Aggiornamenti Mensili Microsoft – Luglio 2024

Lug 10, 2024 | Articoli

Sintesi

Microsoft ha rilasciato gli aggiornamenti di sicurezza mensili che risolvono un totale di 142 nuove vulnerabilità, di cui 4 di tipo 0-day.

Note: un Proof of Concept (PoC) per lo sfruttamento delle CVE-2024-35264CVE-2024-37985 risulta disponibile in rete.

Note: il vendor afferma che le CVE-2024-38080CVE-2024-38112 risultano essere sfruttate attivamente in rete.

Rischio

Stima d’impatto della vulnerabilità sulla comunità di riferimento: GRAVE/ROSSO (77,05/100)1.

Tipologia

  • Information Disclosure
  • Spoofing
  • Elevation of Privilege
  • Remote Code Execution
  • Security Feature Bypass
  • Denial of Service

Prodotti e versioni affette

 

  • .NET and Visual Studio
  • Active Directory Certificate Services; Active Directory Domain Services
  • Active Directory Federation Services
  • Azure CycleCloud
  • Azure DevOps
  • Azure Kinect SDK
  • Azure Network Watcher
  • Line Printer Daemon Service (LPD)
  • Microsoft Defender for IoT
  • Microsoft Dynamics
  • Microsoft Graphics Component
  • Microsoft Office
  • Microsoft Office Outlook
  • Microsoft Office SharePoint
  • Microsoft Streaming Service
  • Microsoft Windows Codecs Library
  • Microsoft WS-Discovery
  • NDIS
  • SQL Server
  • Windows BitLocker
  • Windows COM Session
  • Windows CoreMessaging
  • Windows Cryptographic Services
  • Windows DHCP Server
  • Windows Distributed Transaction Coordinator
  • Windows Enroll Engine
  • Windows Fax and Scan Service
  • Windows Filtering
  • Windows Hyper-V
  • Windows Image Acquisition
  • Windows Internet Connection Sharing (ICS)
  • Windows iSCSI
  • Windows Kernel
  • Windows Kernel-Mode Drivers
  • Windows LockDown Policy (WLDP)
  • Windows Message Queuing
  • Windows MSHTML Platform
  • Windows MultiPoint Services
  • Windows NTLM
  • Windows Online Certificate Status Protocol (OCSP)
  • Windows Performance Monitor
  • Windows PowerShell
  • Windows Remote Access Connection Manager
  • Windows Remote Desktop
  • Windows Remote Desktop Licensing Service
  • Windows Secure Boot
  • Windows Server Backup
  • Windows TCP/IP
  • Windows Themes
  • Windows Win32 Kernel Subsystem
  • Windows Win32K – GRFX
  • Windows Win32K – ICOMP
  • Windows Workstation Service
  • XBox Crypto Graphic Services

 

Azioni di mitigazione

In linea con le dichiarazioni del vendor, si raccomanda di procedere all’aggiornamento dei prodotti impattati attraverso l’apposita funzione di Windows Update.

Identificatori univoci vulnerabilità

CVE-ID
CVE-2024-38092 CVE-2024-21417 CVE-2024-21428 CVE-2024-38010
CVE-2024-38058 CVE-2024-39684 CVE-2024-38069 CVE-2024-38078
CVE-2024-38033 CVE-2024-38052 CVE-2024-38072 CVE-2024-30071
CVE-2024-35264 CVE-2024-38079 CVE-2024-38064 CVE-2024-21425
CVE-2024-30081 CVE-2024-38085 CVE-2024-38013 CVE-2024-37328
CVE-2024-21415 CVE-2024-38112 CVE-2024-38059 CVE-2024-38067
CVE-2024-38091 CVE-2024-37975 CVE-2024-28899 CVE-2024-37327
CVE-2024-38022 CVE-2024-37330 CVE-2024-38095 CVE-2024-21414
CVE-2024-37970 CVE-2024-38080 CVE-2024-38017 CVE-2024-38068
CVE-2024-37326 CVE-2024-38027 CVE-2024-37977 CVE-2024-38054
CVE-2024-38104 CVE-2024-38053 CVE-2024-30061 CVE-2024-38088
CVE-2024-35267 CVE-2024-38073 CVE-2024-21398 CVE-2024-38028
CVE-2024-37320 CVE-2024-21331 CVE-2024-38057 CVE-2024-37971
CVE-2024-38024 CVE-2024-37969 CVE-2024-38517 CVE-2024-21333
CVE-2024-38044 CVE-2024-37972 CVE-2024-38055 CVE-2024-38048
CVE-2024-35256 CVE-2024-21332 CVE-2024-37981 CVE-2024-35272
CVE-2024-28928 CVE-2024-38101 CVE-2024-35261 CVE-2024-37973
CVE-2024-21317 CVE-2024-38086 CVE-2024-21449 CVE-2024-37974
CVE-2024-30079 CVE-2024-38070 CVE-2024-38087 CVE-2024-37321
CVE-2024-37989 CVE-2024-37978 CVE-2024-38050 CVE-2024-35270
CVE-2024-30013 CVE-2024-38061 CVE-2024-38060 CVE-2024-35266
CVE-2024-38102 CVE-2024-38047 CVE-2024-26184 CVE-2024-38100
CVE-2024-38049 CVE-2024-37322 CVE-2024-38043 CVE-2024-20701
CVE-2024-21303 CVE-2024-37324 CVE-2024-38062 CVE-2024-21308
CVE-2024-38071 CVE-2024-37336 CVE-2024-38066 CVE-2024-38094
CVE-2024-37332 CVE-2024-37323 CVE-2024-38031 CVE-2024-38034
CVE-2024-35271 CVE-2024-37988 CVE-2024-38025 CVE-2024-38105
CVE-2024-37334 CVE-2024-37318 CVE-2024-37333 CVE-2024-38099
CVE-2024-37319 CVE-2024-37329 CVE-2024-37986 CVE-2024-21373
CVE-2024-38041 CVE-2024-38089 CVE-2024-30098 CVE-2024-37987
CVE-2024-38015 CVE-2024-38032 CVE-2024-3596 CVE-2024-38030
CVE-2024-30105 CVE-2024-38019 CVE-2024-21335 CVE-2024-37331
CVE-2024-38020 CVE-2024-32987 CVE-2024-38051 CVE-2024-38011
CVE-2024-38076 CVE-2024-37985 CVE-2024-38081 CVE-2024-37984
CVE-2024-38023 CVE-2024-38056 CVE-2024-38077 CVE-2024-38065
CVE-2024-38074 CVE-2024-38021

Riferimenti

https://msrc.microsoft.com/update-guide/releaseNote/2024-Jul

https://msrc.microsoft.com/update-guide (NB: filtro: patch tuesday – July 2024)