Patch-A-Palooza: Microsoft Seals 142 Security Gaps – Just 4 Critical, 2 Under Attack!

Struggling to stay afloat in the sea of patches? Microsoft’s latest update tackles 142 vulnerabilities, with a quartet of critical flaws that could sink your security ship. Don’t let your guard down; two are already in the wild, preying on the unpatched. Ahoy, update ahead! Focus keyphrase: “Microsoft’s latest update.”

Hot Take:

142 vulnerabilities, and only four are critical? That’s like throwing a cybersecurity party and only the nerds show up. But don’t get too comfy; among the wallflowers are a couple of party crashers already exploited in the wild. Time to update, folks, because it looks like Patch Tuesday just turned into Patch-Your-Systems-Right-Now Tuesday.

Key Points:

  • CVE-2024-38080: SYSTEM privilege is up for grabs with this Hyper-V vulnerability.
  • CVE-2024-38112: MSHTML is playing dress-up again, tricking victims with spoofing shenanigans.
  • CVE-2024-35264: Race condition in .NET and Visual Studio? Start your engines, hackers!
  • Three’s a crowd with CVE-2024-38074, CVE-2024-38076, and CVE-2024-38077 making RDP Licensing Service the life of the exploit party.
  • CVE-2024-38060: TIFF images on Windows Imaging Component can deliver more than just pretty pictures.
Title: Azure DevOps Server Spoofing Vulnerability
Cve id: CVE-2024-35267
Cve state: PUBLISHED
Cve assigner short name: microsoft
Cve date updated: 07/09/2024
Cve description: Azure DevOps Server Spoofing Vulnerability

Title: SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
Cve id: CVE-2024-37319
Cve state: PUBLISHED
Cve assigner short name: microsoft
Cve date updated: 07/09/2024
Cve description: SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

Title: .NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability
Cve id: CVE-2024-38081
Cve state: PUBLISHED
Cve assigner short name: microsoft
Cve date updated: 07/09/2024
Cve description: .NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability

Title: SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
Cve id: CVE-2024-37323
Cve state: PUBLISHED
Cve assigner short name: microsoft
Cve date updated: 07/09/2024
Cve description: SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

Title: Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability
Cve id: CVE-2024-38076
Cve state: PUBLISHED
Cve assigner short name: microsoft
Cve date updated: 07/09/2024
Cve description: Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability

Title: Windows Image Acquisition Elevation of Privilege Vulnerability
Cve id: CVE-2024-38022
Cve state: PUBLISHED
Cve assigner short name: microsoft
Cve date updated: 07/09/2024
Cve description: Windows Image Acquisition Elevation of Privilege Vulnerability

Title: Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability
Cve id: CVE-2024-38052
Cve state: PUBLISHED
Cve assigner short name: microsoft
Cve date updated: 07/09/2024
Cve description: Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability

Title: Microsoft Windows Codecs Library Information Disclosure Vulnerability
Cve id: CVE-2024-38055
Cve state: PUBLISHED
Cve assigner short name: microsoft
Cve date updated: 07/09/2024
Cve description: Microsoft Windows Codecs Library Information Disclosure Vulnerability

Title: Windows Graphics Component Elevation of Privilege Vulnerability
Cve id: CVE-2024-38079
Cve state: PUBLISHED
Cve assigner short name: microsoft
Cve date updated: 07/09/2024
Cve description: Windows Graphics Component Elevation of Privilege Vulnerability

Title: SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
Cve id: CVE-2024-21449
Cve state: PUBLISHED
Cve assigner short name: microsoft
Cve date updated: 07/09/2024
Cve description: SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

Title: Windows Distributed Transaction Coordinator Remote Code Execution Vulnerability
Cve id: CVE-2024-38049
Cve state: PUBLISHED
Cve assigner short name: microsoft
Cve date updated: 07/09/2024
Cve description: Windows Distributed Transaction Coordinator Remote Code Execution Vulnerability

Title: SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
Cve id: CVE-2024-37328
Cve state: PUBLISHED
Cve assigner short name: microsoft
Cve date updated: 07/09/2024
Cve description: SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

Title: SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
Cve id: CVE-2024-35272
Cve state: PUBLISHED
Cve assigner short name: microsoft
Cve date updated: 07/09/2024
Cve description: SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

Title: SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
Cve id: CVE-2024-37324
Cve state: PUBLISHED
Cve assigner short name: microsoft
Cve date updated: 07/09/2024
Cve description: SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

Title: Windows File Explorer Elevation of Privilege Vulnerability
Cve id: CVE-2024-38100
Cve state: PUBLISHED
Cve assigner short name: microsoft
Cve date updated: 07/09/2024
Cve description: Windows File Explorer Elevation of Privilege Vulnerability

Title: Windows TCP/IP Information Disclosure Vulnerability
Cve id: CVE-2024-38064
Cve state: PUBLISHED
Cve assigner short name: microsoft
Cve date updated: 07/09/2024
Cve description: Windows TCP/IP Information Disclosure Vulnerability

