 | No | No | An attacker could exploit the vulnerability by tricking an authenticated user (UI:R) into attempting to connect to a malicious SQL server database via a connection driver (for example: OLE DB or OLEDB as applicable). This could result in the database returning malicious data that could cause arbitrary code execution on the client. | Remote Code Execution | Exploitation Less Likely | |
| CVE-2024-35271 | SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | Important | 8.8 | No | No | An attacker could exploit the vulnerability by tricking an authenticated user (UI:R) into attempting to connect to a malicious SQL server database via a connection driver (for example: OLE DB or OLEDB as applicable). This could result in the database returning malicious data that could cause arbitrary code execution on the client. | Remote Code Execution | Exploitation Less Likely | |
| CVE-2024-35272 | SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | Important | 8.8 | No | No | An attacker could exploit the vulnerability by tricking an authenticated user (UI:R) into attempting to connect to a malicious SQL server database via a connection driver (for example: OLE DB or OLEDB as applicable). This could result in the database returning malicious data that could cause arbitrary code execution on the client. | Remote Code Execution | Exploitation Less Likely | |
| CVE-2024-37318 | SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | Important | 8.8 | No | No | An attacker could exploit the vulnerability by tricking an authenticated user (UI:R) into attempting to connect to a malicious SQL server database via a connection driver (for example: OLE DB or OLEDB as applicable). This could result in the database returning malicious data that could cause arbitrary code execution on the client. | Remote Code Execution | Exploitation Less Likely | |
| CVE-2024-37319 | SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | Important | 8.8 | No | No | An attacker could exploit the vulnerability by tricking an authenticated user (UI:R) into attempting to connect to a malicious SQL server database via a connection driver (for example: OLE DB or OLEDB as applicable). This could result in the database returning malicious data that could cause arbitrary code execution on the client. | Remote Code Execution | Exploitation Less Likely | |
| CVE-2024-37320 | SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | Important | 8.8 | No | No | An attacker could exploit the vulnerability by tricking an authenticated user (UI:R) into attempting to connect to a malicious SQL server database via a connection driver (for example: OLE DB or OLEDB as applicable). This could result in the database returning malicious data that could cause arbitrary code execution on the client. | Remote Code Execution | Exploitation Less Likely | |
| CVE-2024-37321 | SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | Important | 8.8 | No | No | An attacker could exploit the vulnerability by tricking an authenticated user (UI:R) into attempting to connect to a malicious SQL server database via a connection driver (for example: OLE DB or OLEDB as applicable). This could result in the database returning malicious data that could cause arbitrary code execution on the client. | Remote Code Execution | Exploitation Less Likely | |
| CVE-2024-37322 | SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | Important | 8.8 | No | No | An attacker could exploit the vulnerability by tricking an authenticated user (UI:R) into attempting to connect to a malicious SQL server database via a connection driver (for example: OLE DB or OLEDB as applicable). This could result in the database returning malicious data that could cause arbitrary code execution on the client. | Remote Code Execution | Exploitation Less Likely | |
| CVE-2024-37323 | SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | Important | 8.8 | No | No | An attacker could exploit the vulnerability by tricking an authenticated user (UI:R) into attempting to connect to a malicious SQL server database via a connection driver (for example: OLE DB or OLEDB as applicable). This could result in the database returning malicious data that could cause arbitrary code execution on the client. | Remote Code Execution | Exploitation Less Likely | |
