Microsoft July 2024 Security Updates

Security 10777 Published 2024-07-09 23:16 by Philipp Esselbach

News

Microsoft has announced the security updates for July 2024.

Security Update Guide - Microsoft Security Response Center

This release consists of the following 139 Microsoft CVEs:

Tag CVE Base Score Exploitability FAQs? Workarounds? Mitigations?
SQL Server CVE-2024-20701 8.8 Exploitation Less Likely Yes No No
SQL Server CVE-2024-21303 8.8 Exploitation Less Likely Yes No No
SQL Server CVE-2024-21308 8.8 Exploitation Less Likely Yes No No
SQL Server CVE-2024-21317 8.8 Exploitation Less Likely Yes No No
SQL Server CVE-2024-21331 8.8 Exploitation Less Likely Yes No No
SQL Server CVE-2024-21332 8.8 Exploitation Less Likely Yes No No
SQL Server CVE-2024-21333 8.8 Exploitation Less Likely Yes No No
SQL Server CVE-2024-21335 8.8 Exploitation Less Likely Yes No No
SQL Server CVE-2024-21373 8.8 Exploitation Less Likely Yes No No
SQL Server CVE-2024-21398 8.8 Exploitation Less Likely Yes No No
SQL Server CVE-2024-21414 8.8 Exploitation Less Likely Yes No No
SQL Server CVE-2024-21415 8.8 Exploitation Less Likely Yes No No
Windows CoreMessaging CVE-2024-21417 8.8 Exploitation Less Likely Yes No No
SQL Server CVE-2024-21425 8.8 Exploitation Less Likely Yes No No
SQL Server CVE-2024-21428 8.8 Exploitation Less Likely Yes No No
SQL Server CVE-2024-21449 8.8 Exploitation Less Likely Yes No No
Windows Secure Boot CVE-2024-26184 6.8 Exploitation Less Likely Yes No No
Windows Secure Boot CVE-2024-28899 8.8 Exploitation Less Likely Yes No No
SQL Server CVE-2024-28928 8.8 Exploitation Less Likely Yes No No
Windows MultiPoint Services CVE-2024-30013 8.8 Exploitation Less Likely Yes No No
Microsoft Dynamics CVE-2024-30061 7.3 Exploitation Less Likely Yes No No
Windows Remote Access Connection Manager CVE-2024-30071 4.7 Exploitation Less Likely Yes No No
Windows Remote Access Connection Manager CVE-2024-30079 7.8 Exploitation Less Likely Yes No No
Windows NTLM CVE-2024-30081 7.1 Exploitation Less Likely Yes No No
Windows Cryptographic Services CVE-2024-30098 7.5 Exploitation Less Likely Yes No No
.NET and Visual Studio CVE-2024-30105 7.5 Exploitation Less Likely No No No
Microsoft Office SharePoint CVE-2024-32987 7.5 Exploitation Less Likely Yes No No
SQL Server CVE-2024-35256 8.8 Exploitation Less Likely Yes No No
Azure Network Watcher CVE-2024-35261 7.8 Exploitation Less Likely Yes No No
.NET and Visual Studio CVE-2024-35264 8.1 Exploitation Less Likely Yes No No
Azure DevOps CVE-2024-35266 7.6 Exploitation Less Likely Yes No No
Azure DevOps CVE-2024-35267 7.6 Exploitation Less Likely Yes No No
Windows iSCSI CVE-2024-35270 5.3 Exploitation Less Likely Yes No No
SQL Server CVE-2024-35271 8.8 Exploitation Less Likely Yes No No
SQL Server CVE-2024-35272 8.8 Exploitation Less Likely Yes No No
SQL Server CVE-2024-37318 8.8 Exploitation Less Likely Yes No No
SQL Server CVE-2024-37319 8.8 Exploitation Less Likely Yes No No
SQL Server CVE-2024-37320 8.8 Exploitation Less Likely Yes No No
SQL Server CVE-2024-37321 8.8 Exploitation Less Likely Yes No No
SQL Server CVE-2024-37322 8.8 Exploitation Less Likely Yes No No
SQL Server CVE-2024-37323 8.8 Exploitation Less Likely Yes No No
SQL Server CVE-2024-37324 8.8 Exploitation Less Likely Yes No No
SQL Server CVE-2024-37326 8.8 Exploitation Less Likely Yes No No
SQL Server CVE-2024-37327 8.8 Exploitation Less Likely Yes No No
SQL Server CVE-2024-37328 8.8 Exploitation Less Likely Yes No No
SQL Server CVE-2024-37329 8.8 Exploitation Less Likely Yes No No
SQL Server CVE-2024-37330 8.8 Exploitation Less Likely Yes No No
SQL Server CVE-2024-37331 8.8 Exploitation Less Likely Yes No No