Title: Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability
Cve id: CVE-2024-38077
Cve state: PUBLISHED
Cve assigner short name: microsoft
Cve date updated: 07/09/2024
Cve description: Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability

Title: .NET Core and Visual Studio Denial of Service Vulnerability
Cve id: CVE-2024-30105
Cve state: PUBLISHED
Cve assigner short name: microsoft
Cve date updated: 07/09/2024
Cve description: .NET Core and Visual Studio Denial of Service Vulnerability

Title: Windows Themes Spoofing Vulnerability
Cve id: CVE-2024-38030
Cve state: PUBLISHED
Cve assigner short name: microsoft
Cve date updated: 07/09/2024
Cve description: Windows Themes Spoofing Vulnerability

Title: Windows Remote Access Connection Manager Information Disclosure Vulnerability
Cve id: CVE-2024-30071
Cve state: PUBLISHED
Cve assigner short name: microsoft
Cve date updated: 07/09/2024
Cve description: Windows Remote Access Connection Manager Information Disclosure Vulnerability

Title: Windows Remote Access Connection Manager Elevation of Privilege Vulnerability
Cve id: CVE-2024-30079
Cve state: PUBLISHED
Cve assigner short name: microsoft
Cve date updated: 07/09/2024
Cve description: Windows Remote Access Connection Manager Elevation of Privilege Vulnerability

Title: RADIUS Protocol under RFC2865 is vulnerable to forgery attacks.
Cve id: CVE-2024-3596
Cve state: PUBLISHED
Cve assigner short name: certcc
Cve date updated: 07/09/2024
Cve description: RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify any valid Response (Access-Accept, Access-Reject, or Access-Challenge) to any other response using a chosen-prefix collision attack against MD5 Response Authenticator signature.

Title: Windows Remote Desktop Licensing Service Denial of Service Vulnerability
Cve id: CVE-2024-38099
Cve state: PUBLISHED
Cve assigner short name: microsoft
Cve date updated: 07/09/2024
Cve description: Windows Remote Desktop Licensing Service Denial of Service Vulnerability

Title: Microsoft Defender for IoT Elevation of Privilege Vulnerability
Cve id: CVE-2024-38089
Cve state: PUBLISHED
Cve assigner short name: microsoft
Cve date updated: 07/09/2024
Cve description: Microsoft Defender for IoT Elevation of Privilege Vulnerability

Title: SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
Cve id: CVE-2024-35256
Cve state: PUBLISHED
Cve assigner short name: microsoft
Cve date updated: 07/09/2024
Cve description: SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

Title: BitLocker Security Feature Bypass Vulnerability
Cve id: CVE-2024-38058
Cve state: PUBLISHED
Cve assigner short name: microsoft
Cve date updated: 07/09/2024
Cve description: BitLocker Security Feature Bypass Vulnerability

Title: Microsoft Dynamics 365 (On-Premises) Information Disclosure Vulnerability
Cve id: CVE-2024-30061
Cve state: PUBLISHED
Cve assigner short name: microsoft
Cve date updated: 07/09/2024
Cve description: Microsoft Dynamics 365 (On-Premises) Information Disclosure Vulnerability

Title: SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
Cve id: CVE-2024-21373
Cve state: PUBLISHED
Cve assigner short name: microsoft
Cve date updated: 07/09/2024
Cve description: SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

Title: Microsoft WS-Discovery Denial of Service Vulnerability
Cve id: CVE-2024-38091
Cve state: PUBLISHED
Cve assigner short name: microsoft
Cve date updated: 07/09/2024
Cve description: Microsoft WS-Discovery Denial of Service Vulnerability

Title: Microsoft Office Remote Code Execution Vulnerability
Cve id: CVE-2024-38021
Cve state: PUBLISHED
Cve assigner short name: microsoft
Cve date updated: 07/09/2024
Cve description: Microsoft Office Remote Code Execution Vulnerability

Title: Microsoft SharePoint Server Information Disclosure Vulnerability
Cve id: CVE-2024-32987
Cve state: PUBLISHED
Cve assigner short name: microsoft
Cve date updated: 07/09/2024
Cve description: Microsoft SharePoint Server Information Disclosure Vulnerability

Title: SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
Cve id: CVE-2024-28928
Cve state: PUBLISHED
Cve assigner short name: microsoft
Cve date updated: 07/09/2024
Cve description: SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

Title: Microsoft SharePoint Server Remote Code Execution Vulnerability
Cve id: CVE-2024-38023
Cve state: PUBLISHED
Cve assigner short name: microsoft
Cve date updated: 07/09/2024
Cve description: Microsoft SharePoint Server Remote Code Execution Vulnerability

Title: Windows Text Services Framework Elevation of Privilege Vulnerability
Cve id: CVE-2024-21417
Cve state: PUBLISHED
Cve assigner short name: microsoft
Cve date updated: 07/09/2024
Cve description: Windows Text Services Framework Elevation of Privilege Vulnerability

