Microsoft Security Bulletin Coverage for July 2024
Overview
Microsoft’s July 2024 Patch Tuesday has 138 vulnerabilities, 59 of which are Remote Code Execution. The SonicWall Capture Lab’s threat research team has analyzed and addressed Microsoft’s security advisories for the month of July 2024 and has produced coverage for 7 of the reported vulnerabilities.
Vulnerabilities
| CVE | CVE Title | Signature |
| CVE-2024-38021 | Microsoft Office Remote Code Execution Vulnerability | IPS 4468 Microsoft Office Remote Code Execution (CVE-2024-38021) |
| CVE-2024-38052 | Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability | ASPY 6807 Exploit-exe exe.MP_394 |
| CVE-2024-38054 | Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability | ASPY 6824 Exploit-exe exe.MP_395 |
| CVE-2024-38059 | Win32k Elevation of Privilege Vulnerability | ASPY 6990 Exploit-exe exe.MP_396 |
| CVE-2024-38060 | Microsoft Windows Codecs Library Remote Code Execution Vulnerability | ASPY 586 Malformed-tif tif.MP_23 |
| CVE-2024-38080 | Windows Hyper-V Elevation of Privilege Vulnerability | ASPY 587 Exploit-exe exe.MP_398 |
| CVE-2024-38085 | Windows Graphics Component Elevation of Privilege Vulnerability | ASPY 6991 Exploit-exe exe.MP_397 |
Release Breakdown
The vulnerabilities can be classified into following categories:
For July there are 5 critical, 132 Important and one moderate vulnerabilities.
2024 Patch Tuesday Monthly Comparison
Microsoft tracks vulnerabilities that are being actively exploited at the time of discovery and those that have been disclosed publicly before the patch Tuesday release for each month. The above chart displays these metrics as seen each month.
Release Detailed Breakdown
Denial of Service Vulnerabilities
| CVE-2024-30105 | .NET Core and Visual Studio Denial of Service Vulnerability |
| CVE-2024-35270 | Windows iSCSI Service Denial of Service Vulnerability |
| CVE-2024-38015 | Windows Remote Desktop Gateway (RD Gateway) Denial of Service Vulnerability |
| CVE-2024-38027 | Windows Line Printer Daemon Service Denial of Service Vulnerability |
| CVE-2024-38031 | Windows Online Certificate Status Protocol (OCSP) Server Denial of Service Vulnerability |
| CVE-2024-38048 | Windows Network Driver Interface Specification (NDIS) Denial of Service Vulnerability |
| CVE-2024-38067 | Windows Online Certificate Status Protocol (OCSP) Server Denial of Service Vulnerability |
| CVE-2024-38068 | Windows Online Certificate Status Protocol (OCSP) Server Denial of Service Vulnerability |
| CVE-2024-38071 | Windows Remote Desktop Licensing Service Denial of Service Vulnerability |
| CVE-2024-38072 | Windows Remote Desktop Licensing Service Denial of Service Vulnerability |
| CVE-2024-38073 | Windows Remote Desktop Licensing Service Denial of Service Vulnerability |
| CVE-2024-38091 | Microsoft WS-Discovery Denial of Service Vulnerability |
| CVE-2024-38095 | .NET and Visual Studio Denial of Service Vulnerability |
| CVE-2024-38099 | Windows Remote Desktop Licensing Service Denial of Service Vulnerability |
| CVE-2024-38101 | Windows Layer-2 Bridge Network Driver Denial of Service Vulnerability |
| CVE-2024-38102 | Windows Layer-2 Bridge Network Driver Denial of Service Vulnerability |
| CVE-2024-38105 | Windows Layer-2 Bridge Network Driver Denial of Service Vulnerability |
Elevation of Privilege Vulnerabilities
| CVE-2024-21417 | Windows Text Services Framework Elevation of Privilege Vulnerability |
| CVE-2024-30079 | Windows Remote Access Connection Manager Elevation of Privilege Vulnerability |
| CVE-2024-35261 | Azure Network Watcher VM Extension Elevation of Privilege Vulnerability |
| CVE-2024-38013 | Microsoft Windows Server Backup Elevation of Privilege Vulnerability |
| CVE-2024-38022 | Windows Image Acquisition Elevation of Privilege Vulnerability |
| CVE-2024-38033 | PowerShell Elevation of Privilege Vulnerability |
| CVE-2024-38034 | Windows Filtering Platform Elevation of Privilege Vulnerability |
| CVE-2024-38043 | PowerShell Elevation of Privilege Vulnerability |
| CVE-2024-38047 | PowerShell Elevation of Privilege Vulnerability |
| CVE-2024-38050 | Windows Workstation Service Elevation of Privilege Vulnerability |
| CVE-2024-38052 | Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability |
| CVE-2024-38054 | Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability |
| CVE-2024-38057 | Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability |
| CVE-2024-38059 | Win32k Elevation of Privilege Vulnerability |
| CVE-2024-38061 | DCOM Remote Cross-Session Activation Elevation of Privilege Vulnerability |
| CVE-2024-38062 | Windows Kernel-Mode Driver Elevation of Privilege Vulnerability |
