Summer doldrums may be alive and well, but July’s Patch Tuesday release has the software giant disclosing 142 vulnerabilities – including five critical issues.

This is the largest Patch Tuesday since April when Microsoft patched 150 vulnerabilities, according to a report from Cisco Talos.

Of the critical vulnerabilities, researchers said two are more likely to end up exploited. One is CVE-2024-38023, a remote code execution vulnerability in Microsoft SharePoint server, where an authenticated attacker with Site Owner permissions can use the vulnerability to execute arbitrary code in the context of SharePoint server.

CVE-2024-38060, a remote code execution vulnerability in Microsoft Windows Codecs Library could end up exploited by an authenticated attacker who uploads a specially crafted malicious TIFF file.

Of the three remaining critical vulnerabilities, (CVE-2024-38074, CVE-2024-38076 and CVE-2024-38077) are remote code execution vulnerabilities in Windows Remote Desktop Licensing Service. In all of them, an attacker could send a specially crafted network packet which could cause remote code execution. In the case of CVE-2024-38077, the adversary does not need to end up authenticated, according to Talos.

Schneider Bold

The remaining 137 vulnerabilities ended up listed as important. One, CVE-2024-38080, is relevant because Microsoft said it is already undergoing exploitation in the wild. An attacker could exploit this elevation of privilege vulnerability in Windows Hyper-V to gain System privileges, according to Talos.

Cisco Talos’ Vulnerability Research team discovered another elevation of privilege vulnerability, CVE-2024-38062, in the kernel-mode driver where an attacker could leverage this issue to gain system privileges. Microsoft considers the complexity of this attack to be “low,” though it is “less likely” to undergo exploitation.

Several other “important” vulnerabilities could lead to remote code execution and Microsoft said they are “more likely” to end up exploited.

CVE-2024-38024, a remote code execution vulnerability in Microsoft SharePoint Server, could end up exploited if an attacker uploads a specially crafted file to the targeted SharePoint Server and crafting specialized API requests to trigger the deserialization of a file’s parameters, leading to arbitrary code execution in the context of the SharePoint server. However, this attacker would need to have Site Owner permissions or higher.

CVE-2024-38094 is another vulnerability in SharePoint servers. Adversaries with site owner permissions can use this vulnerability to inject arbitrary code and execute code in the context of a SharePoint server.

In response to these vulnerability disclosures, Talos is releasing a new Snort rule set that detects attempts to exploit some of them. The rules included in this release that protect against the exploitation of vulnerabilities are 63687 – 63690, 63693, 63694 and 63697 – 63700. There are also Snort 3 rules 300958 – 300961.

Click here for a complete list of all the vulnerabilities Microsoft disclosed this month.

ISSSource

Pin It on Pinterest

Share This