Title: Win32k Elevation of Privilege Vulnerability
Cve id: CVE-2024-38059
Cve state: PUBLISHED
Cve assigner short name: microsoft
Cve date updated: 07/09/2024
Cve description: Win32k Elevation of Privilege Vulnerability

Title: Windows Remote Desktop Licensing Service Denial of Service Vulnerability
Cve id: CVE-2024-38071
Cve state: PUBLISHED
Cve assigner short name: microsoft
Cve date updated: 07/09/2024
Cve description: Windows Remote Desktop Licensing Service Denial of Service Vulnerability

Title: Secure Boot Security Feature Bypass Vulnerability
Cve id: CVE-2024-37972
Cve state: PUBLISHED
Cve assigner short name: microsoft
Cve date updated: 07/09/2024
Cve description: Secure Boot Security Feature Bypass Vulnerability

Title: Microsoft Windows Server Backup Elevation of Privilege Vulnerability
Cve id: CVE-2024-38013
Cve state: PUBLISHED
Cve assigner short name: microsoft
Cve date updated: 07/09/2024
Cve description: Microsoft Windows Server Backup Elevation of Privilege Vulnerability

Title: Windows Layer-2 Bridge Network Driver Denial of Service Vulnerability
Cve id: CVE-2024-38102
Cve state: PUBLISHED
Cve assigner short name: microsoft
Cve date updated: 07/09/2024
Cve description: Windows Layer-2 Bridge Network Driver Denial of Service Vulnerability

Title: Windows Win32k Elevation of Privilege Vulnerability
Cve id: CVE-2024-38066
Cve state: PUBLISHED
Cve assigner short name: microsoft
Cve date updated: 07/09/2024
Cve description: Windows Win32k Elevation of Privilege Vulnerability

Title: Windows Kernel-Mode Driver Elevation of Privilege Vulnerability
Cve id: CVE-2024-38062
Cve state: PUBLISHED
Cve assigner short name: microsoft
Cve date updated: 07/09/2024
Cve description: Windows Kernel-Mode Driver Elevation of Privilege Vulnerability

Title: .NET and Visual Studio Remote Code Execution Vulnerability
Cve id: CVE-2024-35264
Cve state: PUBLISHED
Cve assigner short name: microsoft
Cve date updated: 07/09/2024
Cve description: .NET and Visual Studio Remote Code Execution Vulnerability

Title: Secure Boot Security Feature Bypass Vulnerability
Cve id: CVE-2024-38010
Cve state: PUBLISHED
Cve assigner short name: microsoft
Cve date updated: 07/09/2024
Cve description: Secure Boot Security Feature Bypass Vulnerability

Title: SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
Cve id: CVE-2024-37336
Cve state: PUBLISHED
Cve assigner short name: microsoft
Cve date updated: 07/09/2024
Cve description: SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

Title: SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
Cve id: CVE-2024-37330
Cve state: PUBLISHED
Cve assigner short name: microsoft
Cve date updated: 07/09/2024
Cve description: SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

Title: SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
Cve id: CVE-2024-37333
Cve state: PUBLISHED
Cve assigner short name: microsoft
Cve date updated: 07/09/2024
Cve description: SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

Title: Secure Boot Security Feature Bypass Vulnerability
Cve id: CVE-2024-37977
Cve state: PUBLISHED
Cve assigner short name: microsoft
Cve date updated: 07/09/2024
Cve description: Secure Boot Security Feature Bypass Vulnerability

Title: SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
Cve id: CVE-2024-21414
Cve state: PUBLISHED
Cve assigner short name: microsoft
Cve date updated: 07/09/2024
Cve description: SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

Title: Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability
Cve id: CVE-2024-38074
Cve state: PUBLISHED
Cve assigner short name: microsoft
Cve date updated: 07/09/2024
Cve description: Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability

Title: SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
Cve id: CVE-2024-37332
Cve state: PUBLISHED
Cve assigner short name: microsoft
Cve date updated: 07/09/2024
Cve description: SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

Title: Secure Boot Security Feature Bypass Vulnerability
Cve id: CVE-2024-37988
Cve state: PUBLISHED
Cve assigner short name: microsoft
Cve date updated: 07/09/2024
Cve description: Secure Boot Security Feature Bypass Vulnerability

Title: DCOM Remote Cross-Session Activation Elevation of Privilege Vulnerability
Cve id: CVE-2024-38061
Cve state: PUBLISHED
Cve assigner short name: microsoft
Cve date updated: 07/09/2024
Cve description: DCOM Remote Cross-Session Activation Elevation of Privilege Vulnerability

Title: Azure Kinect SDK Remote Code Execution Vulnerability
Cve id: CVE-2024-38086
Cve state: PUBLISHED
Cve assigner short name: microsoft
Cve date updated: 07/09/2024
Cve description: Azure Kinect SDK Remote Code Execution Vulnerability

Title: Secure Boot Security Feature Bypass Vulnerability
Cve id: CVE-2024-37984
Cve state: PUBLISHED
Cve assigner short name: microsoft
Cve date updated: 07/09/2024
Cve description: Secure Boot Security Feature Bypass Vulnerability

