Microsoft fixes 142 vulnerabilities in the July 2024 Patch Tuesday update
Among them were four zero days CVEs.
11 min. read
Published on
Read our disclosure page to find out how can you help Windows Report sustain the editorial team Read more
Microsoft’s Patch Tuesday in July 2024 dealt with 142 vulnerabilities, many of which revolve around remote code execution vulnerabilities. Among these were four zero-days that made the tech world very anxious: two actively exploited and another pair that had just been made public.
The Windows Hyper-V Elevation of Privilege Vulnerability was highlighted in the zero days. Microsoft fixed this vulnerability, which allowed attackers to reach SYSTEM privileges. Another fix that stands out is the Windows MSHTML spoofing vulnerability, which requires attackers to send a harmful file to their target. This method is frequently used in cyber attacks.
Microsoft also addressed the zero-day vulnerabilities in .NET, Visual Studio, and the FetchBench side channel, which can steal information through remote code execution. These two were not disclosed to the public, and the Redmond-based tech giant preferred to deal with them before making them known to users.
Here’s the breakdown of all the types of fixed vulnerabilities with the July Patch Tuesday updates.
- 59 Remote Code Execution Vulnerabilities
- 26 Elevation of Privileges Vulnerabilities
- 24 Security Feature Bypass Vulnerabilities
- 17 Denial of Service Vulnerabilities
- 9 Information Disclosure Vulnerabilities
- 7 Spoofing Vulnerabilities
Microsoft did not only patch vulnerabilities but also fixed five critical ones. All of these were flaws in remote code execution. This means that attackers could have taken over a system from a distance, making these fixes very important for the safety of users around the globe. The breakdown of fixed vulnerabilities involved different dangers, ranging from privilege escalation to service refusal.
The Redmond-based tech giant wasn’t alone in this effort. Big tech players such as Adobe, Cisco, and VMware also released updates, indicating a joint action within the tech sector to fight against cybersecurity risks. Adobe fixed vulnerabilities in Premiere Pro, InDesign, and Bridge, while Cisco and VMware dealt with flaws found within their products; this shows that every nook of the technology globe may be exposed to danger.
It is also worth mentioning that SQL Server customers might want to update their Windows servers as soon as possible. The July Patch Tuesday update deals with tens of CVEs that focus on SQL Server vulnerabilities. As you can see in the table below, all of them are deemed important, with some reaching a high score.
For those who worry about cybersecurity, there is another issue they might want to pay attention to: CVEs with the No Customer Action Is Required label. Microsoft announced in June that it wanted to release CVEs specifically for cloud security issues; many of these will also have the label, so it will be an extra step for those wanting to keep their devices and servers safe. The July Patch Tuesday update doesn’t feature any CVEs with the label, but starting next month, Microsoft might release them with these additional criteria to be considered and consulted.
Below, you can see all the CVEs addressed with the July Patch Tuesday updates. The 142 vulnerabilities are almost triple the number of CVEs addressed last month.
Tag | CVE ID | CVE Title | Severity |
---|---|---|---|
.NET and Visual Studio | CVE-2024-30105 | .NET Core and Visual Studio Denial of Service Vulnerability | Important |
.NET and Visual Studio | CVE-2024-38081 | .NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability | Important |
.NET and Visual Studio | CVE-2024-35264 | .NET and Visual Studio Remote Code Execution Vulnerability | Important |
.NET and Visual Studio | CVE-2024-38095 | .NET and Visual Studio Denial of Service Vulnerability | Important |
Active Directory Rights Management Services | CVE-2024-39684 | Github: CVE-2024-39684 TenCent RapidJSON Elevation of Privilege Vulnerability | Moderate |
Active Directory Rights Management Services | CVE-2024-38517 | Github: CVE-2024-38517 TenCent RapidJSON Elevation of Privilege Vulnerability | Moderate |
Azure CycleCloud | CVE-2024-38092 | Azure CycleCloud Elevation of Privilege Vulnerability | Important |
Azure DevOps | CVE-2024-35266 | Azure DevOps Server Spoofing Vulnerability | Important |
Azure DevOps | CVE-2024-35267 | Azure DevOps Server Spoofing Vulnerability | Important |
Azure Kinect SDK | CVE-2024-38086 | Azure Kinect SDK Remote Code Execution Vulnerability | Important |
Azure Network Watcher | CVE-2024-35261 | Azure Network Watcher VM Extension Elevation of Privilege Vulnerability | Important |
Intel | CVE-2024-37985 | Arm: CVE-2024-37985 Systematic Identification and Characterization of Proprietary Prefetchers | Important |
