Tripwire's July 2024 Patch Priority Index (PPI) brings together important vulnerabilities for Microsoft.
First on the list are patches for Microsoft Office and Outlook that resolve remote code execution and spoofing vulnerabilities.
Next are patches that affect components of the core Windows operating system. These patches resolve over 65 vulnerabilities, including elevation of privilege, information disclosure, security feature bypass, denial of service, and remote code execution vulnerabilities. These vulnerabilities affect core Windows, Kernel, Cryptographic Services, Imaging, Layer-2 Bridge Network Driver, Secure Boot, iSCSI Service, Graphics, Win32k, Message Queuing, and others.
Next up are patches for Visual Studio, .NET, .NET Framework, and PowerShell that resolve remote code execution, elevation of privilege, and denial of service vulnerabilities.
Lastly, administrators should focus on server-side patches for SharePoint, Active Directory, Azure DevOps, Hyper-V, SQL Server, Remote Desktop Licensing Service, and Dynamics. These patches resolve numerous issues including spoofing, remote code execution, information disclosure, elevation of privilege, and denial of service vulnerabilities. Note that there are 38 vulnerabilities impacting SQL Server this month.
| BULLETIN | CVE |
|---|---|
| Microsoft Office | CVE-2024-38021 |
| Microsoft Office Outlook | CVE-2024-38020 |
| Windows I | CVE-2024-38022, CVE-2024-38060, CVE-2024-38058, CVE-2024-38059, CVE-2024-30098, CVE-2024-38105, CVE-2024-38102, CVE-2024-38101, CVE-2024-38053, CVE-2024-38054, CVE-2024-38057, CVE-2024-38052, CVE-2024-37978, CVE-2024-37977, CVE-2024-37974, CVE-2024-37975, CVE-2024-38010, CVE-2024-37972, CVE-2024-37973, CVE-2024-37971, CVE-2024-37986, CVE-2024-38011, CVE-2024-37981, CVE-2024-37987, CVE-2024-37984, CVE-2024-37989, CVE-2024-37970, CVE-2024-37988, CVE-2024-37969, CVE-2024-38065, CVE-2024-26184, CVE-2024-28899, CVE-2024-38069, CVE-2024-38068, CVE-2024-38067, CVE-2024-38031 |
| Windows II | CVE-2024-3596, CVE-2024-35270, CVE-2024-38055, CVE-2024-38056, CVE-2024-38030, CVE-2024-38025, CVE-2024-38028, CVE-2024-38019, CVE-2024-38079, CVE-2024-38051, CVE-2024-38017, CVE-2024-38066, CVE-2024-21417, CVE-2024-38085, CVE-2024-38041, CVE-2024-30079, CVE-2024-30071, CVE-2024-38050, CVE-2024-38015, CVE-2024-38076, CVE-2024-30081, CVE-2024-38100, CVE-2024-38034, CVE-2024-38070, CVE-2024-38112, CVE-2024-38013, CVE-2024-38064, CVE-2024-38091, CVE-2024-38048, CVE-2024-38049, CVE-2024-38062, CVE-2024-38027, CVE-2024-30013, CVE-2024-38104 |
| .NET and Visual Studio | CVE-2024-30105, CVE-2024-38095, CVE-2024-35264, CVE-2024-38081 |
| Windows PowerShell | CVE-2024-38043, CVE-2024-38047, CVE-2024-38033 |
| Microsoft Office SharePoint | CVE-2024-38094, CVE-2024-32987, CVE-2024-38024, CVE-2024-38023 |
| Active Directory Domain Services | CVE-2024-38061, CVE-2024-38517, CVE-2024-39684 |
| Azure DevOps | CVE-2024-35266, CVE-2024-35267 |
| Windows DHCP Server | CVE-2024-38044 |
| Windows Hyper-V | CVE-2024-38080 |
| SQL Server | CVE-2024-37334, CVE-2024-21373, CVE-2024-21303, CVE-2024-21308, CVE-2024-38088, CVE-2024-20701, CVE-2024-21317, CVE-2024-21398, CVE-2024-28928, CVE-2024-38087, CVE-2024-21414, CVE-2024-21415, CVE-2024-35256, CVE-2024-21335, CVE-2024-21333, CVE-2024-37330, CVE-2024-21332, CVE-2024-21331, CVE-2024-37318, CVE-2024-37319, CVE-2024-35272, CVE-2024-35271, CVE-2024-21425, CVE-2024-21428, CVE-2024-37336, CVE-2024-37329, CVE-2024-21449, CVE-2024-37331, CVE-2024-37332, CVE-2024-37333, CVE-2024-37328, CVE-2024-37323, CVE-2024-37322, CVE-2024-37321, CVE-2024-37320, CVE-2024-37327, CVE-2024-37326, CVE-2024-37324 |
| Windows Remote Desktop Licensing Service | CVE-2024-38099, CVE-2024-38072, CVE-2024-38073, CVE-2024-38071, CVE-2024-38077, CVE-2024-38074 |
| Microsoft Dynamics | CVE-2024-30061 |