| CVE-2024-37324 | SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | Important | 8.8 | No | No | An attacker could exploit the vulnerability by tricking an authenticated user (UI:R) into attempting to connect to a malicious SQL server database via a connection driver (for example: OLE DB or OLEDB as applicable). This could result in the database returning malicious data that could cause arbitrary code execution on the client. | Remote Code Execution | Exploitation Less Likely | |
| CVE-2024-37326 | SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | Important | 8.8 | No | No | An attacker could exploit the vulnerability by tricking an authenticated user (UI:R) into attempting to connect to a malicious SQL server database via a connection driver (for example: OLE DB or OLEDB as applicable). This could result in the database returning malicious data that could cause arbitrary code execution on the client. | Remote Code Execution | Exploitation Less Likely | |
| CVE-2024-37327 | SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | Important | 8.8 | No | No | An attacker could exploit the vulnerability by tricking an authenticated user (UI:R) into attempting to connect to a malicious SQL server database via a connection driver (for example: OLE DB or OLEDB as applicable). This could result in the database returning malicious data that could cause arbitrary code execution on the client. | Remote Code Execution | Exploitation Less Likely | |
| CVE-2024-37328 | SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | Important | 8.8 | No | No | An attacker could exploit the vulnerability by tricking an authenticated user (UI:R) into attempting to connect to a malicious SQL server database via a connection driver (for example: OLE DB or OLEDB as applicable). This could result in the database returning malicious data that could cause arbitrary code execution on the client. | Remote Code Execution | Exploitation Less Likely | |
| CVE-2024-37329 | SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | Important | 8.8 | No | No | An attacker could exploit the vulnerability by tricking an authenticated user (UI:R) into attempting to connect to a malicious SQL server database via a connection driver (for example: OLE DB or OLEDB as applicable). This could result in the database returning malicious data that could cause arbitrary code execution on the client. | Remote Code Execution | Exploitation Less Likely | |
| CVE-2024-37330 | SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | Important | 8.8 | No | No | An attacker could exploit the vulnerability by tricking an authenticated user (UI:R) into attempting to connect to a malicious SQL server database via a connection driver (for example: OLE DB or OLEDB as applicable). This could result in the database returning malicious data that could cause arbitrary code execution on the client. | Remote Code Execution | Exploitation Less Likely | |
| CVE-2024-37331 | SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | Important | 8.8 | No | No | An attacker could exploit the vulnerability by tricking an authenticated user (UI:R) into attempting to connect to a malicious SQL server database via a connection driver (for example: OLE DB or OLEDB as applicable). This could result in the database returning malicious data that could cause arbitrary code execution on the client. | Remote Code Execution | Exploitation Less Likely | |
| CVE-2024-37332 | SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | Important | 8.8 | No | No | An attacker could exploit the vulnerability by tricking an authenticated user (UI:R) into attempting to connect to a malicious SQL server database via a connection driver (for example: OLE DB or OLEDB as applicable). This could result in the database returning malicious data that could cause arbitrary code execution on the client. | Remote Code Execution | Exploitation Less Likely | |
| CVE-2024-37333 | SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | Important | 8.8 | No | No | An attacker could exploit the vulnerability by tricking an authenticated user (UI:R) into attempting to connect to a malicious SQL server database via a connection driver (for example: OLE DB or OLEDB as applicable). This could result in the database returning malicious data that could cause arbitrary code execution on the client. | Remote Code Execution | Exploitation Less Likely | |
