Microsoft Monthly Security Update (July 2024)

Microsoft has released monthly security update for their products:

Vulnerable Product	Risk Level	Impacts	Notes
Microsoft Dynamics	Medium Risk	Information Disclosure
Windows	High Risk	Elevation of Privilege Security Restriction Bypass Spoofing Denial of Service Information Disclosure Remote Code Execution	CVE-2024-38080 is being exploited in the wild. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.   CVE-2024-38112 is being exploited in the wild.  This vulnerability can be exploited to perform spoofing on Windows MSHTML platform.
Extended Security Updates (ESU)	Medium Risk	Security Restriction Bypass Spoofing Denial of Service Elevation of Privilege Remote Code Execution Information Disclosure
Developer Tools	Medium Risk	Remote Code Execution Denial of Service Elevation of Privilege
SQL Server	Medium Risk	Remote Code Execution
Microsoft Office	Medium Risk	Remote Code Execution Information Disclosure Spoofing
Azure	Medium Risk	Remote Code Execution Elevation of Privilege Spoofing
System Center	Medium Risk	Elevation of Privilege

Number of ‘Extremely High Risk’ product(s): 0

Number of ‘High Risk’ product(s): 1

Number of ‘Medium Risk’ product(s): 7

Number of ‘Low Risk’ product(s): 0

Evaluation of overall ‘Risk Level’: High Risk

Impact

• Information Disclosure
• Elevation of Privilege
• Security Restriction Bypass
• Spoofing
• Denial of Service
• Remote Code Execution

System / Technologies affected

• Microsoft Dynamics
• Windows
• Extended Security Updates (ESU)
• Developer Tools
• SQL Server
• Microsoft Office
• Azure
• System Center

Solutions

Before installation of the software, please visit the vendor web-site for more details.

•  Apply fixes issued by the vendor.

Vulnerability Identifier

• https://www.cvedetails.com/vulnerability-list.php?vendor_id=26&year=2024&month=07

Source

• Microsoft

Related Link

• https://msrc.microsoft.com/update-guide/releaseNote/2024-Jul