Microsoft Monthly Security Update (July 2024)
Release Date: 10 Jul 2024
RISK: High Risk
TYPE: Operating Systems - Windows OS
Microsoft has released monthly security update for their products:
| Vulnerable Product | Risk Level | Impacts | Notes |
| Microsoft Dynamics |  Medium Risk | Information Disclosure | |
| Windows |  High Risk | Elevation of Privilege Security Restriction Bypass Spoofing Denial of Service Information Disclosure Remote Code Execution | CVE-2024-38080 is being exploited in the wild. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.
CVE-2024-38112 is being exploited in the wild. This vulnerability can be exploited to perform spoofing on Windows MSHTML platform. |
| Extended Security Updates (ESU) | Medium Risk | Security Restriction Bypass Spoofing Denial of Service Elevation of Privilege Remote Code Execution Information Disclosure | |
| Developer Tools | Medium Risk | Remote Code Execution Denial of Service Elevation of Privilege | |
| SQL Server | Medium Risk | Remote Code Execution | |
| Microsoft Office | Medium Risk | Remote Code Execution Information Disclosure Spoofing | |
| Azure | Medium Risk | Remote Code Execution Elevation of Privilege Spoofing | |
| System Center | Medium Risk | Elevation of Privilege |
Number of 'Extremely High Risk' product(s): 0
Number of 'High Risk' product(s): 1
Number of 'Medium Risk' product(s): 7
Number of 'Low Risk' product(s): 0
Evaluation of overall 'Risk Level': High Risk
Impact
- Information Disclosure
- Elevation of Privilege
- Security Restriction Bypass
- Spoofing
- Denial of Service
- Remote Code Execution
System / Technologies affected
- Microsoft Dynamics
- Windows
- Extended Security Updates (ESU)
- Developer Tools
- SQL Server
- Microsoft Office
- Azure
- System Center
Solutions
Before installation of the software, please visit the vendor web-site for more details.
- Apply fixes issued by the vendor.
沒有留言:
發佈留言