Skip to main content
To Customer Support To Customer Support

July 2024 Security Updates
This release consists of the following 139 Microsoft CVEs:
Tag CVE Base Score CVSS Vector Exploitability FAQs? Workarounds? Mitigations?

SQL Server CVE-2024-20701
SQL Server CVE-2024-21303
SQL Server CVE-2024-21308
SQL Server CVE-2024-21317
SQL Server CVE-2024-21331
SQL Server CVE-2024-21332
SQL Server CVE-2024-21333
SQL Server CVE-2024-21335
SQL Server CVE-2024-21373
SQL Server CVE-2024-21398
SQL Server CVE-2024-21414
SQL Server CVE-2024-21415
Windows CoreMessaging CVE-2024-21417
SQL Server CVE-2024-21425
SQL Server CVE-2024-21428
SQL Server CVE-2024-21449
Windows Secure Boot CVE-2024-26184
Windows Secure Boot CVE-2024-28899
SQL Server CVE-2024-28928
Windows MultiPoint Services CVE-2024-30013
Microsoft Dynamics CVE-2024-30061
Windows Remote Access Connection Manager CVE-2024-30071
Windows Remote Access Connection Manager CVE-2024-30079
Windows NTLM CVE-2024-30081
Windows Cryptographic Services CVE-2024-30098
.NET and Visual Studio CVE-2024-30105
Microsoft Office SharePoint CVE-2024-32987
SQL Server CVE-2024-35256
Azure Network Watcher CVE-2024-35261
.NET and Visual Studio CVE-2024-35264
Azure DevOps CVE-2024-35266
Azure DevOps CVE-2024-35267
Windows iSCSI CVE-2024-35270
SQL Server CVE-2024-35271
SQL Server CVE-2024-35272
SQL Server CVE-2024-37318
SQL Server CVE-2024-37319
SQL Server CVE-2024-37320
SQL Server CVE-2024-37321
SQL Server CVE-2024-37322
SQL Server CVE-2024-37323
SQL Server CVE-2024-37324
SQL Server CVE-2024-37326
SQL Server CVE-2024-37327
SQL Server CVE-2024-37328
SQL Server CVE-2024-37329
SQL Server CVE-2024-37330
SQL Server CVE-2024-37331
SQL Server CVE-2024-37332
SQL Server CVE-2024-37333
SQL Server CVE-2024-37334
SQL Server CVE-2024-37336
Windows Secure Boot CVE-2024-37969
Windows Secure Boot CVE-2024-37970
Windows Secure Boot CVE-2024-37971
Windows Secure Boot CVE-2024-37972
Windows Secure Boot CVE-2024-37973
Windows Secure Boot CVE-2024-37974
Windows Secure Boot CVE-2024-37975
Windows Secure Boot CVE-2024-37977
Windows Secure Boot CVE-2024-37978
Windows Secure Boot CVE-2024-37981
Windows Secure Boot CVE-2024-37984
Windows Secure Boot CVE-2024-37986
Windows Secure Boot CVE-2024-37987
Windows Secure Boot CVE-2024-37988
Windows Secure Boot CVE-2024-37989
Windows Secure Boot CVE-2024-38010
Windows Secure Boot CVE-2024-38011
Windows Server Backup CVE-2024-38013
Windows Remote Desktop CVE-2024-38015
Windows Message Queuing CVE-2024-38017
Windows Performance Monitor CVE-2024-38019
Microsoft Office Outlook CVE-2024-38020
Microsoft Office CVE-2024-38021
Windows Image Acquisition CVE-2024-38022
Microsoft Office SharePoint CVE-2024-38023
Microsoft Office SharePoint CVE-2024-38024
