Category: Last weeks CVEs

The most important CVEs of week 29

Application typeCVESeverityImpactPossible remediation
Microsoft operating system
CVE-2024-38074Critical (CVSS 9.8)Remote code execution in Windows Remote Desktop Licensing ServiceApply official patch; disable the service if not needed; monitor for suspicious activity
CVE-2024-38076Critical (CVSS 9.8)Remote code execution in Windows Remote Desktop Licensing ServiceApply official patch; disable the service if not needed; watch for suspicious activity
CVE-2024-38077Critical (CVSS 9.8)Remote code execution in Windows Remote Desktop Licensing ServiceApply official patch; disable the service if not needed; watch for suspicious activity
CVE-2024-38060Critical (CVSS 8.8)Remote code execution in Windows Imaging ComponentApply official patch; restrict access to vulnerable systems; monitor for suspicious file uploads
CVE-2024-38080Important (CVSS 7.8)Privilege escalation in Windows Hyper-V (zero-day, actively exploited)Apply the official patch immediately; watch for suspicious activity; ensure systems are up to date
CVE-2024-38112Important (CVSS 7.5)Spoofing vulnerability in Windows MSHTML Platform (zero-day, actively exploited)Apply the official patch immediately; inform users about the risks of executing unknown files
CVE-2024-38073Important (CVSS 7.5)Denial of Service in Windows Remote Desktop Licensing ServiceApply official patch; watch out for unusual network traffic
CVE-2024-38015Important (CVSS 7.5)Denial of Service in Windows Remote Desktop GatewayApply official patch; implement network segmentation
CVE-2024-30098Important (CVSS 7.5)Security feature bypass in Windows Cryptographic ServicesApply official patch; check and update cryptographic configurations
CVE-2024-38061Important (CVSS 7.5)Privilege escalation in DCOM Remote Cross-Session ActivationApply official patch; restrict DCOM access
Server application
CVE-2024-38023Critical (CVSS 7.2)Remote code execution in Microsoft SharePoint ServerApply security updates; restrict “Site Owner” permissions; monitor for suspicious activity
CVE-2024-38087Critical (CVSS 8.8)Remote code execution in SQL Server Native Client OLE DB ProviderApply security updates; restrict access to SQL Server; monitor for unusual database activity
Critical (CVSS 8.8)Remote code execution in SQL Server Native Client OLE DB ProviderApply security updates; restrict access to SQL Server; watch for unusual database activityCVE-2024-38088
CVE-2024-38044Important (CVSS 7.2)Remote code execution in DHCP server serviceApply official patch; check DHCP server configurations
Development tools
CVE-2024-35264Important (CVSS 8.1)Remote code execution in .NET and Visual StudioApply official patch; monitor and restrict access to vulnerable systems
Office applications
CVE-2024-38021Critical (CVSS 8.8)Remote code execution in Microsoft OfficeApply security updates; ensure users are careful when clicking on links from untrusted sources
Network services
CVE-2024-38031Important (CVSS 7.5)Denial of Service in Windows Online Certificate Status Protocol (OCSP) ServerApply official patch; implement OCSP stapling if possible
CVE-2024-38067Important (CVSS 7.5)Denial of Service in Windows Online Certificate Status Protocol (OCSP) ServerApply official patch; implement OCSP stapling if possible
CVE-2024-38068Important (CVSS 7.5)Denial of Service in Windows Online Certificate Status Protocol (OCSP) ServerApply official patch; implement OCSP stapling if possible
CVE-2024-38091Important (CVSS 7.5)Denial of Service in Microsoft WS-DiscoveryApply official patch; disable WS-Discovery if not needed
CVE-2024-3596Important (CVSS 7.5)Spoofing vulnerability in the RADIUS protocolApply official patch; implement additional authentication mechanisms
System components
CVE-2024-38033Important (CVSS 7.3)Privilege escalation in PowerShellApply official patch; restrict PowerShell execution policies
CVE-2024-38025Important (CVSS 7.2)Remote code execution in the Windows Performance Data Helper LibraryApply official patch; watch out for unusual system performance queries
CVE-2024-30081Important (CVSS 7.1)Spoofing vulnerability in Windows NTLMApply official patch; disable NTLM if possible
CVE-2024-38065Important (CVSS 6.8)Bypassing security functions in Secure BootApply official patch; ensure physical security of systems

These vulnerabilities should be rectified immediately to minimize potential security risks. When applying remedies or patches, always follow the guidelines and best practices provided by the manufacturer.

Quotes: [1] https://www.ivanti.com/blog/july-2024-patch-tuesday [2] https://socradar.io/microsoft-fixes-cve-2024-38112-after-over-a-year-of-exploitation-zero-click-threat-of-cve-2024-38021/ [3] https://www.crowdstrike.com/blog/patch-tuesday-analysis-july-2024/ [4] https://www.tenable.com/blog/oracle-july-2024-critical-patch-update-addresses-175-cves [5] https://www.tenable.com/blog/microsofts-july-2024-patch-tuesday-addresses-138-cves-cve-2024-38080-cve-2024-38112 [6] https://www.rapid7.com/blog/post/2024/07/09/patch-tuesday-july-2024/ [7] https://www.spiceworks.com/it-security/vulnerability-management/articles/july-2024-patch-tuesday/