Title: SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
Cve id: CVE-2024-21332
Cve state: PUBLISHED
Cve assigner short name: microsoft
Cve date updated: 07/09/2024
Cve description: SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

Title: Microsoft Windows Codecs Library Information Disclosure Vulnerability
Cve id: CVE-2024-38056
Cve state: PUBLISHED
Cve assigner short name: microsoft
Cve date updated: 07/09/2024
Cve description: Microsoft Windows Codecs Library Information Disclosure Vulnerability

Title: Secure Boot Security Feature Bypass Vulnerability
Cve id: CVE-2024-37969
Cve state: PUBLISHED
Cve assigner short name: microsoft
Cve date updated: 07/09/2024
Cve description: Secure Boot Security Feature Bypass Vulnerability

Title: Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability
Cve id: CVE-2024-38054
Cve state: PUBLISHED
Cve assigner short name: microsoft
Cve date updated: 07/09/2024
Cve description: Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability

Title: Windows Online Certificate Status Protocol (OCSP) Server Denial of Service Vulnerability
Cve id: CVE-2024-38031
Cve state: PUBLISHED
Cve assigner short name: microsoft
Cve date updated: 07/09/2024
Cve description: Windows Online Certificate Status Protocol (OCSP) Server Denial of Service Vulnerability

Title: SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
Cve id: CVE-2024-37331
Cve state: PUBLISHED
Cve assigner short name: microsoft
Cve date updated: 07/09/2024
Cve description: SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

Title: Windows NTLM Spoofing Vulnerability
Cve id: CVE-2024-30081
Cve state: PUBLISHED
Cve assigner short name: microsoft
Cve date updated: 07/09/2024
Cve description: Windows NTLM Spoofing Vulnerability

Title: SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
Cve id: CVE-2024-21317
Cve state: PUBLISHED
Cve assigner short name: microsoft
Cve date updated: 07/09/2024
Cve description: SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

Title: Windows Hyper-V Elevation of Privilege Vulnerability
Cve id: CVE-2024-38080
Cve state: PUBLISHED
Cve assigner short name: microsoft
Cve date updated: 07/09/2024
Cve description: Windows Hyper-V Elevation of Privilege Vulnerability

Title: DHCP Server Service Remote Code Execution Vulnerability
Cve id: CVE-2024-38044
Cve state: PUBLISHED
Cve assigner short name: microsoft
Cve date updated: 07/09/2024
Cve description: DHCP Server Service Remote Code Execution Vulnerability

Title: Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability
Cve id: CVE-2024-38057
Cve state: PUBLISHED
Cve assigner short name: microsoft
Cve date updated: 07/09/2024
Cve description: Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability

Title: Windows Remote Desktop Licensing Service Denial of Service Vulnerability
Cve id: CVE-2024-38072
Cve state: PUBLISHED
Cve assigner short name: microsoft
Cve date updated: 07/09/2024
Cve description: Windows Remote Desktop Licensing Service Denial of Service Vulnerability

Title: Xbox Wireless Adapter Remote Code Execution Vulnerability
Cve id: CVE-2024-38078
Cve state: PUBLISHED
Cve assigner short name: microsoft
Cve date updated: 07/09/2024
Cve description: Xbox Wireless Adapter Remote Code Execution Vulnerability

Title: Windows LockDown Policy (WLDP) Security Feature Bypass Vulnerability
Cve id: CVE-2024-38070
Cve state: PUBLISHED
Cve assigner short name: microsoft
Cve date updated: 07/09/2024
Cve description: Windows LockDown Policy (WLDP) Security Feature Bypass Vulnerability

Title: SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
Cve id: CVE-2024-37327
Cve state: PUBLISHED
Cve assigner short name: microsoft
Cve date updated: 07/09/2024
Cve description: SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

Title: SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
Cve id: CVE-2024-38088
Cve state: PUBLISHED
Cve assigner short name: microsoft
Cve date updated: 07/09/2024
Cve description: SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

Title: Windows Workstation Service Elevation of Privilege Vulnerability
Cve id: CVE-2024-38050
Cve state: PUBLISHED
Cve assigner short name: microsoft
Cve date updated: 07/09/2024
Cve description: Windows Workstation Service Elevation of Privilege Vulnerability

Title: SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
Cve id: CVE-2024-38087
Cve state: PUBLISHED
Cve assigner short name: microsoft
Cve date updated: 07/09/2024
Cve description: SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

Title: Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
Cve id: CVE-2024-37334
Cve state: PUBLISHED
Cve assigner short name: microsoft
Cve date updated: 07/09/2024
Cve description: Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability

Title: SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
Cve id: CVE-2024-35271
Cve state: PUBLISHED
Cve assigner short name: microsoft
Cve date updated: 07/09/2024
Cve description: SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

Title: SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
Cve id: CVE-2024-20701
Cve state: PUBLISHED
Cve assigner short name: microsoft
Cve date updated: 07/09/2024
Cve description: SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