SQL Server CVE-2024-37332 8.8 Exploitation Less Likely Yes No No
SQL Server CVE-2024-37333 8.8 Exploitation Less Likely Yes No No
SQL Server CVE-2024-37334 8.8 Exploitation Less Likely Yes No No
SQL Server CVE-2024-37336 8.8 Exploitation Less Likely Yes No No
Windows Secure Boot CVE-2024-37969 8.0 Exploitation Less Likely Yes No No
Windows Secure Boot CVE-2024-37970 8.0 Exploitation Less Likely Yes No No
Windows Secure Boot CVE-2024-37971 8.0 Exploitation Less Likely Yes No No
Windows Secure Boot CVE-2024-37972 8.0 Exploitation Less Likely Yes No No
Windows Secure Boot CVE-2024-37973 8.4 Exploitation Less Likely Yes No No
Windows Secure Boot CVE-2024-37974 8.0 Exploitation Less Likely Yes No No
Windows Secure Boot CVE-2024-37975 8.0 Exploitation Less Likely Yes No No
Windows Secure Boot CVE-2024-37977 8.0 Exploitation Less Likely Yes No No
Windows Secure Boot CVE-2024-37978 8.0 Exploitation Less Likely Yes No No
Windows Secure Boot CVE-2024-37981 8.0 Exploitation Less Likely Yes No No
Windows Secure Boot CVE-2024-37984 8.4 Exploitation Less Likely Yes No No
Windows Secure Boot CVE-2024-37986 8.0 Exploitation Less Likely Yes No No
Windows Secure Boot CVE-2024-37987 8.0 Exploitation Less Likely Yes No No
Windows Secure Boot CVE-2024-37988 8.0 Exploitation Less Likely Yes No No
Windows Secure Boot CVE-2024-37989 8.0 Exploitation Less Likely Yes No No
Windows Secure Boot CVE-2024-38010 8.0 Exploitation Less Likely Yes No No
Windows Secure Boot CVE-2024-38011 8.0 Exploitation Less Likely Yes No No
Windows Server Backup CVE-2024-38013 6.7 Exploitation Less Likely Yes No No
Windows Remote Desktop CVE-2024-38015 7.5 Exploitation Less Likely No No No
Windows Message Queuing CVE-2024-38017 5.5 Exploitation Less Likely Yes No No
Windows Performance Monitor CVE-2024-38019 7.2 Exploitation Less Likely Yes No No
Microsoft Office Outlook CVE-2024-38020 6.5 Exploitation Less Likely Yes No No
Microsoft Office CVE-2024-38021 8.8 Exploitation More Likely Yes No No
Windows Image Acquisition CVE-2024-38022 7.0 Exploitation Less Likely Yes No No
Microsoft Office SharePoint CVE-2024-38023 7.2 Exploitation More Likely Yes No No
Microsoft Office SharePoint CVE-2024-38024 7.2 Exploitation More Likely Yes No No
Windows Performance Monitor CVE-2024-38025 7.2 Exploitation Less Likely Yes No No
Line Printer Daemon Service (LPD) CVE-2024-38027 6.5 Exploitation Less Likely Yes No No
Windows Performance Monitor CVE-2024-38028 7.2 Exploitation Less Likely Yes No No
Windows Themes CVE-2024-38030 6.5 Exploitation Less Likely Yes No Yes
Windows Online Certificate Status Protocol (OCSP) CVE-2024-38031 7.5 Exploitation Less Likely No No No
XBox Crypto Graphic Services CVE-2024-38032 7.1 Exploitation Less Likely Yes No No
Windows PowerShell CVE-2024-38033 7.3 Exploitation Less Likely Yes No No
Windows Filtering CVE-2024-38034 7.8 Exploitation Less Likely Yes No No
Windows Kernel CVE-2024-38041 5.5 Exploitation Less Likely Yes No No
Windows PowerShell CVE-2024-38043 7.8 Exploitation Less Likely Yes No No
Windows DHCP Server CVE-2024-38044 7.2 Exploitation Less Likely Yes No No
Windows PowerShell CVE-2024-38047 7.8 Exploitation Less Likely Yes No No
NDIS CVE-2024-38048 6.5 Exploitation Less Likely Yes No No
Windows Distributed Transaction Coordinator CVE-2024-38049 6.6 Exploitation Less Likely Yes No No
Windows Workstation Service CVE-2024-38050 7.8 Exploitation Less Likely Yes No No
Microsoft Graphics Component CVE-2024-38051 7.8 Exploitation Less Likely Yes No No
Microsoft Streaming Service CVE-2024-38052 7.8 Exploitation More Likely Yes No No
Windows Internet Connection Sharing (ICS) CVE-2024-38053 8.8 Exploitation Less Likely Yes No No
