On 9 July 2024, Microsoft published their July 2024 security update, consisting of 139 newly disclosed vulnerabilities. Among these vulnerabilities, Arctic Wolf has highlighted seven in this security bulletin, which includes critical and actively exploited vulnerabilities. Two of these vulnerabilities have been reported to have been exploited in the wild.?
Impacted Product #1: Windows?
Vulnerabilities Impacting Windows:?
| , , ? | CVSS: 9.8 – Critical?
MS Severity: Critical? |
No Exploitation Detected? | |
| Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability – A remote threat actor can exploit these vulnerabilities by sending a specially crafted packet to a server set up as a Remote Desktop Licensing server, which leads to Remote Code Execution (RCE).? | |||
| ? | CVSS: 8.8 – High?
MS Severity: Critical? |
No Exploitation Detected? | |
| Windows Imaging Component Remote Code Execution Vulnerability – An authenticated threat actor can exploit this vulnerability by uploading a malicious (Tagged Image File Format) TIFF file to a server.? | |||
| ? | ? | ? | ? |
??
| ? | CVSS: 7.5 – High?
MS Severity: Important? |
Exploitation Detected? | |
| Windows MSHTML ºÚÁÏÉç Spoofing Vulnerability – A remote threat actor can exploit this vulnerability by sending a victim a malicious file that the victim would have to execute.? | |||
| ? | CVSS: 7.8 – High?
MS Severity: Important? |
Exploitation Detected? | |
| Windows Hyper-V Elevation of Privilege Vulnerability – A local threat actor can exploit this vulnerability to gain SYSTEM privileges.? | |||
| ? | ? | ? | ? |
Impacted Product #2: Microsoft Office?
Vulnerabilities Impacting Microsoft Office:?
| ? | CVSS: 8.8 – High?
MS Severity: Important? |
No Exploitation Detected? |
Microsoft Office Remote Code Execution Vulnerability – A remote threat actor could create a malicious link that bypasses the Protected View Protocol, leading to the exposure of local NTLM credential information and allowing RCE. This vulnerability is zero-click for trusted senders, and requires one click user interaction for untrusted senders.??
|
||
Recommendation?
Upgrade to latest versions?
Arctic Wolf strongly recommends applying the available security updates to all impacted products to prevent potential exploitation.?
Note: Please follow your organisations patching and testing guidelines to avoid operational impact.?
| Product? | Vulnerability? | Article? | Download? |
| Windows Server 2022, 23H2 Edition? | CVE-2024-38074, CVE-2024-38076, CVE-2024-38077, CVE-2024-38112, CVE-2024-38080, CVE-2024-38060? | ? | ? |
| Windows Server 2022? | CVE-2024-38074, CVE-2024-38076, CVE-2024-38077, CVE-2024-38112, CVE-2024-38080, CVE-2024-38060? | ? | ? |
| Windows Server 2019? | CVE-2024-38074, CVE-2024-38076, CVE-2024-38077, CVE-2024-38112, CVE-2024-38060? | ? | ? |
| Windows Server 2016? | CVE-2024-38074, CVE-2024-38076, CVE-2024-38077, CVE-2024-38112, CVE-2024-38060? | ? | ? |
| Windows Server 2012 R2? | CVE-2024-38074, CVE-2024-38077, CVE-2024-38112, CVE-2024-38060? | ? | ? |
| Windows Server 2012? | CVE-2024-38074, CVE-2024-38077, CVE-2024-38060? | ? | ? |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1? | CVE-2024-38074, CVE-2024-38077, CVE-2024-38060? | ? | ? |