| CVE-2024-37334 | Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability | Important | 8.8 | No | No | An attacker could exploit the vulnerability by tricking an authenticated user (UI:R) into attempting to connect to a malicious SQL server database via a connection driver (for example: OLE DB or OLEDB as applicable). This could result in the database returning malicious data that could cause arbitrary code execution on the client. | Remote Code Execution | Exploitation Less Likely | |
| CVE-2024-37336 | SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | Important | 8.8 | No | No | An attacker could exploit the vulnerability by tricking an authenticated user (UI:R) into attempting to connect to a malicious SQL server database via a connection driver (for example: OLE DB or OLEDB as applicable). This could result in the database returning malicious data that could cause arbitrary code execution on the client. | Remote Code Execution | Exploitation Less Likely | |
| CVE-2024-38021 | Microsoft Office Remote Code Execution Vulnerability | Important | 8.8 | No | No | An attacker who successfully exploited this vulnerability could gain high privileges, which include read, write, and delete functionality. | Remote Code Execution | Exploitation More Likely | |
| CVE-2024-38053 | Windows Layer-2 Bridge Network Driver Remote Code Execution Vulnerability | Important | 8.8 | No | No | Remote Code Execution | Exploitation Less Likely | ||
| CVE-2024-38087 | SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | Important | 8.8 | No | No | Remote Code Execution | Exploitation Less Likely | ||
| CVE-2024-38088 | SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | Important | 8.8 | No | No | An attacker could exploit the vulnerability by tricking an authenticated user (UI:R) into attempting to connect to a malicious SQL server database via a connection driver (for example: OLE DB or OLEDB as applicable). This could result in the database returning malicious data that could cause arbitrary code execution on the client. | Remote Code Execution | Exploitation Less Likely | |
| CVE-2024-38092 | Azure CycleCloud Elevation of Privilege Vulnerability | Important | 8.8 | No | No | Elevation of Privilege | Exploitation Less Likely | ||
| CVE-2024-38104 | Windows Fax Service Remote Code Execution Vulnerability | Important | 8.8 | No | No | An authenticated attacker with normal user privileges that has already compromised a fax server, to which the victim is connected, can exploit this vulnerability to execute arbitrary code on the victim machine. | Yes To be exploitable by this vulnerability the Windows Fax Service has to be installed and configured. |
Remote Code Execution | Exploitation Less Likely |
| CVE-2024-37969 | Secure Boot Security Feature Bypass Vulnerability | Important | 8.0 | No | No | An attacker who successfully exploited this vulnerability could bypass Secure Boot. | Security Feature Bypass | Exploitation Less Likely | |
| CVE-2024-37970 | Secure Boot Security Feature Bypass Vulnerability | Important | 8.0 | No | No | An attacker who successfully exploited this vulnerability could bypass Secure Boot. | Security Feature Bypass | Exploitation Less Likely | |
| CVE-2024-37971 | Secure Boot Security Feature Bypass Vulnerability | Important | 8.0 | No | No | An attacker who successfully exploited this vulnerability could bypass Secure Boot. | Security Feature Bypass | Exploitation Less Likely | |
| CVE-2024-37972 | Secure Boot Security Feature Bypass Vulnerability | Important | 8.0 | No | No | An attacker who successfully exploited this vulnerability could bypass Secure Boot. | Security Feature Bypass | Exploitation Less Likely | |
| CVE-2024-37973 | Secure Boot Security Feature Bypass Vulnerability | Important | 8.0 | No | No | An attacker who successfully exploited this vulnerability could bypass Secure Boot. | Security Feature Bypass | Exploitation Less Likely | |
| CVE-2024-37974 | Secure Boot Security Feature Bypass Vulnerability | Important | 8.0 | No | No | An attacker who successfully exploited this vulnerability could bypass Secure Boot. | Security Feature Bypass | Exploitation Less Likely | |
| CVE-2024-37975 | Secure Boot Security Feature Bypass Vulnerability | Important | 8.0 | No | No | An attacker who successfully exploited this vulnerability could bypass Secure Boot. | Security Feature Bypass | Exploitation Less Likely | |