Line Printer Daemon Service (LPD) | CVE-2024-38027 | Windows Line Printer Daemon Service Denial of Service Vulnerability | Important |
Microsoft Defender for IoT | CVE-2024-38089 | Microsoft Defender for IoT Elevation of Privilege Vulnerability | Important |
Microsoft Dynamics | CVE-2024-30061 | Microsoft Dynamics 365 (On-Premises) Information Disclosure Vulnerability | Important |
Microsoft Graphics Component | CVE-2024-38079 | Windows Graphics Component Elevation of Privilege Vulnerability | Important |
Microsoft Graphics Component | CVE-2024-38051 | Windows Graphics Component Remote Code Execution Vulnerability | Important |
Microsoft Office | CVE-2024-38021 | Microsoft Office Remote Code Execution Vulnerability | Important |
Microsoft Office Outlook | CVE-2024-38020 | Microsoft Outlook Spoofing Vulnerability | Moderate |
Microsoft Office SharePoint | CVE-2024-38024 | Microsoft SharePoint Server Remote Code Execution Vulnerability | Important |
Microsoft Office SharePoint | CVE-2024-38023 | Microsoft SharePoint Server Remote Code Execution Vulnerability | Critical |
Microsoft Office SharePoint | CVE-2024-32987 | Microsoft SharePoint Server Information Disclosure Vulnerability | Important |
Microsoft Office SharePoint | CVE-2024-38094 | Microsoft SharePoint Remote Code Execution Vulnerability | Important |
Microsoft Streaming Service | CVE-2024-38057 | Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability | Important |
Microsoft Streaming Service | CVE-2024-38054 | Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability | Important |
Microsoft Streaming Service | CVE-2024-38052 | Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability | Important |
Microsoft Windows Codecs Library | CVE-2024-38055 | Microsoft Windows Codecs Library Information Disclosure Vulnerability | Important |
Microsoft Windows Codecs Library | CVE-2024-38056 | Microsoft Windows Codecs Library Information Disclosure Vulnerability | Important |
Microsoft WS-Discovery | CVE-2024-38091 | Microsoft WS-Discovery Denial of Service Vulnerability | Important |
NDIS | CVE-2024-38048 | Windows Network Driver Interface Specification (NDIS) Denial of Service Vulnerability | Important |
NPS RADIUS Server | CVE-2024-3596 | CERT/CC: CVE-2024-3596 RADIUS Protocol Spoofing Vulnerability | Important |
Role: Active Directory Certificate Services; Active Directory Domain Services | CVE-2024-38061 | DCOM Remote Cross-Session Activation Elevation of Privilege Vulnerability | Important |
Role: Windows Hyper-V | CVE-2024-38080 | Windows Hyper-V Elevation of Privilege Vulnerability | Important |
SQL Server | CVE-2024-28928 | SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | Important |
SQL Server | CVE-2024-38088 | SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | Important |
SQL Server | CVE-2024-20701 | SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | Important |
SQL Server | CVE-2024-21317 | SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | Important |
SQL Server | CVE-2024-21331 | SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | Important |
SQL Server | CVE-2024-21308 | SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | Important |
SQL Server | CVE-2024-21333 | SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | Important |
SQL Server | CVE-2024-35256 | SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | Important |
SQL Server | CVE-2024-21303 | SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | Important |
SQL Server | CVE-2024-21335 | SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | Important |
SQL Server | CVE-2024-35271 | SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | Important |
SQL Server | CVE-2024-35272 | SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | Important |
SQL Server | CVE-2024-21332 | SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | Important |
SQL Server | CVE-2024-38087 | SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | Important |
SQL Server | CVE-2024-21425 | SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | Important |
SQL Server | CVE-2024-21449 | SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | Important |
SQL Server | CVE-2024-37324 | SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | Important |
SQL Server | CVE-2024-37330 | SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | Important |
SQL Server | CVE-2024-37326 | SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | Important |
SQL Server | CVE-2024-37329 | SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | Important |
SQL Server | CVE-2024-37328 | SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | Important |
SQL Server | CVE-2024-37327 | SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | Important |
SQL Server | CVE-2024-37334 | Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability | Important |
SQL Server | CVE-2024-37321 | SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | Important |