| CVE-2024-38066 | Windows Win32k Elevation of Privilege Vulnerability |
| CVE-2024-38079 | Windows Graphics Component Elevation of Privilege Vulnerability |
| CVE-2024-38080 | Windows Hyper-V Elevation of Privilege Vulnerability |
| CVE-2024-38081 | .NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability |
| CVE-2024-38085 | Windows Graphics Component Elevation of Privilege Vulnerability |
| CVE-2024-38089 | Microsoft Defender for IoT Elevation of Privilege Vulnerability |
| CVE-2024-38092 | Azure CycleCloud Elevation of Privilege Vulnerability |
| CVE-2024-38100 | Windows File Explorer Elevation of Privilege Vulnerability |
Information Disclosure Vulnerabilities
| CVE-2024-30061 | Microsoft Dynamics 365 (On-Premises) Information Disclosure Vulnerability |
| CVE-2024-30071 | Windows Remote Access Connection Manager Information Disclosure Vulnerability |
| CVE-2024-32987 | Microsoft SharePoint Server Information Disclosure Vulnerability |
| CVE-2024-38017 | Microsoft Message Queuing Information Disclosure Vulnerability |
| CVE-2024-38041 | Windows Kernel Information Disclosure Vulnerability |
| CVE-2024-38055 | Microsoft Windows Codecs Library Information Disclosure Vulnerability |
| CVE-2024-38056 | Microsoft Windows Codecs Library Information Disclosure Vulnerability |
| CVE-2024-38064 | Windows TCP/IP Information Disclosure Vulnerability |
Remote Code Execution Vulnerabilities
| CVE-2024-20701 | SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability |
| CVE-2024-21303 | SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability |
| CVE-2024-21308 | SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability |
| CVE-2024-21317 | SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability |
| CVE-2024-21331 | SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability |
| CVE-2024-21332 | SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability |
| CVE-2024-21333 | SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability |
| CVE-2024-21335 | SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability |
| CVE-2024-21373 | SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability |
| CVE-2024-21398 | SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability |
| CVE-2024-21414 | SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability |
| CVE-2024-21415 | SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability |
| CVE-2024-21425 | SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability |
| CVE-2024-21428 | SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability |
| CVE-2024-21449 | SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability |
| CVE-2024-28928 | SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability |
| CVE-2024-30013 | Windows MultiPoint Services Remote Code Execution Vulnerability |
| CVE-2024-35256 | SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability |
| CVE-2024-35264 | .NET and Visual Studio Remote Code Execution Vulnerability |
| CVE-2024-35271 | SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability |
| CVE-2024-35272 | SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability |
| CVE-2024-37318 | SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability |
| CVE-2024-37319 | SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability |
| CVE-2024-37320 | SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability |
| CVE-2024-37321 | SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability |
| CVE-2024-37322 | SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability |
| CVE-2024-37323 | SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability |
| CVE-2024-37324 | SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability |
| CVE-2024-37326 | SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability |
| CVE-2024-37327 | SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability |
| CVE-2024-37328 | SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability |
| CVE-2024-37329 | SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability |
| CVE-2024-37330 | SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability |
| CVE-2024-37331 | SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability |
| CVE-2024-37332 | SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability |
| CVE-2024-37333 | SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability |
| CVE-2024-37334 | Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability |
| CVE-2024-37336 | SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability |
| CVE-2024-38019 | Microsoft Windows Performance Data Helper Library Remote Code Execution Vulnerability |