Microsoft Streaming Service CVE-2024-38054 7.8 Exploitation More Likely Yes No No
Microsoft Windows Codecs Library CVE-2024-38055 5.5 Exploitation Less Likely Yes No No
Microsoft Windows Codecs Library CVE-2024-38056 5.5 Exploitation Less Likely Yes No No
Microsoft Streaming Service CVE-2024-38057 7.8 Exploitation Less Likely Yes No No
Windows BitLocker CVE-2024-38058 6.8 Exploitation Less Likely Yes No No
Windows Win32K - ICOMP CVE-2024-38059 7.8 Exploitation More Likely Yes No No
Microsoft Windows Codecs Library CVE-2024-38060 8.8 Exploitation More Likely Yes No No
Role: Active Directory Certificate Services; Active Directory Domain Services CVE-2024-38061 7.5 Exploitation Less Likely Yes No Yes
Windows Kernel-Mode Drivers CVE-2024-38062 7.8 Exploitation Less Likely Yes No No
Windows TCP/IP CVE-2024-38064 7.5 Exploitation Less Likely Yes No No
Windows Secure Boot CVE-2024-38065 6.8 Exploitation Less Likely Yes No No
Windows Win32K - GRFX CVE-2024-38066 7.8 Exploitation More Likely Yes No No
Windows Online Certificate Status Protocol (OCSP) CVE-2024-38067 7.5 Exploitation Less Likely No No No
Windows Online Certificate Status Protocol (OCSP) CVE-2024-38068 7.5 Exploitation Less Likely No No No
Windows Enroll Engine CVE-2024-38069 7.0 Exploitation Less Likely Yes No No
Windows LockDown Policy (WLDP) CVE-2024-38070 7.8 Exploitation Less Likely Yes No No
Windows Remote Desktop Licensing Service CVE-2024-38071 7.5 Exploitation Less Likely Yes No No
Windows Remote Desktop Licensing Service CVE-2024-38072 7.5 Exploitation Less Likely Yes No No
Windows Remote Desktop Licensing Service CVE-2024-38073 7.5 Exploitation Less Likely Yes No No
Windows Remote Desktop Licensing Service CVE-2024-38074 9.8 Exploitation Less Likely Yes No Yes
Active Directory Federation Services CVE-2024-38075 7.4 Exploitation Less Likely No No No
Windows Remote Desktop CVE-2024-38076 9.8 Exploitation Less Likely Yes No Yes
Windows Remote Desktop Licensing Service CVE-2024-38077 9.8 Exploitation Less Likely Yes No Yes
XBox Crypto Graphic Services CVE-2024-38078 7.5 Exploitation Less Likely Yes No No
Microsoft Graphics Component CVE-2024-38079 7.8 Exploitation More Likely Yes No No
Role: Windows Hyper-V CVE-2024-38080 7.8 Exploitation More Likely Yes No No
.NET and Visual Studio CVE-2024-38081 7.3 Exploitation Less Likely Yes No No
Windows Win32 Kernel Subsystem CVE-2024-38085 7.8 Exploitation More Likely Yes No No
Azure Kinect SDK CVE-2024-38086 6.4 Exploitation Less Likely Yes No No
SQL Server CVE-2024-38087 8.8 Exploitation Less Likely Yes No No
SQL Server CVE-2024-38088 8.8 Exploitation Less Likely Yes No No
Microsoft Defender for IoT CVE-2024-38089 9.1 Exploitation Less Likely Yes No No
Microsoft WS-Discovery CVE-2024-38091 7.5 Exploitation Less Likely No No No
Azure CycleCloud CVE-2024-38092 8.8 Exploitation Less Likely Yes No No
Microsoft Office SharePoint CVE-2024-38094 7.2 Exploitation More Likely Yes No No
.NET and Visual Studio CVE-2024-38095 7.5 Exploitation Less Likely No No No
Windows Remote Desktop Licensing Service CVE-2024-38099 5.9 Exploitation More Likely Yes No No
Windows COM Session CVE-2024-38100 7.8 Exploitation More Likely Yes No No
Windows Internet Connection Sharing (ICS) CVE-2024-38101 6.5 Exploitation Less Likely Yes No No
Windows Internet Connection Sharing (ICS) CVE-2024-38102 6.5 Exploitation Less Likely Yes No No
Windows Fax and Scan Service CVE-2024-38104 8.8 Exploitation Less Likely Yes No No
Windows Internet Connection Sharing (ICS) CVE-2024-38105 6.5 Exploitation Less Likely Yes No No
Windows MSHTML Platform CVE-2024-38112 7.5 Exploitation Detected Yes No No