Title: Windows Graphics Component Remote Code Execution Vulnerability
Cve id: CVE-2024-38051
Cve state: PUBLISHED
Cve assigner short name: microsoft
Cve date updated: 07/09/2024
Cve description: Windows Graphics Component Remote Code Execution Vulnerability

Title: Windows Layer-2 Bridge Network Driver Denial of Service Vulnerability
Cve id: CVE-2024-38101
Cve state: PUBLISHED
Cve assigner short name: microsoft
Cve date updated: 07/09/2024
Cve description: Windows Layer-2 Bridge Network Driver Denial of Service Vulnerability

Title: SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
Cve id: CVE-2024-37322
Cve state: PUBLISHED
Cve assigner short name: microsoft
Cve date updated: 07/09/2024
Cve description: SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

Title: SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
Cve id: CVE-2024-37329
Cve state: PUBLISHED
Cve assigner short name: microsoft
Cve date updated: 07/09/2024
Cve description: SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

Title: Secure Boot Security Feature Bypass Vulnerability
Cve id: CVE-2024-37970
Cve state: PUBLISHED
Cve assigner short name: microsoft
Cve date updated: 07/09/2024
Cve description: Secure Boot Security Feature Bypass Vulnerability

Title: SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
Cve id: CVE-2024-21331
Cve state: PUBLISHED
Cve assigner short name: microsoft
Cve date updated: 07/09/2024
Cve description: SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

Title: Secure Boot Security Feature Bypass Vulnerability
Cve id: CVE-2024-37986
Cve state: PUBLISHED
Cve assigner short name: microsoft
Cve date updated: 07/09/2024
Cve description: Secure Boot Security Feature Bypass Vulnerability

Title: Windows Network Driver Interface Specification (NDIS) Denial of Service Vulnerability
Cve id: CVE-2024-38048
Cve state: PUBLISHED
Cve assigner short name: microsoft
Cve date updated: 07/09/2024
Cve description: Windows Network Driver Interface Specification (NDIS) Denial of Service Vulnerability

Title: Windows Filtering Platform Elevation of Privilege Vulnerability
Cve id: CVE-2024-38034
Cve state: PUBLISHED
Cve assigner short name: microsoft
Cve date updated: 07/09/2024
Cve description: Windows Filtering Platform Elevation of Privilege Vulnerability

Title: Windows Remote Desktop Licensing Service Denial of Service Vulnerability
Cve id: CVE-2024-38073
Cve state: PUBLISHED
Cve assigner short name: microsoft
Cve date updated: 07/09/2024
Cve description: Windows Remote Desktop Licensing Service Denial of Service Vulnerability

Title: PowerShell Elevation of Privilege Vulnerability
Cve id: CVE-2024-38043
Cve state: PUBLISHED
Cve assigner short name: microsoft
Cve date updated: 07/09/2024
Cve description: PowerShell Elevation of Privilege Vulnerability

Title: Windows iSCSI Service Denial of Service Vulnerability
Cve id: CVE-2024-35270
Cve state: PUBLISHED
Cve assigner short name: microsoft
Cve date updated: 07/09/2024
Cve description: Windows iSCSI Service Denial of Service Vulnerability

Title: Microsoft Windows Performance Data Helper Library Remote Code Execution Vulnerability
Cve id: CVE-2024-38025
Cve state: PUBLISHED
Cve assigner short name: microsoft
Cve date updated: 07/09/2024
Cve description: Microsoft Windows Performance Data Helper Library Remote Code Execution Vulnerability

Title: PowerShell Elevation of Privilege Vulnerability
Cve id: CVE-2024-38033
Cve state: PUBLISHED
Cve assigner short name: microsoft
Cve date updated: 07/09/2024
Cve description: PowerShell Elevation of Privilege Vulnerability

Title: Microsoft Xbox Remote Code Execution Vulnerability
Cve id: CVE-2024-38032
Cve state: PUBLISHED
Cve assigner short name: microsoft
Cve date updated: 07/09/2024
Cve description: Microsoft Xbox Remote Code Execution Vulnerability

Title: Secure Boot Security Feature Bypass Vulnerability
Cve id: CVE-2024-38065
Cve state: PUBLISHED
Cve assigner short name: microsoft
Cve date updated: 07/09/2024
Cve description: Secure Boot Security Feature Bypass Vulnerability

Title: SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
Cve id: CVE-2024-21308
Cve state: PUBLISHED
Cve assigner short name: microsoft
Cve date updated: 07/09/2024
Cve description: SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

Title: Windows Imaging Component Remote Code Execution Vulnerability
Cve id: CVE-2024-38060
Cve state: PUBLISHED
Cve assigner short name: microsoft
Cve date updated: 07/09/2024
Cve description: Windows Imaging Component Remote Code Execution Vulnerability

Title: Windows Layer-2 Bridge Network Driver Remote Code Execution Vulnerability
Cve id: CVE-2024-38053
Cve state: PUBLISHED
Cve assigner short name: microsoft
Cve date updated: 07/09/2024
Cve description: Windows Layer-2 Bridge Network Driver Remote Code Execution Vulnerability