| CVE-2024-37977 | Secure Boot Security Feature Bypass Vulnerability | Important | 8.0 | No | No | An attacker who successfully exploited this vulnerability could bypass Secure Boot. | Security Feature Bypass | Exploitation Less Likely | |
| CVE-2024-37978 | Secure Boot Security Feature Bypass Vulnerability | Important | 8.0 | No | No | An attacker who successfully exploited this vulnerability could bypass Secure Boot. | Security Feature Bypass | Exploitation Less Likely | |
| CVE-2024-37981 | Secure Boot Security Feature Bypass Vulnerability | Important | 8.0 | No | No | An attacker who successfully exploited this vulnerability could bypass Secure Boot. | Security Feature Bypass | Exploitation Less Likely | |
| CVE-2024-37984 | Secure Boot Security Feature Bypass Vulnerability | Important | 8.0 | No | No | An attacker who successfully exploited this vulnerability could bypass Secure Boot. | Security Feature Bypass | Exploitation Less Likely | |
| CVE-2024-37986 | Secure Boot Security Feature Bypass Vulnerability | Important | 8.0 | No | No | An attacker who successfully exploited this vulnerability could bypass Secure Boot. | Security Feature Bypass | Exploitation Less Likely | |
| CVE-2024-37987 | Secure Boot Security Feature Bypass Vulnerability | Important | 8.0 | No | No | An attacker who successfully exploited this vulnerability could bypass Secure Boot. | Security Feature Bypass | Exploitation Less Likely | |
| CVE-2024-37988 | Secure Boot Security Feature Bypass Vulnerability | Important | 8.0 | No | No | An attacker who successfully exploited this vulnerability could bypass Secure Boot. | Security Feature Bypass | Exploitation Less Likely | |
| CVE-2024-37989 | Secure Boot Security Feature Bypass Vulnerability | Important | 8.0 | No | No | An attacker who successfully exploited this vulnerability could bypass Secure Boot. | Security Feature Bypass | Exploitation Less Likely | |
| CVE-2024-38010 | Secure Boot Security Feature Bypass Vulnerability | Important | 8.0 | No | No | An attacker who successfully exploited this vulnerability could bypass Secure Boot. | Security Feature Bypass | Exploitation Less Likely | |
| CVE-2024-38011 | Secure Boot Security Feature Bypass Vulnerability | Important | 8.0 | No | No | An attacker who successfully exploited this vulnerability could bypass Secure Boot. | Security Feature Bypass | Exploitation Less Likely | |
| CVE-2024-30079 | Windows Remote Access Connection Manager Elevation of Privilege Vulnerability | Important | 7.8 | No | No | An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. | Elevation of Privilege | Exploitation Less Likely | |
| CVE-2024-35261 | Azure Network Watcher VM Extension Elevation of Privilege Vulnerability | Important | 7.8 | No | No | Elevation of Privilege | Exploitation Less Likely | ||
| CVE-2024-38034 | Windows Filtering Platform Elevation of Privilege Vulnerability | Important | 7.8 | No | No | An attacker who successfully exploited this vulnerability could gain administrator privileges. | Elevation of Privilege | Exploitation Less Likely | |
| CVE-2024-38043 | PowerShell Elevation of Privilege Vulnerability | Important | 7.8 | No | No | An attacker who successfully exploited this vulnerability could elevate their user privileges from those of a restrained user to an unrestrained WDAC user. | Elevation of Privilege | Exploitation Less Likely | |
| CVE-2024-38047 | PowerShell Elevation of Privilege Vulnerability | Important | 7.8 | No | No | An attacker who successfully exploited this vulnerability could elevate their user privileges from those of a restrained user to an unrestrained WDAC user. | Elevation of Privilege | Exploitation Less Likely | |
| CVE-2024-38050 | Windows Workstation Service Elevation of Privilege Vulnerability | Important | 7.8 | No | No | Elevation of Privilege | Exploitation Less Likely | ||
| CVE-2024-38051 | Windows Graphics Component Remote Code Execution Vulnerability | Important | 7.8 | No | No | Remote Code Execution | Exploitation Less Likely | ||
| CVE-2024-38052 | Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability | Important | 7.8 | No | No | An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. | Elevation of Privilege | Exploitation More Likely | |
| CVE-2024-38054 | Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability | Important | 7.8 | No | No | An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. | Elevation of Privilege | Exploitation More Likely | |