We are republishing 4 non-Microsoft CVEs:

CNA Tag CVE FAQs? Workarounds? Mitigations?
CERT/CC NPS RADIUS Server CVE-2024-3596 Yes No No
Intel Intel CVE-2024-37985 Yes No No
GitHub Active Directory Rights Management Services CVE-2024-38517 Yes No No
Github Active Directory Rights Management Services CVE-2024-39684 Yes No No

Security Update Guide Blog Posts

Date Blog Post
June 27, 2024 Toward greater transparency: Unveiling Cloud Service CVEs
April 9, 2024 Toward greater transparency: Security Update Guide now shares CWEs for CVEs
January 6, 2023 Publishing CBL-Mariner CVEs on the Security Update Guide CVRF API
January 11, 2022 Coming Soon: New Security Update Guide Notification System
February 9, 2021 Continuing to Listen: Good News about the Security Update Guide API
January 13, 2021 Security Update Guide Supports CVEs Assigned by Industry Partners
December 8, 2020 Security Update Guide: Let’s keep the conversation going
November 9, 2020 Vulnerability Descriptions in the New Version of the Security Update Guide

Relevant Resources

The new Hotpatching feature is now generally available. Please see Hotpatching feature for Windows Server Azure Edition virtual machines (VMs) for more information.

Windows 10 and Windows 11 updates are cumulative. The monthly security release includes all security fixes for vulnerabilities that affect Windows 10 and Windows 11, in addition to non-security updates. The updates are available via the Microsoft Update Catalog. For information on lifecycle and support dates for Windows 10 and Windows 11 operating systems, please see Windows Lifecycle Facts Sheet.

Microsoft is improving Windows Release Notes. For more information, please see What's next for Windows release notes.

A list of the latest servicing stack updates for each operating system can be found in ADV990001. This list will be updated whenever a new servicing stack update is released. It is important to install the latest servicing stack update.

In addition to security changes for the vulnerabilities, updates include defense-in-depth updates to help improve security-related features.