Title: .NET and Visual Studio Denial of Service Vulnerability
Cve id: CVE-2024-38095
Cve state: PUBLISHED
Cve assigner short name: microsoft
Cve date updated: 07/09/2024
Cve description: .NET and Visual Studio Denial of Service Vulnerability

Title: Windows MSHTML Platform Spoofing Vulnerability
Cve id: CVE-2024-38112
Cve state: PUBLISHED
Cve assigner short name: microsoft
Cve date updated: 07/09/2024
Cve description: Windows MSHTML Platform Spoofing Vulnerability

Title: Microsoft Outlook Spoofing Vulnerability
Cve id: CVE-2024-38020
Cve state: PUBLISHED
Cve assigner short name: microsoft
Cve date updated: 07/09/2024
Cve description: Microsoft Outlook Spoofing Vulnerability

Title: Microsoft Windows Performance Data Helper Library Remote Code Execution Vulnerability
Cve id: CVE-2024-38019
Cve state: PUBLISHED
Cve assigner short name: microsoft
Cve date updated: 07/09/2024
Cve description: Microsoft Windows Performance Data Helper Library Remote Code Execution Vulnerability

Title: Windows Kernel Information Disclosure Vulnerability
Cve id: CVE-2024-38041
Cve state: PUBLISHED
Cve assigner short name: microsoft
Cve date updated: 07/09/2024
Cve description: Windows Kernel Information Disclosure Vulnerability

Title: Secure Boot Security Feature Bypass Vulnerability
Cve id: CVE-2024-37973
Cve state: PUBLISHED
Cve assigner short name: microsoft
Cve date updated: 07/09/2024
Cve description: Secure Boot Security Feature Bypass Vulnerability

Title: Microsoft SharePoint Remote Code Execution Vulnerability
Cve id: CVE-2024-38094
Cve state: PUBLISHED
Cve assigner short name: microsoft
Cve date updated: 07/09/2024
Cve description: Microsoft SharePoint Remote Code Execution Vulnerability

Title: PowerShell Elevation of Privilege Vulnerability
Cve id: CVE-2024-38047
Cve state: PUBLISHED
Cve assigner short name: microsoft
Cve date updated: 07/09/2024
Cve description: PowerShell Elevation of Privilege Vulnerability

Title: Windows Graphics Component Elevation of Privilege Vulnerability
Cve id: CVE-2024-38085
Cve state: PUBLISHED
Cve assigner short name: microsoft
Cve date updated: 07/09/2024
Cve description: Windows Graphics Component Elevation of Privilege Vulnerability

Title: SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
Cve id: CVE-2024-21415
Cve state: PUBLISHED
Cve assigner short name: microsoft
Cve date updated: 07/09/2024
Cve description: SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

Title: Secure Boot Security Feature Bypass Vulnerability
Cve id: CVE-2024-37974
Cve state: PUBLISHED
Cve assigner short name: microsoft
Cve date updated: 07/09/2024
Cve description: Secure Boot Security Feature Bypass Vulnerability

Title: SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
Cve id: CVE-2024-21425
Cve state: PUBLISHED
Cve assigner short name: microsoft
Cve date updated: 07/09/2024
Cve description: SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

Title: Azure CycleCloud Elevation of Privilege Vulnerability
Cve id: CVE-2024-38092
Cve state: PUBLISHED
Cve assigner short name: microsoft
Cve date updated: 07/09/2024
Cve description: Azure CycleCloud Elevation of Privilege Vulnerability

Title: Secure Boot Security Feature Bypass Vulnerability
Cve id: CVE-2024-37989
Cve state: PUBLISHED
Cve assigner short name: microsoft
Cve date updated: 07/09/2024
Cve description: Secure Boot Security Feature Bypass Vulnerability

Title: SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
Cve id: CVE-2024-37321
Cve state: PUBLISHED
Cve assigner short name: microsoft
Cve date updated: 07/09/2024
Cve description: SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

Title: Windows Fax Service Remote Code Execution Vulnerability
Cve id: CVE-2024-38104
Cve state: PUBLISHED
Cve assigner short name: microsoft
Cve date updated: 07/09/2024
Cve description: Windows Fax Service Remote Code Execution Vulnerability

Title: Windows Layer-2 Bridge Network Driver Denial of Service Vulnerability
Cve id: CVE-2024-38105
Cve state: PUBLISHED
Cve assigner short name: microsoft
Cve date updated: 07/09/2024
Cve description: Windows Layer-2 Bridge Network Driver Denial of Service Vulnerability

Title: Windows Cryptographic Services Security Feature Bypass Vulnerability
Cve id: CVE-2024-30098
Cve state: PUBLISHED
Cve assigner short name: microsoft
Cve date updated: 07/09/2024
Cve description: Windows Cryptographic Services Security Feature Bypass Vulnerability

Title: Tencent RapidJSON include/rapidjson/reader.h GenericReader::ParseNumber() Function Template Exponent Parsing Integer Underflow
Cve id: CVE-2024-38517
Cve state: PUBLISHED
Cve assigner short name: GitHub_M
Cve date updated: 07/09/2024
Cve description: Tencent RapidJSON is vulnerable to privilege escalation due to an integer underflow in the `GenericReader::ParseNumber()` function of `include/rapidjson/reader.h` when parsing JSON text from a stream. An attacker needs to send the victim a crafted file which needs to be opened; this triggers the integer underflow vulnerability (when the file is parsed), leading to elevation of privilege.

