Microsoft Monthly Security Update (July 2024)

[Updated on 2024-10-23]

Updated Description, Related Links.

CVE-2024-38094 is being exploited in the wild.  An authenticated attacker with Site Owner permissions can use the vulnerability to inject arbitrary code and execute this code in the context of SharePoint Server.

Microsoft has released monthly security update for their products:

Vulnerable Product	Risk Level	Impacts	Notes
Microsoft Dynamics	Medium Risk	Information Disclosure
Windows	High Risk	Elevation of Privilege Security Restriction Bypass Spoofing Denial of Service Information Disclosure Remote Code Execution	CVE-2024-38080 is being exploited in the wild. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.   CVE-2024-38112 is being exploited in the wild.  This vulnerability can be exploited to perform spoofing on Windows MSHTML platform.
Extended Security Updates (ESU)	Medium Risk	Security Restriction Bypass Spoofing Denial of Service Elevation of Privilege Remote Code Execution Information Disclosure
Developer Tools	Medium Risk	Remote Code Execution Denial of Service Elevation of Privilege
SQL Server	Medium Risk	Remote Code Execution
Microsoft Office	High Risk	Remote Code Execution Information Disclosure Spoofing	CVE-2024-38094 is being exploited in the wild.  An authenticated attacker with Site Owner permissions can use the vulnerability to inject arbitrary code and execute this code in the context of SharePoint Server.
Azure	Medium Risk	Remote Code Execution Elevation of Privilege Spoofing
System Center	Medium Risk	Elevation of Privilege

Number of 'Extremely High Risk' product(s): 0

Number of 'High Risk' product(s): 2

Number of 'Medium Risk' product(s): 6

Number of 'Low Risk' product(s): 0

Evaluation of overall 'Risk Level': High Risk