| CVE-2024-38057 | Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability | Important | 7.8 | No | No | An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. | Elevation of Privilege | Exploitation Less Likely | |
| CVE-2024-38059 | Win32k Elevation of Privilege Vulnerability | Important | 7.8 | No | No | An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. | Elevation of Privilege | Exploitation More Likely | |
| CVE-2024-38062 | Windows Kernel-Mode Driver Elevation of Privilege Vulnerability | Important | 7.8 | No | No | An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. | Elevation of Privilege | Exploitation Less Likely | |
| CVE-2024-38066 | Windows Win32k Elevation of Privilege Vulnerability | Important | 7.8 | No | No | An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. | Elevation of Privilege | Exploitation More Likely | |
| CVE-2024-38070 | Windows LockDown Policy (WLDP) Security Feature Bypass Vulnerability | Important | 7.8 | No | No | An attacker who successfully exploited this vulnerability could bypass the execution policy for the Windows LockDown Policy (WLDP) for the WDAC API. | Security Feature Bypass | Exploitation Less Likely | |
| CVE-2024-38079 | Windows Graphics Component Elevation of Privilege Vulnerability | Important | 7.8 | No | No | An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. | Elevation of Privilege | Exploitation More Likely | |
| CVE-2024-38085 | Windows Graphics Component Elevation of Privilege Vulnerability | Important | 7.8 | No | No | An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. | Elevation of Privilege | Exploitation More Likely | |
| CVE-2024-38100 | Windows File Explorer Elevation of Privilege Vulnerability | Important | 7.8 | No | No | An attacker who successfully exploited this vulnerability could gain administrator privileges. | Elevation of Privilege | Exploitation More Likely | |
| CVE-2024-35266 | Azure DevOps Server Spoofing Vulnerability | Important | 7.6 | No | No | Spoofing | Exploitation Less Likely | ||
| CVE-2024-35267 | Azure DevOps Server Spoofing Vulnerability | Important | 7.6 | No | No | Spoofing | Exploitation Less Likely | ||
| CVE-2024-30098 | Windows Cryptographic Services Security Feature Bypass Vulnerability | Important | 7.5 | No | No | An attacker who successfully exploited this vulnerability could bypass digital signatures on a vulnerable system. | Security Feature Bypass | Exploitation Less Likely | |
| CVE-2024-30105 | .NET Core and Visual Studio Denial of Service Vulnerability | Important | 7.5 | No | No | Denial of Service | Exploitation Less Likely | ||
| CVE-2024-32987 | Microsoft SharePoint Server Information Disclosure Vulnerability | Important | 7.5 | No | No | Information Disclosure | Exploitation Less Likely | ||
| CVE-2024-38015 | Windows Remote Desktop Gateway (RD Gateway) Denial of Service Vulnerability | Important | 7.5 | No | No | Denial of Service | Exploitation Less Likely | ||
| CVE-2024-38031 | Windows Online Certificate Status Protocol (OCSP) Server Denial of Service Vulnerability | Important | 7.5 | No | No | Denial of Service | Exploitation Less Likely | ||
| CVE-2024-38061 | DCOM Remote Cross-Session Activation Elevation of Privilege Vulnerability | Important | 7.5 | No | No | Elevation of Privilege | Exploitation Less Likely | ||
| CVE-2024-38064 | Windows TCP/IP Information Disclosure Vulnerability | Important | 7.5 | No | No | An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory. | Information Disclosure | Exploitation Less Likely | |
| CVE-2024-38067 | Windows Online Certificate Status Protocol (OCSP) Server Denial of Service Vulnerability | Important | 7.5 | No | No | Denial of Service | Exploitation Less Likely | ||
| CVE-2024-38068 | Windows Online Certificate Status Protocol (OCSP) Server Denial of Service Vulnerability | Important | 7.5 | No | No | Denial of Service | Exploitation Less Likely | ||
| CVE-2024-38071 | Windows Remote Desktop Licensing Service Denial of Service Vulnerability | Important | 7.5 | No | No | An attacker could impact availability of the service resulting in Denial of Service (DoS). | Denial of Service | Exploitation Less Likely | |
| CVE-2024-38072 | Windows Remote Desktop Licensing Service Denial of Service Vulnerability | Important | 7.5 | No | No | An attacker could impact availability of the service resulting in Denial of Service (DoS). | Denial of Service | Exploitation Less Likely | |
