Randy Franklin Smith's Ultimate Windows Security

Upcoming Webinars

Webinar Library

Latest Blogs

How to Detect Pass-the-Hash Attacks Blog Series

Come meet Randy in Orlando at Microsoft Ignite at Quest's Booth #1818

Detecting Pass-the-Hash with Honeypots

Catch Malware Hiding in WMI with Sysmon

For of all sad words of tongue or pen, the saddest are these: 'We weren’t logging’

Experimenting with Windows Security: Controls for Enforcing Policies

Sysmon Event IDs 1, 6, 7 Report All the Binary Code Executing on Your Network

Yet Another Ransomware Can That Can be Immediately Detected with Process Tracking on Workstations

Cracking AD Passwords with NTDSXtract, Dsusers.py and John the Ripper

Cracking local windows passwords with Mimikatz, LSA dump and Hashcat

Top Resources

Security Log

Additional Resources

July, 2024: Patch Tuesday - Four Zero Days

Welcome to my July Patch Tuesday newsletter. This month we have four zero days to talk about.

CVE-2024-37985 - This is an information disclosure vulnerability with a fairly low CVSS temporal score of 5.2. Although publicly disclosed, it hasn't been detected publicly. Microsoft also gives this an "Exploitation Less Likely" rating. So we suggest you test and update when you can.
CVE-2024-38080 - This update has a slightly higher CVSS temporal score of 6.8. An attacker who successfully exploits it could gain SYSTEM privileges. It is not publicly disclosed but exploitation has been detected in the wild. I suggest you update this as soon as you can.
CVE-2024-38112 - This spoofing vulnerability has an even higher score of 7.0. This CVE is also not public but is being exploited. It does require user interaction as Microsoft says successful exploitation would require an attacker to trick a user in to executing a malicious file. I suggest you update after soon after testing.
CVE-2024-35264 - This months fourth and final zero day is a remote code execution scored 7.1. This one is public but exploitation has not yet been detected. Although the attack complexity is high, I recommend you patch this as soon as you can after testing.

Besides these four, it's a fairly normal month. If you have SQL Server running in the environment please check the chart below since various flavors of SQL Server received patches this month. Browse the chart below and make sure that any products in your environment don't get missed this month.