Windows Performance Monitor CVE-2024-38025
Line Printer Daemon Service (LPD) CVE-2024-38027
Windows Performance Monitor CVE-2024-38028
Windows Themes CVE-2024-38030
Windows Online Certificate Status Protocol (OCSP) CVE-2024-38031
XBox Crypto Graphic Services CVE-2024-38032
Windows PowerShell CVE-2024-38033
Windows Filtering CVE-2024-38034
Windows Kernel CVE-2024-38041
Windows PowerShell CVE-2024-38043
Windows DHCP Server CVE-2024-38044
Windows PowerShell CVE-2024-38047
NDIS CVE-2024-38048
Windows Distributed Transaction Coordinator CVE-2024-38049
Windows Workstation Service CVE-2024-38050
Microsoft Graphics Component CVE-2024-38051
Microsoft Streaming Service CVE-2024-38052
Windows Internet Connection Sharing (ICS) CVE-2024-38053
Microsoft Streaming Service CVE-2024-38054
Microsoft Windows Codecs Library CVE-2024-38055
Microsoft Windows Codecs Library CVE-2024-38056
Microsoft Streaming Service CVE-2024-38057
Windows BitLocker CVE-2024-38058
Windows Win32K - ICOMP CVE-2024-38059
Microsoft Windows Codecs Library CVE-2024-38060
Role: Active Directory Certificate Services; Active Directory Domain Services CVE-2024-38061
Windows Kernel-Mode Drivers CVE-2024-38062
Windows TCP/IP CVE-2024-38064
Windows Secure Boot CVE-2024-38065
Windows Win32K - GRFX CVE-2024-38066
Windows Online Certificate Status Protocol (OCSP) CVE-2024-38067
Windows Online Certificate Status Protocol (OCSP) CVE-2024-38068
Windows Enroll Engine CVE-2024-38069
Windows LockDown Policy (WLDP) CVE-2024-38070
Windows Remote Desktop Licensing Service CVE-2024-38071
Windows Remote Desktop Licensing Service CVE-2024-38072
Windows Remote Desktop Licensing Service CVE-2024-38073
Windows Remote Desktop Licensing Service CVE-2024-38074
Active Directory Federation Services CVE-2024-38075
Windows Remote Desktop CVE-2024-38076
Windows Remote Desktop Licensing Service CVE-2024-38077
XBox Crypto Graphic Services CVE-2024-38078
Microsoft Graphics Component CVE-2024-38079
Role: Windows Hyper-V CVE-2024-38080
.NET and Visual Studio CVE-2024-38081
Windows Win32 Kernel Subsystem CVE-2024-38085
Azure Kinect SDK CVE-2024-38086
SQL Server CVE-2024-38087
SQL Server CVE-2024-38088
Microsoft Defender for IoT CVE-2024-38089
Microsoft WS-Discovery CVE-2024-38091
Azure CycleCloud CVE-2024-38092
Microsoft Office SharePoint CVE-2024-38094
.NET and Visual Studio CVE-2024-38095
Windows Remote Desktop Licensing Service CVE-2024-38099
Windows COM Session CVE-2024-38100
Windows Internet Connection Sharing (ICS) CVE-2024-38101
Windows Internet Connection Sharing (ICS) CVE-2024-38102
Windows Fax and Scan Service CVE-2024-38104
Windows Internet Connection Sharing (ICS) CVE-2024-38105
Windows MSHTML Platform CVE-2024-38112