| Windows Server 2008 for x64-based Systems Service Pack 2? | CVE-2024-38077, CVE-2024-38112? | ? | ? |
| Windows Server 2008 for 32-bit Systems Service Pack 2? | CVE-2024-38077, CVE-2024-38112? | ? | ? |
| Windows 11 Version 23H2 for x64-based Systems? | CVE-2024-38112, CVE-2024-38080, CVE-2024-38060? | ? | ? |
| Windows 11 Version 23H2 for ARM64-based Systems? | CVE-2024-38112, CVE-2024-38080, CVE-2024-38060? | ? | ? |
| Windows 11 Version 22H2 for x64-based Systems? | CVE-2024-38112, CVE-2024-38080, CVE-2024-38060? | ? | ? |
| Windows 11 Version 22H2 for ARM64-based Systems? | CVE-2024-38112, CVE-2024-38080, CVE-2024-38060? | ? | ? |
| Windows 11 version 21H2 for x64-based Systems? | CVE-2024-38112, CVE-2024-38080, CVE-2024-38060? | ? | ? |
| Windows 11 version 21H2 for ARM64-based Systems? | CVE-2024-38112, CVE-2024-38080, CVE-2024-38060? | ? | ? |
| Windows 10 Version 22H2 for x64-based Systems? | CVE-2024-38112, CVE-2024-38060? | ? | ? |
| Windows 10 Version 22H2 for ARM64-based Systems? | CVE-2024-38112, CVE-2024-38060? | ? | ? |
| Windows 10 Version 22H2 for 32-bit Systems? | CVE-2024-38112, CVE-2024-38060? | ? | ? |
| Windows 10 Version 21H2 for x64-based Systems? | CVE-2024-38112, CVE-2024-38060? | ? | ? |
| Windows 10 Version 21H2 for ARM64-based Systems? | CVE-2024-38112, CVE-2024-38060? | ? | ? |
| Windows 10 Version 21H2 for 32-bit Systems? | CVE-2024-38112, CVE-2024-38060? | ? | ? |
| Windows 10 Version 1809 for x64-based Systems? | CVE-2024-38112, CVE-2024-38060? | ? | ? |
| Windows 10 Version 1809 for ARM64-based Systems? | CVE-2024-38112, CVE-2024-38060? | ? | ? |
| Windows 10 Version 1809 for 32-bit Systems? | CVE-2024-38112, CVE-2024-38060? | ? | ? |
| Windows 10 Version 1607 for x64-based Systems? | CVE-2024-38112, CVE-2024-38060? | ? | ? |
| Windows 10 Version 1607 for 32-bit Systems? | CVE-2024-38112, CVE-2024-38060? | ? | ? |
| Windows 10 for x64-based Systems? | CVE-2024-38112, CVE-2024-38060? | ? | ? |
| Windows 10 for 32-bit Systems? | CVE-2024-38112, CVE-2024-38060? | ? | ? |
| Microsoft Office LTSC 2021 for 64-bit editions? | CVE-2024-38021? | ? | See Run link to the left? |
| Microsoft Office LTSC 2021 for 32-bit editions? | CVE-2024-38021? | ? | See Run link to the left? |
| Microsoft Office 2019 for 64-bit editions? | CVE-2024-38021? | ? | See Run link to the left? |
| Microsoft Office 2019 for 32-bit editions? | CVE-2024-38021? | ? | See Run link to the left? |
| Microsoft Office 2016 (64-bit edition)? | CVE-2024-38021? | ? | ? |
| Microsoft Office 2016 (32-bit edition)? | CVE-2024-38021? | ? | ? |
| Microsoft 365 Apps for Enterprise for 64-bit Systems? | CVE-2024-38021? | ? | See Run link to the left? |
| Microsoft 365 Apps for Enterprise for 32-bit Systems? | CVE-2024-38021? | ? | See Run link to the left? |
Workarounds?
Mitigating CVE-2024-38076, CVE-2024-38074, and CVE-2024-38077: Disable Remote Desktop Licensing Service?
If unable to patch, to mitigate CVE-2024-38076, CVE-2024-38074, and CVE-2024-38077, Microsoft recommends disabling the Remote Desktop Licensing Service if it is not being used. Disabling unused and unneeded services in general will reduce the attack surface of your environment.?