| CVE-2024-38073 | Windows Remote Desktop Licensing Service Denial of Service Vulnerability | Important | 7.5 | No | No | An attacker could impact availability of the service resulting in Denial of Service (DoS). | Denial of Service | Exploitation Less Likely | |
| CVE-2024-38078 | Xbox Wireless Adapter Remote Code Execution Vulnerability | Important | 7.5 | No | No | Remote Code Execution | Exploitation Less Likely | ||
| CVE-2024-38091 | Microsoft WS-Discovery Denial of Service Vulnerability | Important | 7.5 | No | No | Denial of Service | Exploitation Less Likely | ||
| CVE-2024-38095 | .NET and Visual Studio Denial of Service Vulnerability | Important | 7.5 | No | No | Denial of Service | Exploitation Less Likely | ||
| CVE-2024-30061 | Microsoft Dynamics 365 (On-Premises) Information Disclosure Vulnerability | Important | 7.3 | No | No | This vulnerability discloses data stored in the underlying datasets in Dataverse, that could include Personal Identifiable Information. | Information Disclosure | Exploitation Less Likely | |
| CVE-2024-38033 | PowerShell Elevation of Privilege Vulnerability | Important | 7.3 | No | No | Elevation of Privilege | Exploitation Less Likely | ||
| CVE-2024-38081 | .NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability | Important | 7.3 | No | No | An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. | Elevation of Privilege | Exploitation Less Likely | |
| CVE-2024-38023 | Microsoft SharePoint Server Remote Code Execution Vulnerability | Critical | 7.2 | No | No | Remote Code Execution | Exploitation More Likely | ||
| CVE-2024-38019 | Microsoft Windows Performance Data Helper Library Remote Code Execution Vulnerability | Important | 7.2 | No | No | Remote Code Execution | Exploitation Less Likely | ||
| CVE-2024-38024 | Microsoft SharePoint Server Remote Code Execution Vulnerability | Important | 7.2 | No | No | Remote Code Execution | Exploitation More Likely | ||
| CVE-2024-38025 | Microsoft Windows Performance Data Helper Library Remote Code Execution Vulnerability | Important | 7.2 | No | No | To exploit this vulnerability, a victim machine must be running a performance counter collection tool such as Performance Monitor to collect performance counter data from an attacker machine. An attacker with local admin authority on the attacker machine could run malicious code remotely in the victim machine’s performance counter data collector process. | Remote Code Execution | Exploitation Less Likely | |
| CVE-2024-38028 | Microsoft Windows Performance Data Helper Library Remote Code Execution Vulnerability | Important | 7.2 | No | No | Remote Code Execution | Exploitation Less Likely | ||
| CVE-2024-38044 | DHCP Server Service Remote Code Execution Vulnerability | Important | 7.2 | No | No | Successful exploitation of this vulnerability requires the attacker or targeted user to have specific elevated DHCP Server privileges. As is best practice, regular validation and audits of administrative groups should be conducted. | Remote Code Execution | Exploitation Less Likely | |
| CVE-2024-38094 | Microsoft SharePoint Remote Code Execution Vulnerability | Important | 7.2 | No | No | Remote Code Execution | Exploitation More Likely | ||
| CVE-2024-30081 | Windows NTLM Spoofing Vulnerability | Important | 7.1 | No | No | Spoofing | Exploitation Less Likely | ||
| CVE-2024-38032 | Microsoft Xbox Remote Code Execution Vulnerability | Important | 7.1 | No | No | Remote Code Execution | Exploitation Less Likely | ||
| CVE-2024-38022 | Windows Image Acquisition Elevation of Privilege Vulnerability | Important | 7.0 | No | No | An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. | Elevation of Privilege | Exploitation Less Likely | |
| CVE-2024-38069 | Windows Enroll Engine Security Feature Bypass Vulnerability | Important | 7.0 | No | No | An attacker who successfully exploited this vulnerability could bypass certificate validation during the account enrollment process. | Security Feature Bypass | Exploitation Less Likely | |
| CVE-2024-26184 | Secure Boot Security Feature Bypass Vulnerability | Important | 6.8 | No | No | Security Feature Bypass | Exploitation Less Likely | ||
| CVE-2024-38058 | BitLocker Security Feature Bypass Vulnerability | Important | 6.8 | No | No | Security Feature Bypass | Exploitation Less Likely | ||