We are republishing 4 non-Microsoft CVEs:
CNA Tag CVE FAQs? Workarounds? Mitigations?
CERT/CC NPS RADIUS Server CVE-2024-3596 Yes No No
Intel Intel CVE-2024-37985 Yes No No
GitHub Active Directory Rights Management Services CVE-2024-38517 Yes No No
Github Active Directory Rights Management Services CVE-2024-39684 Yes No No

Security Update Guide Blog Posts
Date Blog Post
June 27, 2024 Toward greater transparency: Unveiling Cloud Service CVEs
April 9, 2024 Toward greater transparency: Security Update Guide now shares CWEs for CVEs
January 6, 2023 Publishing CBL-Mariner CVEs on the Security Update Guide CVRF API
January 11, 2022 Coming Soon: New Security Update Guide Notification System
February 9, 2021 Continuing to Listen: Good News about the Security Update Guide API
January 13, 2021 Security Update Guide Supports CVEs Assigned by Industry Partners
December 8, 2020 Security Update Guide: Let’s keep the conversation going
November 9, 2020 Vulnerability Descriptions in the New Version of the Security Update Guide

Relevant Resources

  • The new Hotpatching feature is now generally available. Please see Hotpatching feature for Windows Server Azure Edition virtual machines (VMs) for more information.
  • Windows 10 and Windows 11 updates are cumulative. The monthly security release includes all security fixes for vulnerabilities that affect Windows 10 and Windows 11, in addition to non-security updates. The updates are available via the Microsoft Update Catalog. For information on lifecycle and support dates for Windows 10 and Windows 11 operating systems, please see Windows Lifecycle Facts Sheet.
  • Microsoft is improving Windows Release Notes. For more information, please see What's next for Windows release notes.
  • A list of the latest servicing stack updates for each operating system can be found in ADV990001. This list will be updated whenever a new servicing stack update is released. It is important to install the latest servicing stack update.
  • In addition to security changes for the vulnerabilities, updates include defense-in-depth updates to help improve security-related features.
  • Customers running Windows Server 2008 R2, or Windows Server 2008 need to purchase the Extended Security Update to continue receiving security updates. See 4522133 for more information.

Known Issues
You can see these in more detail from the Deployments tab by selecting Known Issues column in the Edit Columns panel.

For more information about Windows Known Issues, please see Windows message center (links to currently-supported versions of Windows are in the left pane).

KB Article Applies To
5040427 Windows 10, version 21H2, Windows 10, version 22H2
5040430 Windows 10, version 1809, Windows Server 2019
5040431 Windows 11, version 21H2
5040437 Windows Server 2022
5040442 Windows 11, version 22H2, Windows 11, version 23H2
5040490 Windows Server 2008 (Security-only update)
5040499 Windows Server 2008 (Monthly Rollup)

Released: Jul 9, 2024
July 2024 Security Updates - Release Notes - Security Update Guide - Microsoft

CVEs have been published or revised in the Security Update Guide
July 10, 2024

These common vulnerabilities and exposures (CVEs) were recently published or revised in the Microsoft Security Update Guide:

CVE-2024-30098

· Title: Windows Cryptographic Services Security Feature Bypass Vulnerability

· Version: 1.1

· Reason for revision: Added FAQ to explain how this vulnerability is being addressed and further actions customers must take to be protected from it. This is an informational change only.

· Originally released: July 9, 2024

· Last updated: July 10, 2024

Aggregate CVE Severity Rating: Important

CVEs have been published or revised in the Security Update Guide
July 12, 2024

These common vulnerabilities and exposures (CVEs) were recently published or revised in the Microsoft Security Update Guide:

CVE-2024-6387

· Title: RedHat Openssh: CVE-2024-6387 Remote Code Execution Due To A Race Condition In Signal Handling

· Version: 1.0

· Reason for revision: Information published.

· Originally released: July 12, 2024

· Last updated: July 12, 2024

Aggregate CVE Severity Rating:

CVEs have been published or revised in the Security Update Guide

July 18, 2024

These common vulnerabilities and exposures (CVEs) were recently published or revised in the Microsoft Security Update Guide:

CVE-2024-38156

  • Title: Microsoft Edge (Chromium-based) Spoofing Vulnerability
  • Version: 1.0
  • Reason for revision: Information published.
  • Originally released: July 17, 2024
  • Last updated: July 17, 2024
  • Aggregate CVE Severity Rating: Moderate

CVE-2024-6387

  • Title: RedHat Openssh: CVE-2024-6387 Remote Code Execution Due To A Race Condition In Signal Handling
  • Version: 1.1
  • Reason for revision: Updated FAQ information. This is an informational change only.
  • Originally released: July 11, 2024
  • Last updated: July 15, 2024
  • Aggregate CVE Severity Rating:

CVE-2024-6772

  • Title: Chromium: CVE-2024-6772 Inappropriate implementation in V8
  • Version: 1.0
  • Reason for revision: Information published.
  • Originally released: July 18, 2024
  • Last updated: July 18, 2024
  • Aggregate CVE Severity Rating:

CVE-2024-6773

  • Title: Chromium: CVE-2024-6773 Type Confusion in V8
  • Version: 1.0
  • Reason for revision: Information published.
  • Originally released: July 18, 2024
  • Last updated: July 18, 2024
  • Aggregate CVE Severity Rating:

CVE-2024-6774

  • Title: Chromium: CVE-2024-6774 Use after free in Screen Capture
  • Version: 1.0
  • Reason for revision: Information published.
  • Originally released: July 18, 2024
  • Last updated: July 18, 2024
  • Aggregate CVE Severity Rating:

CVE-2024-6775

  • Title: Chromium: CVE-2024-6775 Use after free in Media Stream
  • Version: 1.0
  • Reason for revision: Information published.
  • Originally released: July 18, 2024
  • Last updated: July 18, 2024
  • Aggregate CVE Severity Rating:

CVE-2024-6776

  • Title: Chromium: CVE-2024-6776 Use after free in Audio
  • Version: 1.0
  • Reason for revision: Information published.
  • Originally released: July 18, 2024
  • Last updated: July 18, 2024
  • Aggregate CVE Severity Rating:

CVE-2024-6777

  • Title: Chromium: CVE-2024-6777 Use after free in Navigation
  • Version: 1.0
  • Reason for revision: Information published.
  • Originally released: July 18, 2024
  • Last updated: July 18, 2024
  • Aggregate CVE Severity Rating:

CVE-2024-6778

  • Title: Chromium: CVE-2024-6778 Race in DevTools
  • Version: 1.0
  • Reason for revision: Information published.
  • Originally released: July 18, 2024
  • Last updated: July 18, 2024
  • Aggregate CVE Severity Rating:

CVE-2024-6779

  • Title: Chromium: CVE-2024-6779 Out of bounds memory access in V8
  • Version: 1.0
  • Reason for revision: Information published.
  • Originally released: July 18, 2024
  • Last updated: July 18, 2024
  • Aggregate CVE Severity Rating:
  

CVEs have been published or revised in the Security Update Guide

July 23, 2024

These common vulnerabilities and exposures (CVEs) were recently published or revised in the Microsoft Security Update Guide:

CVE-2024-38164

  • Title: GroupMe Elevation of Privilege Vulnerability
  • Version: 1.0
  • Reason for revision: Information published.
  • Originally released: July 23, 2024
  • Last updated: July 23, 2024
  • Aggregate CVE Severity Rating: Critical

CVE-2024-38176

  • Title: GroupMe Elevation of Privilege Vulnerability
  • Version: 1.0
  • Reason for revision: Information published.
  • Originally released: July 23, 2024
  • Last updated: July 23, 2024

Aggregate CVE Severity Rating: Critical

CVEs have been published or revised in the Security Update Guide

July 25, 2024

These common vulnerabilities and exposures (CVEs) were recently published or revised in the Microsoft Security Update Guide:

CVE-2024-30105

  • Title: .NET Core and Visual Studio Denial of Service Vulnerability
  • Version: 2.0
  • Reason for revision: Revised the Security Updates table to include PowerShell 7.4 because this version of PowerShell 7 is affected by this vulnerability. See [https://github.com/PowerShell/Announcements/issues/65](https://github.com/PowerShell/Announcements/issues/65) for more information.
  • Originally released: July 9, 2024
  • Last updated: July 25, 2024
  • Aggregate CVE Severity Rating: Important

CVE-2024-38081

  • Title: .NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability
  • Version: 2.0
  • Reason for revision: In the Security Updates table, made the following corrections: 1) Added .NET 6.0 as it is affected by this vulnerability. 2) Removed NET 8.0 as it is not affected by this vulnerability. 3) Corrected Download and Article links for .NET 3.5 and 4.7.2 installed on Windows 10 Version 1809 for 32-bit Systems.
  • Originally released: July 9, 2024
  • Last updated: July 25, 2024
  • Aggregate CVE Severity Rating: Important

CVE-2024-38095

  • Title: .NET and Visual Studio Denial of Service Vulnerability
  • Version: 2.0
  • Reason for revision: Revised the Security Updates table to include PowerShell 7.4 and 7.2 because these versions of PowerShell 7 are affected by this vulnerability. See [https://github.com/PowerShell/Announcements/issues/64](https://github.com/PowerShell/Announcements/issues/64) for more information.
  • Originally released: July 9, 2024
  • Last updated: July 25, 2024
  • Aggregate CVE Severity Rating: Important
  

CVEs have been published or revised in the Security Update Guide

July 25, 2024

These common vulnerabilities and exposures (CVEs) were recently published or revised in the Microsoft Security Update Guide:

CVE-2024-38103

  • Title: Microsoft Edge (Chromium-based) Information Disclosure Vulnerability
  • Version: 1.0
  • Reason for revision: Information published.
  • Originally released: July 25, 2024
  • Last updated: July 25, 2024
  • Aggregate CVE Severity Rating: Moderate

CVE-2024-39379

  • Title: Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
  • Version: 1.0
  • Reason for revision: Information published.
  • Originally released: July 25, 2024
  • Last updated: July 25, 2024
  • Aggregate CVE Severity Rating: Moderate

CVE-2024-6988

  • Title: Chromium: CVE-2024-6988 Use after free in Downloads
  • Version: 1.0
  • Reason for revision: Information published.
  • Originally released: July 25, 2024
  • Last updated: July 25, 2024
  • Aggregate CVE Severity Rating:

CVE-2024-6989

  • Title: Chromium: CVE-2024-6989 Use after free in Loader
  • Version: 1.0
  • Reason for revision: Information published.
  • Originally released: July 25, 2024
  • Last updated: July 25, 2024
  • Aggregate CVE Severity Rating:

CVE-2024-6991

  • Title: Chromium: CVE-2024-6991 Use after free in Dawn
  • Version: 1.0
  • Reason for revision: Information published.
  • Originally released: July 25, 2024
  • Last updated: July 25, 2024
  • Aggregate CVE Severity Rating:

CVE-2024-6992

  • Title: Chromium: CVE-2024-6992
  • Version: 1.0
  • Reason for revision: Information published.
  • Originally released: July 25, 2024
  • Last updated: July 25, 2024
  • Aggregate CVE Severity Rating:

CVE-2024-6993

  • Title: Chromium: CVE-2024-6993
  • Version: 1.0
  • Reason for revision: Information published.
  • Originally released: July 25, 2024
  • Last updated: July 25, 2024
  • Aggregate CVE Severity Rating:

CVE-2024-6994

  • Title: Chromium: CVE-2024-6994 Heap buffer overflow in Layout
  • Version: 1.0
  • Reason for revision: Information published.
  • Originally released: July 25, 2024
  • Last updated: July 25, 2024
  • Aggregate CVE Severity Rating:

CVE-2024-6995

  • Title: Chromium: CVE-2024-6995 Inappropriate implementation in Fullscreen
  • Version: 1.0
  • Reason for revision: Information published.
  • Originally released: July 25, 2024
  • Last updated: July 25, 2024
  • Aggregate CVE Severity Rating:

CVE-2024-6996

  • Title: Chromium: CVE-2024-6996 Race in Frames
  • Version: 1.0
  • Reason for revision: Information published.
  • Originally released: July 25, 2024
  • Last updated: July 25, 2024
  • Aggregate CVE Severity Rating:

CVE-2024-6997

  • Title: Chromium: CVE-2024-6997 Use after free in Tabs
  • Version: 1.0
  • Reason for revision: Information published.
  • Originally released: July 25, 2024
  • Last updated: July 25, 2024
  • Aggregate CVE Severity Rating:

CVE-2024-6998

  • Title: Chromium: CVE-2024-6998 Use after free in User Education
  • Version: 1.0
  • Reason for revision: Information published.
  • Originally released: July 25, 2024
  • Last updated: July 25, 2024
  • Aggregate CVE Severity Rating:

CVE-2024-6999

  • Title: Chromium: CVE-2024-6999 Inappropriate implementation in FedCM
  • Version: 1.0
  • Reason for revision: Information published.
  • Originally released: July 25, 2024
  • Last updated: July 25, 2024
  • Aggregate CVE Severity Rating:

CVE-2024-7000

  • Title: Chromium: CVE-2024-7000 Use after free in CSS
  • Version: 1.0
  • Reason for revision: Information published.
  • Originally released: July 25, 2024
  • Last updated: July 25, 2024
  • Aggregate CVE Severity Rating:

CVE-2024-7001

  • Title: Chromium: CVE-2024-7001 Inappropriate implementation in HTML
  • Version: 1.0
  • Reason for revision: Information published.
  • Originally released: July 25, 2024
  • Last updated: July 25, 2024
  • Aggregate CVE Severity Rating:

CVE-2024-7003

  • Title: Chromium: CVE-2024-7003 Inappropriate implementation in FedCM
  • Version: 1.0
  • Reason for revision: Information published.
  • Originally released: July 25, 2024
  • Last updated: July 25, 2024
  • Aggregate CVE Severity Rating:

CVE-2024-7004

  • Title: Chromium: CVE-2024-7004 Insufficient validation of untrusted input in Safe Browsing
  • Version: 1.0
  • Reason for revision: Information published.
  • Originally released: July 25, 2024
  • Last updated: July 25, 2024
  • Aggregate CVE Severity Rating:

CVE-2024-7005

  • Title: Chromium: CVE-2024-7005 Insufficient validation of untrusted input in Safe Browsing
  • Version: 1.0
  • Reason for revision: Information published.
  • Originally released: July 25, 2024
  • Last updated: July 25, 2024
  • Aggregate CVE Severity Rating:
  

CVEs have been published or revised in the Security Update Guide

August 1, 2024

These common vulnerabilities and exposures (CVEs) were recently published or revised in the Microsoft Security Update Guide:

CVE-2024-37973

  • Title: Secure Boot Security Feature Bypass Vulnerability
  • Version: 1.1
  • Reason for revision: Updated one or more CVSS scores for the affected products. This is an informational change only.
  • Originally released: July 9, 2024
  • Last updated: July 31, 2024
  • Aggregate CVE Severity Rating: Important

CVE-2024-38182

  • Title: Microsoft Dynamics 365 Elevation of Privilege Vulnerability
  • Version: 1.0
  • Reason for revision: Information published.
  • Originally released: July 31, 2024
  • Last updated: July 31, 2024
  • Aggregate CVE Severity Rating: Critical
  
CVEs have been published or revised in the Security Update Guide
August 1, 2024

These common vulnerabilities and exposures (CVEs) were recently published or revised in the Microsoft Security Update Guide:

CVE-2024-6990

· Title: Chromium: CVE-2024-6990 Uninitialized Use in Dawn

· Version: 1.0

· Reason for revision: Information published.

· Originally released: August 1, 2024

· Last updated: August 1, 2024

· Aggregate CVE Severity Rating:

CVE-2024-7255

· Title: Chromium: CVE-2024-7255 Out of bounds read in WebTransport

· Version: 1.0

· Reason for revision: Information published.

· Originally released: August 1, 2024

· Last updated: August 1, 2024

· Aggregate CVE Severity Rating:

CVE-2024-7256

· Title: Chromium: CVE-2024-7256 Insufficient data validation in Dawn

· Version: 1.0

· Reason for revision: Information published.

· Originally released: August 1, 2024

· Last updated: August 1, 2024

Aggregate CVE Severity Rating:
 
 

CVEs have been published or revised in the Security Update Guide

August 6, 2024

These common vulnerabilities and exposures (CVEs) were recently published or revised in the Microsoft Security Update Guide:

CVE-2024-38166

  • Title: Microsoft Dynamics 365 Cross-site Scripting Vulnerability
  • Version: 1.0
  • Reason for revision: Information published.
  • Originally released: August 6, 2024
  • Last updated: August 6, 2024
  • Aggregate CVE Severity Rating: Critical

CVE-2024-38206

  • Title: Microsoft Copilot Studio Information Disclosure Vulnerability
  • Version: 1.0
  • Reason for revision: Information published.
  • Originally released: August 6, 2024
  • Last updated: August 6, 2024
  • Aggregate CVE Severity Rating: Critical

CVE-2024-6990

  • Title: Chromium: CVE-2024-6990 Uninitialized Use in Dawn
  • Version: 1.0
  • Reason for revision: Information published.
  • Originally released: August 1, 2024
  • Last updated: August 1, 2024
  • Aggregate CVE Severity Rating:

CVE-2024-7255

  • Title: Chromium: CVE-2024-7255 Out of bounds read in WebTransport
  • Version: 1.0
  • Reason for revision: Information published.
  • Originally released: August 1, 2024
  • Last updated: August 1, 2024
  • Aggregate CVE Severity Rating:
  

CVEs have been published or revised in the Security Update Guide
August 8, 2024

These common vulnerabilities and exposures (CVEs) were recently published or revised in the Microsoft Security Update Guide:

CVE-2024-21302

· Title: Windows Secure Kernel Mode Elevation of Privilege Vulnerability

· Version: 2.0

· Reason for revision: Added the Details, Recommended Actions, and Detections sections in the CVE Executive Summary because these were omitted when the CVE was initially published.