Customers running Windows Server 2008 R2, or Windows Server 2008 need to purchase the Extended Security Update to continue receiving security updates. See 4522133 for more information.

Known Issues

You can see these in more detail from the Deployments tab by selecting Known Issues column in the Edit Columns panel.

For more information about Windows Known Issues, please see Windows message center (links to currently-supported versions of Windows are in the left pane).

KB Article Applies To
5040427 Windows 10, version 21H2, Windows 10, version 22H2
5040430 Windows 10, version 1809, Windows Server 2019
5040431 Windows 11, version 21H2
5040437 Windows Server 2022
5040442 Windows 11, version 22H2, Windows 11, version 23H2
5040490 Windows Server 2008 (Security-only update)
5040499 Windows Server 2008 (Monthly Rollup)

Security Update Guide - Microsoft Security Response Center

Tag	CVE	Base Score	Exploitability	FAQs?	Workarounds?	Mitigations?
SQL Server	CVE-2024-20701	8.8	Exploitation Less Likely	Yes	No	No
SQL Server	CVE-2024-21303	8.8	Exploitation Less Likely	Yes	No	No
SQL Server	CVE-2024-21308	8.8	Exploitation Less Likely	Yes	No	No
SQL Server	CVE-2024-21317	8.8	Exploitation Less Likely	Yes	No	No
SQL Server	CVE-2024-21331	8.8	Exploitation Less Likely	Yes	No	No
SQL Server	CVE-2024-21332	8.8	Exploitation Less Likely	Yes	No	No
SQL Server	CVE-2024-21333	8.8	Exploitation Less Likely	Yes	No	No
SQL Server	CVE-2024-21335	8.8	Exploitation Less Likely	Yes	No	No
SQL Server	CVE-2024-21373	8.8	Exploitation Less Likely	Yes	No	No
SQL Server	CVE-2024-21398	8.8	Exploitation Less Likely	Yes	No	No
SQL Server	CVE-2024-21414	8.8	Exploitation Less Likely	Yes	No	No
SQL Server	CVE-2024-21415	8.8	Exploitation Less Likely	Yes	No	No
Windows CoreMessaging	CVE-2024-21417	8.8	Exploitation Less Likely	Yes	No	No
SQL Server	CVE-2024-21425	8.8	Exploitation Less Likely	Yes	No	No
SQL Server	CVE-2024-21428	8.8	Exploitation Less Likely	Yes	No	No
SQL Server	CVE-2024-21449	8.8	Exploitation Less Likely	Yes	No	No
Windows Secure Boot	CVE-2024-26184	6.8	Exploitation Less Likely	Yes	No	No
Windows Secure Boot	CVE-2024-28899	8.8	Exploitation Less Likely	Yes	No	No
SQL Server	CVE-2024-28928	8.8	Exploitation Less Likely	Yes	No	No
Windows MultiPoint Services	CVE-2024-30013	8.8	Exploitation Less Likely	Yes	No	No
Microsoft Dynamics	CVE-2024-30061	7.3	Exploitation Less Likely	Yes	No	No
Windows Remote Access Connection Manager	CVE-2024-30071	4.7	Exploitation Less Likely	Yes	No	No
Windows Remote Access Connection Manager	CVE-2024-30079	7.8	Exploitation Less Likely	Yes	No	No
Windows NTLM	CVE-2024-30081	7.1	Exploitation Less Likely	Yes	No	No
Windows Cryptographic Services	CVE-2024-30098	7.5	Exploitation Less Likely	Yes	No	No
.NET and Visual Studio	CVE-2024-30105	7.5	Exploitation Less Likely	No	No	No
Microsoft Office SharePoint	CVE-2024-32987	7.5	Exploitation Less Likely	Yes	No	No