SQL Server | CVE-2024-37320 | SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | Important |
SQL Server | CVE-2024-37319 | SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | Important |
SQL Server | CVE-2024-37322 | SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | Important |
SQL Server | CVE-2024-37333 | SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | Important |
SQL Server | CVE-2024-37336 | SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | Important |
SQL Server | CVE-2024-37323 | SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | Important |
SQL Server | CVE-2024-37331 | SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | Important |
SQL Server | CVE-2024-21398 | SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | Important |
SQL Server | CVE-2024-21373 | SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | Important |
SQL Server | CVE-2024-37318 | SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | Important |
SQL Server | CVE-2024-21428 | SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | Important |
SQL Server | CVE-2024-21415 | SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | Important |
SQL Server | CVE-2024-37332 | SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | Important |
SQL Server | CVE-2024-21414 | SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | Important |
Windows BitLocker | CVE-2024-38058 | BitLocker Security Feature Bypass Vulnerability | Important |
Windows COM Session | CVE-2024-38100 | Windows File Explorer Elevation of Privilege Vulnerability | Important |
Windows CoreMessaging | CVE-2024-21417 | Windows Text Services Framework Elevation of Privilege Vulnerability | Important |
Windows Cryptographic Services | CVE-2024-30098 | Windows Cryptographic Services Security Feature Bypass Vulnerability | Important |
Windows DHCP Server | CVE-2024-38044 | DHCP Server Service Remote Code Execution Vulnerability | Important |
Windows Distributed Transaction Coordinator | CVE-2024-38049 | Windows Distributed Transaction Coordinator Remote Code Execution Vulnerability | Important |
Windows Enroll Engine | CVE-2024-38069 | Windows Enroll Engine Security Feature Bypass Vulnerability | Important |
Windows Fax and Scan Service | CVE-2024-38104 | Windows Fax Service Remote Code Execution Vulnerability | Important |
Windows Filtering | CVE-2024-38034 | Windows Filtering Platform Elevation of Privilege Vulnerability | Important |
Windows Image Acquisition | CVE-2024-38022 | Windows Image Acquisition Elevation of Privilege Vulnerability | Important |
Windows Imaging Component | CVE-2024-38060 | Windows Imaging Component Remote Code Execution Vulnerability | Critical |
Windows Internet Connection Sharing (ICS) | CVE-2024-38105 | Windows Layer-2 Bridge Network Driver Denial of Service Vulnerability | Important |
Windows Internet Connection Sharing (ICS) | CVE-2024-38053 | Windows Layer-2 Bridge Network Driver Remote Code Execution Vulnerability | Important |
Windows Internet Connection Sharing (ICS) | CVE-2024-38102 | Windows Layer-2 Bridge Network Driver Denial of Service Vulnerability | Important |
Windows Internet Connection Sharing (ICS) | CVE-2024-38101 | Windows Layer-2 Bridge Network Driver Denial of Service Vulnerability | Important |
Windows iSCSI | CVE-2024-35270 | Windows iSCSI Service Denial of Service Vulnerability | Important |
Windows Kernel | CVE-2024-38041 | Windows Kernel Information Disclosure Vulnerability | Important |
Windows Kernel-Mode Drivers | CVE-2024-38062 | Windows Kernel-Mode Driver Elevation of Privilege Vulnerability | Important |
Windows LockDown Policy (WLDP) | CVE-2024-38070 | Windows LockDown Policy (WLDP) Security Feature Bypass Vulnerability | Important |
Windows Message Queuing | CVE-2024-38017 | Microsoft Message Queuing Information Disclosure Vulnerability | Important |
Windows MSHTML Platform | CVE-2024-38112 | Windows MSHTML Platform Spoofing Vulnerability | Important |
Windows MultiPoint Services | CVE-2024-30013 | Windows MultiPoint Services Remote Code Execution Vulnerability | Important |
Windows NTLM | CVE-2024-30081 | Windows NTLM Spoofing Vulnerability | Important |
Windows Online Certificate Status Protocol (OCSP) | CVE-2024-38068 | Windows Online Certificate Status Protocol (OCSP) Server Denial of Service Vulnerability | Important |
Windows Online Certificate Status Protocol (OCSP) | CVE-2024-38067 | Windows Online Certificate Status Protocol (OCSP) Server Denial of Service Vulnerability | Important |
Windows Online Certificate Status Protocol (OCSP) | CVE-2024-38031 | Windows Online Certificate Status Protocol (OCSP) Server Denial of Service Vulnerability | Important |
Windows Performance Monitor | CVE-2024-38028 | Microsoft Windows Performance Data Helper Library Remote Code Execution Vulnerability | Important |
Windows Performance Monitor | CVE-2024-38019 | Microsoft Windows Performance Data Helper Library Remote Code Execution Vulnerability | Important |