Patch data provided by:
Technology	Products Affected	Severity	Reference	Workaround/ Exploited / Publicly Disclosed	Vulnerability Info
Windows	Windows 10, 11 Server 2008 SP2, 2008 R2 SP1, 2012, 2012 R2, 2016, 2019, 2022 including Server Core Installations	Critical	CVE-2024-21417 CVE-2024-26184 CVE-2024-28899 CVE-2024-30013 CVE-2024-30071 CVE-2024-30079 CVE-2024-30081 CVE-2024-30098 CVE-2024-35270 CVE-2024-3596 CVE-2024-37969 CVE-2024-37970 CVE-2024-37971 CVE-2024-37972 CVE-2024-37973 CVE-2024-37974 CVE-2024-37975 CVE-2024-37977 CVE-2024-37978 CVE-2024-37981 CVE-2024-37984 CVE-2024-37985* CVE-2024-37986 CVE-2024-37987 CVE-2024-37988 CVE-2024-37989 CVE-2024-38010 CVE-2024-38011 CVE-2024-38013 CVE-2024-38015 CVE-2024-38017 CVE-2024-38019 CVE-2024-38022 CVE-2024-38025 CVE-2024-38027 CVE-2024-38028 CVE-2024-38030 CVE-2024-38031 CVE-2024-38032 CVE-2024-38033 CVE-2024-38034 CVE-2024-38041 CVE-2024-38043 CVE-2024-38044 CVE-2024-38047 CVE-2024-38048 CVE-2024-38049 CVE-2024-38050 CVE-2024-38051 CVE-2024-38052 CVE-2024-38053 CVE-2024-38054 CVE-2024-38055 CVE-2024-38056 CVE-2024-38057 CVE-2024-38058 CVE-2024-38059 CVE-2024-38060 CVE-2024-38061 CVE-2024-38062 CVE-2024-38064 CVE-2024-38065 CVE-2024-38066 CVE-2024-38067 CVE-2024-38068 CVE-2024-38069 CVE-2024-38070 CVE-2024-38071 CVE-2024-38072 CVE-2024-38073 CVE-2024-38074 CVE-2024-38076 CVE-2024-38077 CVE-2024-38078 CVE-2024-38079 CVE-2024-38080 CVE-2024-38085 CVE-2024-38091 CVE-2024-38099 CVE-2024-38100 CVE-2024-38101 CVE-2024-38102 CVE-2024-38104 CVE-2024-38105 CVE-2024-38112 CVE-2024-38517 CVE-2024-39684	Workaround: No Exploited: Yes Public: Yes*	Denial of Service Elevation of Privilege Information Disclosure Remote Code Execution Security Feature Bypass Spoofing
Edge	Chromium-based For Android & iOS	Moderate	CVE-2024-30057 CVE-2024-30058 CVE-2024-34122 CVE-2024-38082 CVE-2024-38083 CVE-2024-38093 CVE-2024-5830 CVE-2024-5831 CVE-2024-5832 CVE-2024-5833 CVE-2024-5834 CVE-2024-5835 CVE-2024-5836 CVE-2024-5837 CVE-2024-5838 CVE-2024-5839 CVE-2024-5840 CVE-2024-5841 CVE-2024-5842 CVE-2024-5843 CVE-2024-5844 CVE-2024-5845 CVE-2024-5846 CVE-2024-5847 CVE-2024-6100 CVE-2024-6101 CVE-2024-6102 CVE-2024-6103 CVE-2024-6290 CVE-2024-6291 CVE-2024-6292 CVE-2024-6293	Workaround: No Exploited: No Public: No	Remote Code Execution Spoofing
Office and SharePoint	365 Apps for Enterprise Office 2016, 2019, LTSC 2021 Outlook 2016 SharePoint Enterprise Server 2016 SharePoint Server 2019 SharePoint Server Subscription Edition	Critical	CVE-2024-32987 CVE-2024-38020 CVE-2024-38021 CVE-2024-38023 CVE-2024-38024 CVE-2024-38094	Workaround: No Exploited: No Public: No	Information Disclosure Remote Code Execution Spoofing
Dynamics	365 On-Prem version 9.1 Power Platform	Critical	CVE-2024-35260 CVE-2024-30061	Workaround: No Exploited: No Public: No	Information Disclosure Remote Code Execution
Visual Studio	2022 17.4, 17.6, 17.8, 17.10	Important	CVE-2024-30105 CVE-2024-35264* CVE-2024-38081 CVE-2024-38095	Workaround: No Exploited: No Public: Yes*	Denial of Service Elevation of Privilege Remote Code Execution
.NET	Framework 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4.6, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8, 4.8.1 .NET 8.0	Important	CVE-2024-30105 CVE-2024-35264 CVE-2024-38081 CVE-2024-38095	Workaround: No Exploited: No Public: No	Denial of Service Elevation of Privilege Remote Code Execution
Azure	CycleCloud 7.9.0 -8.6.0 DevOps Server 2022.1 Kinect SDK Network Watcher VM Extension for Windows	Important	CVE-2024-35261 CVE-2024-35266 CVE-2024-35267 CVE-2024-38086 CVE-2024-38092	Workaround: No Exploited: No Public: No	Elevation of Privilege Remote Code Execution Spoofing
SQL Server	OLE DB Driver 18/19 2016 SP3 GDR/Azure Connect Feature Pack 2017 CU31/GDR 2019 CU27/GDR 2022 CU13/GDR	Important	CVE-2024-20701 CVE-2024-21303 CVE-2024-21308 CVE-2024-21317 CVE-2024-21331 CVE-2024-21332 CVE-2024-21333 CVE-2024-21335 CVE-2024-21373 CVE-2024-21398 CVE-2024-21414 CVE-2024-21415 CVE-2024-21425 CVE-2024-21428 CVE-2024-21449 CVE-2024-28928 CVE-2024-35256 CVE-2024-35271 CVE-2024-35272 CVE-2024-37318 CVE-2024-37319 CVE-2024-37320 CVE-2024-37321 CVE-2024-37322 CVE-2024-37323 CVE-2024-37324 CVE-2024-37326 CVE-2024-37327 CVE-2024-37328 CVE-2024-37329 CVE-2024-37330 CVE-2024-37331 CVE-2024-37332 CVE-2024-37333 CVE-2024-37334 CVE-2024-37336 CVE-2024-38087 CVE-2024-38088	Workaround: No Exploited: No Public: No	Remote Code Execution
System Center	Microsoft Defender for IoT	Important	CVE-2024-38089	Workaround: No Exploited: No Public: No	Elevation of Privilege

Send me this chart next Patch Tuesday.

User name:
Password:
	/ Forgot?
	Register

July 2024 Patch Tuesday	"Patch Tuesday - Four Zero Days " - sponsored by Supercharger for Windows Event Collection

Follow @randyfsmith

About | Newsletter | Contact

Ultimate IT Security is a division of Monterey Technology Group, Inc. ©2006-2024 Monterey Technology Group, Inc. All rights reserved.
Disclaimer: We do our best to provide quality information and expert commentary but use all information at your own risk. For complaints, please contact abuse@ultimatewindowssecurity.com.