Headline
Largest Patch Tuesday in 3 months includes 5 critical vulnerabilities
This is the largest Patch Tuesday since April, when Microsoft patched 150 vulnerabilities.
Tuesday, July 9, 2024 14:01
Microsoft released its monthly security update on Tuesday, disclosing 142 vulnerabilities across its suite of products and software. Of those, there are five critical vulnerabilities, and every other security issue disclosed this month is considered “important.”
This is the largest Patch Tuesday since April when Microsoft patched 150 vulnerabilities.
Of the critical vulnerabilities, two are considered more likely to be exploited:
CVE-2024-38023, a remote code execution vulnerability in Microsoft SharePoint server, where an authenticated attacker with Site Owner permissions can use the vulnerability to execute arbitrary code in the context of SharePoint server.
CVE-2024-38060, a remote code execution vulnerability in Microsoft Windows Codecs Library that can be exploited by an authenticated attacker who uploads a specially crafted malicious TIFF file.
There are three other critical vulnerabilities listed in this advisory. All three (CVE-2024-38074, CVE-2024-38076 and CVE-2024-38077) are remote code execution vulnerabilities in Windows Remote Desktop Licensing Service. In all of them, an attacker could send a specially crafted network packet which could cause remote code execution. In the case of CVE-2024-38077, the adversary does not need to be authenticated.
All the remaining vulnerabilities are considered important. Of these, CVE-2024-38080 is particularly relevant because Microsoft has acknowledged that it’s already being exploited in the wild. An adversary could exploit this elevation of privilege vulnerability in Windows Hyper-V to gain System privileges.
Cisco Talos’ Vulnerability Research team discovered another elevation of privilege vulnerability, CVE-2024-38062, in the kernel-mode driver. An adversary could also exploit this vulnerability to gain System privileges. Microsoft considers the complexity of this attack to be “low,” though it’s “less likely” to be exploited.
Several other “important” vulnerabilities could lead to remote code execution and are identified by Microsoft as being “more likely” to be exploited.
CVE-2024-38021 is a remote code execution vulnerability in Microsoft Office. An attacker could craft a malicious link that bypasses the Protected View Protocol, leading to the leaking of local NTLM credentials and remote code execution.
CVE-2024-38024 is a remote code execution vulnerability in Microsoft SharePoint Server. An adversary could exploit this issue by uploading a specially crafted file to the targeted SharePoint Server and crafting specialized API requests to trigger the deserialization of a file’s parameters, leading to arbitrary code execution in the context of the SharePoint server. However, this attacker would need to have Site Owner permissions or higher.
CVE-2024-38094 is another vulnerability in SharePoint servers. Adversaries with Site Owner permissions can use this vulnerability to inject arbitrary code and execute code in the context of a SharePoint server.
A complete list of all the vulnerabilities Microsoft disclosed this month is available on its update page.
In response to these vulnerability disclosures, Talos is releasing a new Snort rule set that detects attempts to exploit some of them. Please note that additional rules may be released at a future date, and current rules are subject to change pending additional information. Cisco Secure Firewall customers should use the latest update to their rule set by updating their SRU. Open-source Snort Subscriber Rule Set customers can stay up-to-date by downloading the latest rule pack available for purchase on Snort.org.
The rules included in this release that protect against the exploitation of many of these vulnerabilities are 63687 - 63690, 63693, 63694 and 63697 - 63700. There are also Snort 3 rules 300958 - 300961.
Related news
By Philippe Laulheret ClipSP (clipsp.sys) is a Windows driver used to implement client licensing and system policies on Windows 10 and 11 systems. Cisco Talos researchers have discovered eight vulnerabilities related to clipsp.sys ranging from signature bypass to elevation of privileges and sandbox escape: TALOS-2024-1964 (CVE-2024-38184) TALOS-2024-1965 (CVE-2024-38185)
The November 2024 Patch Tuesday update contains a substantially high percentage of remote code execution (RCE) vulnerabilities (including a critical issue in Windows Kerberos), and two other zero-day bugs that have been previously disclosed and could soon come under attack.
Cybersecurity news can sometimes feel like a never-ending horror movie, can't it? Just when you think the villains are locked up, a new threat emerges from the shadows. This week is no exception, with tales of exploited flaws, international espionage, and AI shenanigans that could make your head spin. But don't worry, we're here to break it all down in plain English and arm you with the
The severity of the Remote Code Execution – Microsoft SharePoint (CVE-2024-38094) vulnerability has increased. It was fixed as part of the July Microsoft Patch Tuesday (July 9). SharePoint is a popular platform for corporate portals. According to the Microsoft bulletin, аn authenticated attacker with Site Owner permissions can use the vulnerability to inject arbitrary code […]
The risk of exploitation is heightened, thanks to a proof-of-concept that's been made publicly available.
A high-severity flaw impacting Microsoft SharePoint has been added to the Known Exploited Vulnerabilities (KEV) catalog by the U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday, citing evidence of active exploitation. The vulnerability, tracked as CVE-2024-38094 (CVSS score: 7.2), has been described as a deserialization vulnerability impacting SharePoint that could result
34 sessions from 54 presenters representing 20 organizations! We are thrilled to reveal the lineup of speakers and presentations for the 23rd BlueHat Security Conference, in Redmond WA from Oct 29-30. This year’s conference continues the BlueHat ethos and Secure Future Initiative mission of “Security Above All Else”. Security researchers and responders from inside and outside of Microsoft will gather on the Microsoft campus in Redmond, WA to share, debate, and challenge each other, with the shared goal of creating a safer and more secure world for all.
Voting Village co-founder Harri Hursti told Politico the list of vulnerabilities ran “multiple pages.”
Eight of the vulnerabilities affect the license update feature for CLIPSP.SYS, a driver used to implement Client License System Policy on Windows 10 and 11.
Microsoft has released patches to address a total of 143 security flaws as part of its monthly security updates, two of which have come under active exploitation in the wild. Five out of the 143 flaws are rated Critical, 136 are rated Important, and four are rated Moderate in severity. The fixes are in addition to 33 vulnerabilities that have been addressed in the Chromium-based Edge browser
Microsoft Corp. today issued software updates to plug 139 security holes in various flavors of Windows and other Microsoft products. Redmond says attackers are already exploiting at least two of the vulnerabilities in active attacks against Windows users.