| CVE-2024-38021 | Microsoft Office Remote Code Execution Vulnerability |
| CVE-2024-38023 | Microsoft SharePoint Server Remote Code Execution Vulnerability |
| CVE-2024-38024 | Microsoft SharePoint Server Remote Code Execution Vulnerability |
| CVE-2024-38025 | Microsoft Windows Performance Data Helper Library Remote Code Execution Vulnerability |
| CVE-2024-38028 | Microsoft Windows Performance Data Helper Library Remote Code Execution Vulnerability |
| CVE-2024-38032 | Microsoft Xbox Remote Code Execution Vulnerability |
| CVE-2024-38044 | DHCP Server Service Remote Code Execution Vulnerability |
| CVE-2024-38049 | Windows Distributed Transaction Coordinator Remote Code Execution Vulnerability |
| CVE-2024-38051 | Windows Graphics Component Remote Code Execution Vulnerability |
| CVE-2024-38053 | Windows Layer-2 Bridge Network Driver Remote Code Execution Vulnerability |
| CVE-2024-38060 | Microsoft Windows Codecs Library Remote Code Execution Vulnerability |
| CVE-2024-38074 | Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability |
| CVE-2024-38076 | Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability |
| CVE-2024-38077 | Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability |
| CVE-2024-38078 | Xbox Wireless Adapter Remote Code Execution Vulnerability |
| CVE-2024-38086 | Azure Kinect SDK Remote Code Execution Vulnerability |
| CVE-2024-38087 | SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability |
| CVE-2024-38088 | SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability |
| CVE-2024-38094 | Microsoft SharePoint Remote Code Execution Vulnerability |
| CVE-2024-38104 | Windows Fax Service Remote Code Execution Vulnerability |
Security Feature Bypass Vulnerabilities
| CVE-2024-26184 | Secure Boot Security Feature Bypass Vulnerability |
| CVE-2024-28899 | Secure Boot Security Feature Bypass Vulnerability |
| CVE-2024-30098 | Windows Cryptographic Services Security Feature Bypass Vulnerability |
| CVE-2024-37969 | Secure Boot Security Feature Bypass Vulnerability |
| CVE-2024-37970 | Secure Boot Security Feature Bypass Vulnerability |
| CVE-2024-37971 | Secure Boot Security Feature Bypass Vulnerability |
| CVE-2024-37972 | Secure Boot Security Feature Bypass Vulnerability |
| CVE-2024-37973 | Secure Boot Security Feature Bypass Vulnerability |
| CVE-2024-37974 | Secure Boot Security Feature Bypass Vulnerability |
| CVE-2024-37975 | Secure Boot Security Feature Bypass Vulnerability |
| CVE-2024-37977 | Secure Boot Security Feature Bypass Vulnerability |
| CVE-2024-37978 | Secure Boot Security Feature Bypass Vulnerability |
| CVE-2024-37981 | Secure Boot Security Feature Bypass Vulnerability |
| CVE-2024-37984 | Secure Boot Security Feature Bypass Vulnerability |
| CVE-2024-37986 | Secure Boot Security Feature Bypass Vulnerability |
| CVE-2024-37987 | Secure Boot Security Feature Bypass Vulnerability |
| CVE-2024-37988 | Secure Boot Security Feature Bypass Vulnerability |
| CVE-2024-37989 | Secure Boot Security Feature Bypass Vulnerability |
| CVE-2024-38010 | Secure Boot Security Feature Bypass Vulnerability |
| CVE-2024-38011 | Secure Boot Security Feature Bypass Vulnerability |
| CVE-2024-38058 | BitLocker Security Feature Bypass Vulnerability |
| CVE-2024-38065 | Secure Boot Security Feature Bypass Vulnerability |
| CVE-2024-38069 | Windows Enroll Engine Security Feature Bypass Vulnerability |
| CVE-2024-38070 | Windows LockDown Policy (WLDP) Security Feature Bypass Vulnerability |
Spoofing Vulnerabilities
| CVE-2024-30081 | Windows NTLM Spoofing Vulnerability |
| CVE-2024-35266 | Azure DevOps Server Spoofing Vulnerability |
| CVE-2024-35267 | Azure DevOps Server Spoofing Vulnerability |
| CVE-2024-38020 | Microsoft Outlook Spoofing Vulnerability |
| CVE-2024-38030 | Windows Themes Spoofing Vulnerability |
| CVE-2024-38112 | Windows MSHTML Platform Spoofing Vulnerability |
The SonicWall Capture Labs Threat Research Team gathers, analyzes and vets cross-vector threat information from the SonicWall Capture Threat network, consisting of global devices and resources, including more than 1 million security sensors in nearly 200 countries and territories. The research team identifies, analyzes, and mitigates critical vulnerabilities and malware daily through in-depth research, which drives protection for all SonicWall customers. In addition to safeguarding networks globally, the research team supports the larger threat intelligence community by releasing weekly deep technical analyses of the most critical threats to small businesses, providing critical knowledge that defenders need to protect their networks.
