On July 9, 2024, Microsoft published their July 2024 security update, consisting of 139 newly disclosed vulnerabilities. Among these vulnerabilities, Arctic Wolf has highlighted seven in this security bulletin, which includes critical and actively exploited vulnerabilities. Two of these vulnerabilities have been reported to have been exploited in the wild.
Impacted Product #1: Windows
Vulnerabilities Impacting Windows:
| CVE-2024-38074, CVE-2024-38077, CVE-2024-38076 | CVSS: 9.8 – Critical
MS Severity: Critical |
No Exploitation Detected | |
| Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability – A remote threat actor can exploit these vulnerabilities by sending a specially crafted packet to a server set up as a Remote Desktop Licensing server, which leads to Remote Code Execution (RCE). | |||
| CVE-2024-38060 | CVSS: 8.8 – High
MS Severity: Critical |
No Exploitation Detected | |
| Windows Imaging Component Remote Code Execution Vulnerability – An authenticated threat actor can exploit this vulnerability by uploading a malicious (Tagged Image File Format) TIFF file to a server. | |||
| CVE-2024-38112 | CVSS: 7.5 – High
MS Severity: Important |
Exploitation Detected | |
| Windows MSHTML Platform Spoofing Vulnerability – A remote threat actor can exploit this vulnerability by sending a victim a malicious file that the victim would have to execute. | |||
| CVE-2024-38080 | CVSS: 7.8 – High
MS Severity: Important |
Exploitation Detected | |
| Windows Hyper-V Elevation of Privilege Vulnerability – A local threat actor can exploit this vulnerability to gain SYSTEM privileges. | |||
Impacted Product #2: Microsoft Office
Vulnerabilities Impacting Microsoft Office:
| CVE-2024-38021 | CVSS: 8.8 – High
MS Severity: Important |
No Exploitation Detected |
Microsoft Office Remote Code Execution Vulnerability – A remote threat actor could create a malicious link that bypasses the Protected View Protocol, leading to the exposure of local NTLM credential information and allowing RCE. This vulnerability is zero-click for trusted senders, and requires one click user interaction for untrusted senders.
|
||
Recommendation
Upgrade to latest versions
Arctic Wolf strongly recommends applying the available security updates to all impacted products to prevent potential exploitation.
Note: Please follow your organizations patching and testing guidelines to avoid operational impact.
| Product | Vulnerability | Article | Download |
| Windows Server 2022, 23H2 Edition | CVE-2024-38074, CVE-2024-38076, CVE-2024-38077, CVE-2024-38112, CVE-2024-38080, CVE-2024-38060 | 5040438 | Security Update |
| Windows Server 2022 | CVE-2024-38074, CVE-2024-38076, CVE-2024-38077, CVE-2024-38112, CVE-2024-38080, CVE-2024-38060 | 5040437 | Security Update |
| Windows Server 2019 | CVE-2024-38074, CVE-2024-38076, CVE-2024-38077, CVE-2024-38112, CVE-2024-38060 | 5040430 | Security Update |
| Windows Server 2016 | CVE-2024-38074, CVE-2024-38076, CVE-2024-38077, CVE-2024-38112, CVE-2024-38060 | 5040434 | Security Update |
| Windows Server 2012 R2 | CVE-2024-38074, CVE-2024-38077, CVE-2024-38112, CVE-2024-38060 | 5040456, 5040426 | Monthly Rollup |
| Windows Server 2012 | CVE-2024-38074, CVE-2024-38077, CVE-2024-38060 | 5040485 | Monthly Rollup |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | CVE-2024-38074, CVE-2024-38077, CVE-2024-38060 | 5040497, 5040498 | Monthly Rollup, Security Only |