SQL Server	CVE-2024-35256	8.8	Exploitation Less Likely	Yes	No	No
Azure Network Watcher	CVE-2024-35261	7.8	Exploitation Less Likely	Yes	No	No
.NET and Visual Studio	CVE-2024-35264	8.1	Exploitation Less Likely	Yes	No	No
Azure DevOps	CVE-2024-35266	7.6	Exploitation Less Likely	Yes	No	No
Azure DevOps	CVE-2024-35267	7.6	Exploitation Less Likely	Yes	No	No
Windows iSCSI	CVE-2024-35270	5.3	Exploitation Less Likely	Yes	No	No
SQL Server	CVE-2024-35271	8.8	Exploitation Less Likely	Yes	No	No
SQL Server	CVE-2024-35272	8.8	Exploitation Less Likely	Yes	No	No
SQL Server	CVE-2024-37318	8.8	Exploitation Less Likely	Yes	No	No
SQL Server	CVE-2024-37319	8.8	Exploitation Less Likely	Yes	No	No
SQL Server	CVE-2024-37320	8.8	Exploitation Less Likely	Yes	No	No
SQL Server	CVE-2024-37321	8.8	Exploitation Less Likely	Yes	No	No
SQL Server	CVE-2024-37322	8.8	Exploitation Less Likely	Yes	No	No
SQL Server	CVE-2024-37323	8.8	Exploitation Less Likely	Yes	No	No
SQL Server	CVE-2024-37324	8.8	Exploitation Less Likely	Yes	No	No
SQL Server	CVE-2024-37326	8.8	Exploitation Less Likely	Yes	No	No
SQL Server	CVE-2024-37327	8.8	Exploitation Less Likely	Yes	No	No
SQL Server	CVE-2024-37328	8.8	Exploitation Less Likely	Yes	No	No
SQL Server	CVE-2024-37329	8.8	Exploitation Less Likely	Yes	No	No
SQL Server	CVE-2024-37330	8.8	Exploitation Less Likely	Yes	No	No
SQL Server	CVE-2024-37331	8.8	Exploitation Less Likely	Yes	No	No
SQL Server	CVE-2024-37332	8.8	Exploitation Less Likely	Yes	No	No
SQL Server	CVE-2024-37333	8.8	Exploitation Less Likely	Yes	No	No
SQL Server	CVE-2024-37334	8.8	Exploitation Less Likely	Yes	No	No
SQL Server	CVE-2024-37336	8.8	Exploitation Less Likely	Yes	No	No
Windows Secure Boot	CVE-2024-37969	8.0	Exploitation Less Likely	Yes	No	No
Windows Secure Boot	CVE-2024-37970	8.0	Exploitation Less Likely	Yes	No	No
Windows Secure Boot	CVE-2024-37971	8.0	Exploitation Less Likely	Yes	No	No
Windows Secure Boot	CVE-2024-37972	8.0	Exploitation Less Likely	Yes	No	No
Windows Secure Boot	CVE-2024-37973	8.4	Exploitation Less Likely	Yes	No	No
Windows Secure Boot	CVE-2024-37974	8.0	Exploitation Less Likely	Yes	No	No
Windows Secure Boot	CVE-2024-37975	8.0	Exploitation Less Likely	Yes	No	No
Windows Secure Boot	CVE-2024-37977	8.0	Exploitation Less Likely	Yes	No	No
Windows Secure Boot	CVE-2024-37978	8.0	Exploitation Less Likely	Yes	No	No
Windows Secure Boot	CVE-2024-37981	8.0	Exploitation Less Likely	Yes	No	No
Windows Secure Boot	CVE-2024-37984	8.4	Exploitation Less Likely	Yes	No	No
Windows Secure Boot	CVE-2024-37986	8.0	Exploitation Less Likely	Yes	No	No
Windows Secure Boot	CVE-2024-37987	8.0	Exploitation Less Likely	Yes	No	No
Windows Secure Boot	CVE-2024-37988	8.0	Exploitation Less Likely	Yes	No	No
Windows Secure Boot	CVE-2024-37989	8.0	Exploitation Less Likely	Yes	No	No
Windows Secure Boot	CVE-2024-38010	8.0	Exploitation Less Likely	Yes	No	No
Windows Secure Boot	CVE-2024-38011	8.0	Exploitation Less Likely	Yes	No	No