· Originally released: August 7, 2024

· Last updated: August 8, 2024

· Aggregate CVE Severity Rating: Important

CVE-2024-38202

· Title: Windows Update Stack Elevation of Privilege Vulnerability

· Version: 1.1

· Reason for revision: Added an additional recommended action option and edited the details of a separate recommended action in the CVE Executive Summary.

· Originally released: August 7, 2024

· Last updated: August 8, 2024

Aggregate CVE Severity Rating: Important

CVEs have been published or revised in the Security Update Guide

August 8, 2024

These common vulnerabilities and exposures (CVEs) were recently published or revised in the Microsoft Security Update Guide:

CVE-2024-38200

  • Title: Microsoft Office Spoofing Vulnerability
  • Version: 1.0
  • Reason for revision: Information published.
  • Originally released: August 8, 2024
  • Last updated: August 8, 2024
  • Aggregate CVE Severity Rating: Important

CVE-2024-38218

  • Title: Microsoft Edge (HTML-based) Memory Corruption Vulnerability
  • Version: 1.0
  • Reason for revision: Information published.
  • Originally released: August 8, 2024
  • Last updated: August 8, 2024
  • Aggregate CVE Severity Rating: Important

CVE-2024-38219

  • Title: Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
  • Version: 1.0
  • Reason for revision: Information published.
  • Originally released: August 8, 2024
  • Last updated: August 8, 2024
  • Aggregate CVE Severity Rating: Moderate

CVE-2024-7532

  • Title: Chromium: CVE-2024-7533 Use after free in Sharing
  • Version: 1.0
  • Reason for revision: Information published.
  • Originally released: August 8, 2024
  • Last updated: August 8, 2024
  • Aggregate CVE Severity Rating:

CVE-2024-7533

  • Title: Chromium: CVE-2024-7534 Heap buffer overflow in Layout
  • Version: 1.0
  • Reason for revision: Information published.
  • Originally released: August 8, 2024
  • Last updated: August 8, 2024
  • Aggregate CVE Severity Rating:

CVE-2024-7534

  • Title: Chromium: CVE-2024-7535 Inappropriate implementation in V8
  • Version: 1.0
  • Reason for revision: Information published.
  • Originally released: August 8, 2024
  • Last updated: August 8, 2024
  • Aggregate CVE Severity Rating:

CVE-2024-7535

  • Title: Chromium: CVE-2024-7536 Use after free in WebAudio
  • Version: 1.0
  • Reason for revision: Information published.
  • Originally released: August 8, 2024
  • Last updated: August 8, 2024
  • Aggregate CVE Severity Rating:

CVE-2024-7536

  • Title: Chromium: CVE-2024-7550 Type Confusion in V8
  • Version: 1.0
  • Reason for revision: Information published.
  • Originally released: August 8, 2024
  • Last updated: August 8, 2024
  • Aggregate CVE Severity Rating:

CVE-2024-7550

  • Title: Chromium: CVE-2024-7532 Out of bounds memory access in ANGLE
  • Version: 1.0
  • Reason for revision: Information published.
  • Originally released: August 8, 2024
  • Last updated: August 8, 2024
  • Aggregate CVE Severity Rating:
  

CVEs have been published or revised in the Security Update Guide
August 10, 2024

These common vulnerabilities and exposures (CVEs) were recently published or revised in the Microsoft Security Update Guide:

CVE-2024-38200

· Title: Microsoft Office Spoofing Vulnerability

· Version: 1.2

· Reason for revision: Updated the Publicly Disclosed information.

· Originally released: August 8, 2024

· Last updated: August 10, 2024

Aggregate CVE Severity Rating: Important

 

More info here: Microsoft discloses Office zero-day, still working on a patch

 

Reply


Terms & Conditions