| Windows Server 2008 for x64-based Systems Service Pack 2 | CVE-2024-38077, CVE-2024-38112 | 5040499, 5040490, 5040426 | Monthly Rollup, Security Only, IE Cumulative |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | CVE-2024-38077, CVE-2024-38112 | 5040499, 5040490, 5040426 | Monthly Rollup, Security Only, IE Cumulative |
| Windows 11 Version 23H2 for x64-based Systems | CVE-2024-38112, CVE-2024-38080, CVE-2024-38060 | 5040442 | Security Update |
| Windows 11 Version 23H2 for ARM64-based Systems | CVE-2024-38112, CVE-2024-38080, CVE-2024-38060 | 5040442 | Security Update |
| Windows 11 Version 22H2 for x64-based Systems | CVE-2024-38112, CVE-2024-38080, CVE-2024-38060 | 5040442 | Security Update |
| Windows 11 Version 22H2 for ARM64-based Systems | CVE-2024-38112, CVE-2024-38080, CVE-2024-38060 | 5040442 | Security Update |
| Windows 11 version 21H2 for x64-based Systems | CVE-2024-38112, CVE-2024-38080, CVE-2024-38060 | 5040431 | Security Update |
| Windows 11 version 21H2 for ARM64-based Systems | CVE-2024-38112, CVE-2024-38080, CVE-2024-38060 | 5040431 | Security Update |
| Windows 10 Version 22H2 for x64-based Systems | CVE-2024-38112, CVE-2024-38060 | 5040427 | Security Update |
| Windows 10 Version 22H2 for ARM64-based Systems | CVE-2024-38112, CVE-2024-38060 | 5040427 | Security Update |
| Windows 10 Version 22H2 for 32-bit Systems | CVE-2024-38112, CVE-2024-38060 | 5040427 | Security Update |
| Windows 10 Version 21H2 for x64-based Systems | CVE-2024-38112, CVE-2024-38060 | 5040427 | Security Update |
| Windows 10 Version 21H2 for ARM64-based Systems | CVE-2024-38112, CVE-2024-38060 | 5040427 | Security Update |
| Windows 10 Version 21H2 for 32-bit Systems | CVE-2024-38112, CVE-2024-38060 | 5040427 | Security Update |
| Windows 10 Version 1809 for x64-based Systems | CVE-2024-38112, CVE-2024-38060 | 5040430 | Security Update |
| Windows 10 Version 1809 for ARM64-based Systems | CVE-2024-38112, CVE-2024-38060 | 5040430 | Security Update |
| Windows 10 Version 1809 for 32-bit Systems | CVE-2024-38112, CVE-2024-38060 | 5040430 | Security Update |
| Windows 10 Version 1607 for x64-based Systems | CVE-2024-38112, CVE-2024-38060 | 5040434 | Security Update |
| Windows 10 Version 1607 for 32-bit Systems | CVE-2024-38112, CVE-2024-38060 | 5040434 | Security Update |
| Windows 10 for x64-based Systems | CVE-2024-38112, CVE-2024-38060 | 5040448 | Security Update |
| Windows 10 for 32-bit Systems | CVE-2024-38112, CVE-2024-38060 | 5040448 | Security Update |
| Microsoft Office LTSC 2021 for 64-bit editions | CVE-2024-38021 | Click to Run | See Run link to the left |
| Microsoft Office LTSC 2021 for 32-bit editions | CVE-2024-38021 | Click to Run | See Run link to the left |
| Microsoft Office 2019 for 64-bit editions | CVE-2024-38021 | Click to Run | See Run link to the left |
| Microsoft Office 2019 for 32-bit editions | CVE-2024-38021 | Click to Run | See Run link to the left |
| Microsoft Office 2016 (64-bit edition) | CVE-2024-38021 | 5002620 | Security Update |
| Microsoft Office 2016 (32-bit edition) | CVE-2024-38021 | 5002620 | Security Update |
| Microsoft 365 Apps for Enterprise for 64-bit Systems | CVE-2024-38021 | Click to Run | See Run link to the left |
| Microsoft 365 Apps for Enterprise for 32-bit Systems | CVE-2024-38021 | Click to Run | See Run link to the left |
Workarounds
Mitigating CVE-2024-38076, CVE-2024-38074, and CVE-2024-38077: Disable Remote Desktop Licensing Service
If unable to patch, to mitigate CVE-2024-38076, CVE-2024-38074, and CVE-2024-38077, Microsoft recommends disabling the Remote Desktop Licensing Service if it is not being used. Disabling unused and unneeded services in general will reduce the attack surface of your environment.