Windows Server Backup	CVE-2024-38013	6.7	Exploitation Less Likely	Yes	No	No
Windows Remote Desktop	CVE-2024-38015	7.5	Exploitation Less Likely	No	No	No
Windows Message Queuing	CVE-2024-38017	5.5	Exploitation Less Likely	Yes	No	No
Windows Performance Monitor	CVE-2024-38019	7.2	Exploitation Less Likely	Yes	No	No
Microsoft Office Outlook	CVE-2024-38020	6.5	Exploitation Less Likely	Yes	No	No
Microsoft Office	CVE-2024-38021	8.8	Exploitation More Likely	Yes	No	No
Windows Image Acquisition	CVE-2024-38022	7.0	Exploitation Less Likely	Yes	No	No
Microsoft Office SharePoint	CVE-2024-38023	7.2	Exploitation More Likely	Yes	No	No
Microsoft Office SharePoint	CVE-2024-38024	7.2	Exploitation More Likely	Yes	No	No
Windows Performance Monitor	CVE-2024-38025	7.2	Exploitation Less Likely	Yes	No	No
Line Printer Daemon Service (LPD)	CVE-2024-38027	6.5	Exploitation Less Likely	Yes	No	No
Windows Performance Monitor	CVE-2024-38028	7.2	Exploitation Less Likely	Yes	No	No
Windows Themes	CVE-2024-38030	6.5	Exploitation Less Likely	Yes	No	Yes
Windows Online Certificate Status Protocol (OCSP)	CVE-2024-38031	7.5	Exploitation Less Likely	No	No	No
XBox Crypto Graphic Services	CVE-2024-38032	7.1	Exploitation Less Likely	Yes	No	No
Windows PowerShell	CVE-2024-38033	7.3	Exploitation Less Likely	Yes	No	No
Windows Filtering	CVE-2024-38034	7.8	Exploitation Less Likely	Yes	No	No
Windows Kernel	CVE-2024-38041	5.5	Exploitation Less Likely	Yes	No	No
Windows PowerShell	CVE-2024-38043	7.8	Exploitation Less Likely	Yes	No	No
Windows DHCP Server	CVE-2024-38044	7.2	Exploitation Less Likely	Yes	No	No
Windows PowerShell	CVE-2024-38047	7.8	Exploitation Less Likely	Yes	No	No
NDIS	CVE-2024-38048	6.5	Exploitation Less Likely	Yes	No	No
Windows Distributed Transaction Coordinator	CVE-2024-38049	6.6	Exploitation Less Likely	Yes	No	No
Windows Workstation Service	CVE-2024-38050	7.8	Exploitation Less Likely	Yes	No	No
Microsoft Graphics Component	CVE-2024-38051	7.8	Exploitation Less Likely	Yes	No	No
Microsoft Streaming Service	CVE-2024-38052	7.8	Exploitation More Likely	Yes	No	No
Windows Internet Connection Sharing (ICS)	CVE-2024-38053	8.8	Exploitation Less Likely	Yes	No	No
Microsoft Streaming Service	CVE-2024-38054	7.8	Exploitation More Likely	Yes	No	No
Microsoft Windows Codecs Library	CVE-2024-38055	5.5	Exploitation Less Likely	Yes	No	No
Microsoft Windows Codecs Library	CVE-2024-38056	5.5	Exploitation Less Likely	Yes	No	No
Microsoft Streaming Service	CVE-2024-38057	7.8	Exploitation Less Likely	Yes	No	No
Windows BitLocker	CVE-2024-38058	6.8	Exploitation Less Likely	Yes	No	No
Windows Win32K - ICOMP	CVE-2024-38059	7.8	Exploitation More Likely	Yes	No	No
Microsoft Windows Codecs Library	CVE-2024-38060	8.8	Exploitation More Likely	Yes	No	No
Role: Active Directory Certificate Services; Active Directory Domain Services	CVE-2024-38061	7.5	Exploitation Less Likely	Yes	No	Yes
