Skip to main content

Scheduled updates for Microsoft products fix 139 vulnerabilities, including two zero-day vulnerabilities

Threat ID:CC-4523
Threat Severity:Medium
Published:10 July 2024 2:38 PM

Summary

Scheduled updates for Microsoft products fix 139 vulnerabilities, including two zero-day vulnerabilities

Affected platforms

The following platforms are known to be affected:

The following platforms are also known to be affected:

  • Active Directory Rights Management Services
  • Azure CycleCloud
  • Azure DevOps
  • Azure Kinect SDK
  • Azure Network Watcher
  • Line Printer Daemon Service (LPD)
  • Microsoft Defender for IoT
  • Microsoft Dynamics
  • Microsoft Graphics Component
  • Microsoft Office
  • Microsoft Office Outlook
  • Microsoft Office SharePoint
  • Microsoft Streaming Service
  • Microsoft Windows Codecs Library
  • Microsoft WS-Discovery
  • NDIS
  • NPS RADIUS Server
  • SQL Server
  • Windows Kernel
  • Windows NTLM
  • Windows PowerShell
  • Windows Remote Desktop

Threat details

Zero-day exploitation of CVE-2024-38080 and CVE-2024-38112 observed

Microsoft has reported that both CVE-2024-38080 and CVE-2024-38112 are under active exploitation as zero-day vulnerabilities. A proof-of-concept exploit for CVE-2024-38112 has been detailed publicly by security researchers.

Additionally, Microsoft has reported that public proof-of-concept code has been disclosed for CVE-2024-35264. Future exploitation of CVE-2024-35264 is considered likely.


Introduction

Microsoft has released security updates to address 139 vulnerabilities, including two zero-day vulnerabilities, and two which could lead to remote code execution.



Vulnerability details

  • CVE-2024-38080 - Windows Hyper-V Elevation of Privilege Vulnerability

CVE-2024-38080 is an 'integer overflow or wraparound' vulnerability in Microsoft Windows Hyper-V with a CVSSv3 score of 7.8. Successful exploitation by a local attacker could lead to privilege escalation under the context of SYSTEM. This vulnerability is under active exploitation as a zero-day.

  • CVE-2024-38112 - Windows MSHTML Platform Spoofing Vulnerability

CVE-2024-38112 is an 'exposure of resource to wrong sphere' vulnerability in the Microsoft Windows MSHTML browser engine with a CVSSv3 score of 7.5. Successful exploitation by a remote attacker requires user interaction through clicking on a malicious Windows Internet Shortcut file (.url extension) and could lead to arbitrary code execution. This vulnerability is under active exploitation as a zero-day.

  • CVE-2024-35264 - .NET and Visual Studio Remote Code Execution Vulnerability

CVE-2024-35264 is a 'use after free' vulnerability in .NET Core and Visual Studio with a CVSSv3 score of 8.1. Successful exploitation by a remote attacker could lead to arbitrary code execution after winning a race condition. A public proof-of-concept exploit is available.

  • CVE-2024-38023 - Microsoft SharePoint Server Remote Code Execution Vulnerability

CVE-2024-38023 is a 'deserialisation of untrusted data' vulnerability in Microsoft SharePoint Server with a CVSSv3 score of 7.2. Successful exploitation by a remote, authenticated attacker could lead to arbitrary code execution.

Remediation advice

Affected organisations are encouraged to review Microsoft's July 2024 Security Update Summary and apply the relevant updates.

Definitive source of threat updates

CVE Vulnerabilities

StatusPublished
CVE-2024-38080Windows Hyper-V Elevation of Privilege Vulnerability
StatusPublished
CVE-2024-38112Windows MSHTML Platform Spoofing Vulnerability
StatusPublished
CVE-2024-35264.NET and Visual Studio Remote Code Execution Vulnerability
StatusPublished
CVE-2024-38023Microsoft SharePoint Server Remote Code Execution Vulnerability

Last edited: 10 July 2024 2:42 pm

Back to top