Title: Secure Boot Security Feature Bypass Vulnerability
Cve id: CVE-2024-37975
Cve state: PUBLISHED
Cve assigner short name: microsoft
Cve date updated: 07/09/2024
Cve description: Secure Boot Security Feature Bypass Vulnerability

Title: Azure Network Watcher VM Extension Elevation of Privilege Vulnerability
Cve id: CVE-2024-35261
Cve state: PUBLISHED
Cve assigner short name: microsoft
Cve date updated: 07/09/2024
Cve description: Azure Network Watcher VM Extension Elevation of Privilege Vulnerability

Title: SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
Cve id: CVE-2024-21335
Cve state: PUBLISHED
Cve assigner short name: microsoft
Cve date updated: 07/09/2024
Cve description: SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

Title: Secure Boot Security Feature Bypass Vulnerability
Cve id: CVE-2024-28899
Cve state: PUBLISHED
Cve assigner short name: microsoft
Cve date updated: 07/09/2024
Cve description: Secure Boot Security Feature Bypass Vulnerability

Title: Windows Line Printer Daemon Service Denial of Service Vulnerability
Cve id: CVE-2024-38027
Cve state: PUBLISHED
Cve assigner short name: microsoft
Cve date updated: 07/09/2024
Cve description: Windows Line Printer Daemon Service Denial of Service Vulnerability

Title: Secure Boot Security Feature Bypass Vulnerability
Cve id: CVE-2024-37981
Cve state: PUBLISHED
Cve assigner short name: microsoft
Cve date updated: 07/09/2024
Cve description: Secure Boot Security Feature Bypass Vulnerability

Title: Secure Boot Security Feature Bypass Vulnerability
Cve id: CVE-2024-37978
Cve state: PUBLISHED
Cve assigner short name: microsoft
Cve date updated: 07/09/2024
Cve description: Secure Boot Security Feature Bypass Vulnerability

Title: Secure Boot Security Feature Bypass Vulnerability
Cve id: CVE-2024-37987
Cve state: PUBLISHED
Cve assigner short name: microsoft
Cve date updated: 07/09/2024
Cve description: Secure Boot Security Feature Bypass Vulnerability

Title: SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
Cve id: CVE-2024-21333
Cve state: PUBLISHED
Cve assigner short name: microsoft
Cve date updated: 07/09/2024
Cve description: SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

Title: SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
Cve id: CVE-2024-21428
Cve state: PUBLISHED
Cve assigner short name: microsoft
Cve date updated: 07/09/2024
Cve description: SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

Title: Tencent RapidJSON include/rapidjson/reader.h GenericReader::ParseNumber() Function Template Exponent Parsing Integer Overflow
Cve id: CVE-2024-39684
Cve state: PUBLISHED
Cve assigner short name: GitHub_M
Cve date updated: 07/09/2024
Cve description: Tencent RapidJSON is vulnerable to privilege escalation due to an integer overflow in the `GenericReader::ParseNumber()` function of `include/rapidjson/reader.h` when parsing JSON text from a stream. An attacker needs to send the victim a crafted file which needs to be opened; this triggers the integer overflow vulnerability (when the file is parsed), leading to elevation of privilege.

Title: SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
Cve id: CVE-2024-37320
Cve state: PUBLISHED
Cve assigner short name: microsoft
Cve date updated: 07/09/2024
Cve description: SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

Title: Azure DevOps Server Spoofing Vulnerability
Cve id: CVE-2024-35266
Cve state: PUBLISHED
Cve assigner short name: microsoft
Cve date updated: 07/09/2024
Cve description: Azure DevOps Server Spoofing Vulnerability

Title: SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
Cve id: CVE-2024-37326
Cve state: PUBLISHED
Cve assigner short name: microsoft
Cve date updated: 07/09/2024
Cve description: SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

Title: Secure Boot Security Feature Bypass Vulnerability
Cve id: CVE-2024-38011
Cve state: PUBLISHED
Cve assigner short name: microsoft
Cve date updated: 07/09/2024
Cve description: Secure Boot Security Feature Bypass Vulnerability

Title: Microsoft Message Queuing Information Disclosure Vulnerability
Cve id: CVE-2024-38017
Cve state: PUBLISHED
Cve assigner short name: microsoft
Cve date updated: 07/09/2024
Cve description: Microsoft Message Queuing Information Disclosure Vulnerability

Title: Windows Enroll Engine Security Feature Bypass Vulnerability
Cve id: CVE-2024-38069
Cve state: PUBLISHED
Cve assigner short name: microsoft
Cve date updated: 07/09/2024
Cve description: Windows Enroll Engine Security Feature Bypass Vulnerability