Windows Performance Monitor | CVE-2024-38025 | Microsoft Windows Performance Data Helper Library Remote Code Execution Vulnerability | Important |
Windows PowerShell | CVE-2024-38043 | PowerShell Elevation of Privilege Vulnerability | Important |
Windows PowerShell | CVE-2024-38047 | PowerShell Elevation of Privilege Vulnerability | Important |
Windows PowerShell | CVE-2024-38033 | PowerShell Elevation of Privilege Vulnerability | Important |
Windows Remote Access Connection Manager | CVE-2024-30071 | Windows Remote Access Connection Manager Information Disclosure Vulnerability | Important |
Windows Remote Access Connection Manager | CVE-2024-30079 | Windows Remote Access Connection Manager Elevation of Privilege Vulnerability | Important |
Windows Remote Desktop | CVE-2024-38076 | Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability | Critical |
Windows Remote Desktop | CVE-2024-38015 | Windows Remote Desktop Gateway (RD Gateway) Denial of Service Vulnerability | Important |
Windows Remote Desktop Licensing Service | CVE-2024-38071 | Windows Remote Desktop Licensing Service Denial of Service Vulnerability | Important |
Windows Remote Desktop Licensing Service | CVE-2024-38073 | Windows Remote Desktop Licensing Service Denial of Service Vulnerability | Important |
Windows Remote Desktop Licensing Service | CVE-2024-38074 | Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability | Critical |
Windows Remote Desktop Licensing Service | CVE-2024-38072 | Windows Remote Desktop Licensing Service Denial of Service Vulnerability | Important |
Windows Remote Desktop Licensing Service | CVE-2024-38077 | Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability | Critical |
Windows Remote Desktop Licensing Service | CVE-2024-38099 | Windows Remote Desktop Licensing Service Denial of Service Vulnerability | Important |
Windows Secure Boot | CVE-2024-38065 | Secure Boot Security Feature Bypass Vulnerability | Important |
Windows Secure Boot | CVE-2024-37986 | Secure Boot Security Feature Bypass Vulnerability | Important |
Windows Secure Boot | CVE-2024-37981 | Secure Boot Security Feature Bypass Vulnerability | Important |
Windows Secure Boot | CVE-2024-37987 | Secure Boot Security Feature Bypass Vulnerability | Important |
Windows Secure Boot | CVE-2024-28899 | Secure Boot Security Feature Bypass Vulnerability | Important |
Windows Secure Boot | CVE-2024-26184 | Secure Boot Security Feature Bypass Vulnerability | Important |
Windows Secure Boot | CVE-2024-38011 | Secure Boot Security Feature Bypass Vulnerability | Important |
Windows Secure Boot | CVE-2024-37984 | Secure Boot Security Feature Bypass Vulnerability | Important |
Windows Secure Boot | CVE-2024-37988 | Secure Boot Security Feature Bypass Vulnerability | Important |
Windows Secure Boot | CVE-2024-37977 | Secure Boot Security Feature Bypass Vulnerability | Important |
Windows Secure Boot | CVE-2024-37978 | Secure Boot Security Feature Bypass Vulnerability | Important |
Windows Secure Boot | CVE-2024-37974 | Secure Boot Security Feature Bypass Vulnerability | Important |
Windows Secure Boot | CVE-2024-38010 | Secure Boot Security Feature Bypass Vulnerability | Important |
Windows Secure Boot | CVE-2024-37989 | Secure Boot Security Feature Bypass Vulnerability | Important |
Windows Secure Boot | CVE-2024-37970 | Secure Boot Security Feature Bypass Vulnerability | Important |
Windows Secure Boot | CVE-2024-37975 | Secure Boot Security Feature Bypass Vulnerability | Important |
Windows Secure Boot | CVE-2024-37972 | Secure Boot Security Feature Bypass Vulnerability | Important |
Windows Secure Boot | CVE-2024-37973 | Secure Boot Security Feature Bypass Vulnerability | Important |
Windows Secure Boot | CVE-2024-37971 | Secure Boot Security Feature Bypass Vulnerability | Important |
Windows Secure Boot | CVE-2024-37969 | Secure Boot Security Feature Bypass Vulnerability | Important |
Windows Server Backup | CVE-2024-38013 | Microsoft Windows Server Backup Elevation of Privilege Vulnerability | Important |
Windows TCP/IP | CVE-2024-38064 | Windows TCP/IP Information Disclosure Vulnerability | Important |
Windows Themes | CVE-2024-38030 | Windows Themes Spoofing Vulnerability | Important |
Windows Win32 Kernel Subsystem | CVE-2024-38085 | Windows Graphics Component Elevation of Privilege Vulnerability | Important |
Windows Win32K – GRFX | CVE-2024-38066 | Windows Win32k Elevation of Privilege Vulnerability | Important |
Windows Win32K – ICOMP | CVE-2024-38059 | Win32k Elevation of Privilege Vulnerability | Important |
Windows Workstation Service | CVE-2024-38050 | Windows Workstation Service Elevation of Privilege Vulnerability | Important |
XBox Crypto Graphic Services | CVE-2024-38032 | Microsoft Xbox Remote Code Execution Vulnerability | Important |
XBox Crypto Graphic Services | CVE-2024-38078 | Xbox Wireless Adapter Remote Code Execution Vulnerability | Important |