| CVE-2024-38065 | Secure Boot Security Feature Bypass Vulnerability | Important | 6.8 | No | No | An attacker who successfully exploited this vulnerability could bypass Secure Boot. | Security Feature Bypass | Exploitation Less Likely | |
| CVE-2024-38013 | Microsoft Windows Server Backup Elevation of Privilege Vulnerability | Important | 6.7 | No | No | An attacker would be able to delete any system files. | Elevation of Privilege | Exploitation Less Likely | |
| CVE-2024-38049 | Windows Distributed Transaction Coordinator Remote Code Execution Vulnerability | Important | 6.6 | No | No | Remote Code Execution | Exploitation Less Likely | ||
| CVE-2024-38027 | Windows Line Printer Daemon Service Denial of Service Vulnerability | Important | 6.5 | No | No | Denial of Service | Exploitation Less Likely | ||
| CVE-2024-38030 | Windows Themes Spoofing Vulnerability | Important | 6.5 | No | No | An attacker would have to convince the user to load a malicious file onto a vulnerable system, typically by way of an enticement in an Email or Instant Messenger message, and then convince the user to manipulate the specially crafted file, but not necessarily click or open the malicious file. | Yes Mitigation refers to a setting, common configuration, or general best-practice, existing in a default state, that could reduce the severity of exploitation of a vulnerability. The following mitigations might apply in your situation: Systems that have disabled NTLM are not affected. |
Spoofing | Exploitation Less Likely |
| CVE-2024-38048 | Windows Network Driver Interface Specification (NDIS) Denial of Service Vulnerability | Important | 6.5 | No | No | Denial of Service | Exploitation Less Likely | ||
| CVE-2024-38101 | Windows Layer-2 Bridge Network Driver Denial of Service Vulnerability | Important | 6.5 | No | No | Denial of Service | Exploitation Less Likely | ||
| CVE-2024-38102 | Windows Layer-2 Bridge Network Driver Denial of Service Vulnerability | Important | 6.5 | No | No | This attack is limited to systems connected to the same network segment as the attacker. The attack cannot be performed across multiple networks (for example, a WAN) and would be limited to systems on the same network switch or virtual network. | Denial of Service | Exploitation Less Likely | |
| CVE-2024-38105 | Windows Layer-2 Bridge Network Driver Denial of Service Vulnerability | Important | 6.5 | No | No | Denial of Service | Exploitation Less Likely | ||
| CVE-2024-38020 | Microsoft Outlook Spoofing Vulnerability | Moderate | 6.5 | No | No | Exploiting this vulnerability could allow the disclosure of NTLM hashes. | Spoofing | Exploitation Less Likely | |
| CVE-2024-38086 | Azure Kinect SDK Remote Code Execution Vulnerability | Important | 6.4 | No | No | Remote Code Execution | Exploitation Less Likely | ||
| CVE-2024-38099 | Windows Remote Desktop Licensing Service Denial of Service Vulnerability | Important | 5.9 | No | No | Denial of Service | Exploitation More Likely | ||
| CVE-2024-38017 | Microsoft Message Queuing Information Disclosure Vulnerability | Important | 5.5 | No | No | An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory. | Information Disclosure | Exploitation Less Likely | |
| CVE-2024-38041 | Windows Kernel Information Disclosure Vulnerability | Important | 5.5 | No | No | Information Disclosure | Exploitation Less Likely | ||
| CVE-2024-38055 | Microsoft Windows Codecs Library Information Disclosure Vulnerability | Important | 5.5 | No | No | Exploiting this vulnerability could allow the disclosure of certain kernel memory content. | Information Disclosure | Exploitation Less Likely | |
| CVE-2024-38056 | Microsoft Windows Codecs Library Information Disclosure Vulnerability | Important | 5.5 | No | No | An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory. | Information Disclosure | Exploitation Less Likely | |
| CVE-2024-35270 | Windows iSCSI Service Denial of Service Vulnerability | Important | 5.3 | No | No | Denial of Service | Exploitation Less Likely | ||
| CVE-2024-30071 | Windows Remote Access Connection Manager Information Disclosure Vulnerability | Important | 4.7 | No | No | An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory. | Information Disclosure | Exploitation Less Likely |
Do you need help keeping up patches? Syxsense’s automated patch management capabilities helps enterprises patch faster and more accurately. Schedule a consultation with us to learn how we can help you.