Title: SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
Cve id: CVE-2024-21398
Cve state: PUBLISHED
Cve assigner short name: microsoft
Cve date updated: 07/09/2024
Cve description: SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

Title: SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
Cve id: CVE-2024-21303
Cve state: PUBLISHED
Cve assigner short name: microsoft
Cve date updated: 07/09/2024
Cve description: SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

Title: Windows Remote Desktop Gateway (RD Gateway) Denial of Service Vulnerability
Cve id: CVE-2024-38015
Cve state: PUBLISHED
Cve assigner short name: microsoft
Cve date updated: 07/09/2024
Cve description: Windows Remote Desktop Gateway (RD Gateway) Denial of Service Vulnerability

Title: Microsoft SharePoint Server Remote Code Execution Vulnerability
Cve id: CVE-2024-38024
Cve state: PUBLISHED
Cve assigner short name: microsoft
Cve date updated: 07/09/2024
Cve description: Microsoft SharePoint Server Remote Code Execution Vulnerability

Title: Windows MultiPoint Services Remote Code Execution Vulnerability
Cve id: CVE-2024-30013
Cve state: PUBLISHED
Cve assigner short name: microsoft
Cve date updated: 07/09/2024
Cve description: Windows MultiPoint Services Remote Code Execution Vulnerability

Title: Windows Online Certificate Status Protocol (OCSP) Server Denial of Service Vulnerability
Cve id: CVE-2024-38068
Cve state: PUBLISHED
Cve assigner short name: microsoft
Cve date updated: 07/09/2024
Cve description: Windows Online Certificate Status Protocol (OCSP) Server Denial of Service Vulnerability

Title: Microsoft Windows Performance Data Helper Library Remote Code Execution Vulnerability
Cve id: CVE-2024-38028
Cve state: PUBLISHED
Cve assigner short name: microsoft
Cve date updated: 07/09/2024
Cve description: Microsoft Windows Performance Data Helper Library Remote Code Execution Vulnerability

Title: SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
Cve id: CVE-2024-37318
Cve state: PUBLISHED
Cve assigner short name: microsoft
Cve date updated: 07/09/2024
Cve description: SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

Title: Secure Boot Security Feature Bypass Vulnerability
Cve id: CVE-2024-26184
Cve state: PUBLISHED
Cve assigner short name: microsoft
Cve date updated: 07/09/2024
Cve description: Secure Boot Security Feature Bypass Vulnerability

Title: Secure Boot Security Feature Bypass Vulnerability
Cve id: CVE-2024-37971
Cve state: PUBLISHED
Cve assigner short name: microsoft
Cve date updated: 07/09/2024
Cve description: Secure Boot Security Feature Bypass Vulnerability

Title: Secure Boot Security Feature Bypass Vulnerability
Cve id: CVE-2024-37971
Cve state: PUBLISHED
Cve assigner short name: microsoft
Cve date updated: 07/09/2024
Cve description: Secure Boot Security Feature Bypass Vulnerability

Title: Windows Online Certificate Status Protocol (OCSP) Server Denial of Service Vulnerability
Cve id: CVE-2024-38067
Cve state: PUBLISHED
Cve assigner short name: microsoft
Cve date updated: 07/09/2024
Cve description: Windows Online Certificate Status Protocol (OCSP) Server Denial of Service Vulnerability

Title: Windows Online Certificate Status Protocol (OCSP) Server Denial of Service Vulnerability
Cve id: CVE-2024-38067
Cve state: PUBLISHED
Cve assigner short name: microsoft
Cve date updated: 07/09/2024
Cve description: Windows Online Certificate Status Protocol (OCSP) Server Denial of Service Vulnerability

Need to know more?

Hyper-V on a Tightrope

It's an integer overflow extravaganza with CVE-2024-38080, where attackers can strut around with SYSTEM privileges. Think of it as giving the keys to your digital kingdom to someone who just can't count properly.

MSHTML's Masquerade Ball

Beware of CVE-2024-38112, where the MSHTML Platform throws a masquerade ball, and you're the guest of (dis)honor. Don't be fooled by the disguise; that attachment might just be a wolf in sheep's clothing.

.NET's Need for Speed

CVE-2024-35264 makes use of a race condition, and not the fun kind with checkered flags. Instead, it's a mad dash to exploit code remotely. So, buckle up and patch up before someone else takes the wheel.

RDP Licensing Service's Unwanted Trilogy

Triple trouble with CVE-2024-38074, CVE-2024-38076, and CVE-2024-38077, as RDP's Licensing Service opens the gates for remote code execution. Keep an eye out for proof-of-concept exploits that could turn this trilogy into a horror story.

A Not-So-Still Life with TIFF

Finally, CVE-2024-38060 reminds us that not all art is to be trusted. A malicious TIFF uploaded to a server can compromise the whole gallery, proving that sometimes, a picture is worth a thousand hacks.

Tags: information disclosure, Microsoft Patch Tuesday, Privilege Elevation, Remote Code Execution, Security Feature Bypass, Spoofing Vulnerability, Vulnerability Exploitation