Windows Kernel-Mode Drivers	CVE-2024-38062	7.8	Exploitation Less Likely	Yes	No	No
Windows TCP/IP	CVE-2024-38064	7.5	Exploitation Less Likely	Yes	No	No
Windows Secure Boot	CVE-2024-38065	6.8	Exploitation Less Likely	Yes	No	No
Windows Win32K - GRFX	CVE-2024-38066	7.8	Exploitation More Likely	Yes	No	No
Windows Online Certificate Status Protocol (OCSP)	CVE-2024-38067	7.5	Exploitation Less Likely	No	No	No
Windows Online Certificate Status Protocol (OCSP)	CVE-2024-38068	7.5	Exploitation Less Likely	No	No	No
Windows Enroll Engine	CVE-2024-38069	7.0	Exploitation Less Likely	Yes	No	No
Windows LockDown Policy (WLDP)	CVE-2024-38070	7.8	Exploitation Less Likely	Yes	No	No
Windows Remote Desktop Licensing Service	CVE-2024-38071	7.5	Exploitation Less Likely	Yes	No	No
Windows Remote Desktop Licensing Service	CVE-2024-38072	7.5	Exploitation Less Likely	Yes	No	No
Windows Remote Desktop Licensing Service	CVE-2024-38073	7.5	Exploitation Less Likely	Yes	No	No
Windows Remote Desktop Licensing Service	CVE-2024-38074	9.8	Exploitation Less Likely	Yes	No	Yes
Active Directory Federation Services	CVE-2024-38075	7.4	Exploitation Less Likely	No	No	No
Windows Remote Desktop	CVE-2024-38076	9.8	Exploitation Less Likely	Yes	No	Yes
Windows Remote Desktop Licensing Service	CVE-2024-38077	9.8	Exploitation Less Likely	Yes	No	Yes
XBox Crypto Graphic Services	CVE-2024-38078	7.5	Exploitation Less Likely	Yes	No	No
Microsoft Graphics Component	CVE-2024-38079	7.8	Exploitation More Likely	Yes	No	No
Role: Windows Hyper-V	CVE-2024-38080	7.8	Exploitation More Likely	Yes	No	No
.NET and Visual Studio	CVE-2024-38081	7.3	Exploitation Less Likely	Yes	No	No
Windows Win32 Kernel Subsystem	CVE-2024-38085	7.8	Exploitation More Likely	Yes	No	No
Azure Kinect SDK	CVE-2024-38086	6.4	Exploitation Less Likely	Yes	No	No
SQL Server	CVE-2024-38087	8.8	Exploitation Less Likely	Yes	No	No
SQL Server	CVE-2024-38088	8.8	Exploitation Less Likely	Yes	No	No
Microsoft Defender for IoT	CVE-2024-38089	9.1	Exploitation Less Likely	Yes	No	No
Microsoft WS-Discovery	CVE-2024-38091	7.5	Exploitation Less Likely	No	No	No
Azure CycleCloud	CVE-2024-38092	8.8	Exploitation Less Likely	Yes	No	No
Microsoft Office SharePoint	CVE-2024-38094	7.2	Exploitation More Likely	Yes	No	No
.NET and Visual Studio	CVE-2024-38095	7.5	Exploitation Less Likely	No	No	No
Windows Remote Desktop Licensing Service	CVE-2024-38099	5.9	Exploitation More Likely	Yes	No	No
Windows COM Session	CVE-2024-38100	7.8	Exploitation More Likely	Yes	No	No
Windows Internet Connection Sharing (ICS)	CVE-2024-38101	6.5	Exploitation Less Likely	Yes	No	No
Windows Internet Connection Sharing (ICS)	CVE-2024-38102	6.5	Exploitation Less Likely	Yes	No	No
Windows Fax and Scan Service	CVE-2024-38104	8.8	Exploitation Less Likely	Yes	No	No
Windows Internet Connection Sharing (ICS)	CVE-2024-38105	6.5	Exploitation Less Likely	Yes	No	No
Windows MSHTML Platform	CVE-2024-38112	7.5	Exploitation Detected	Yes	No	No

CNA	Tag	CVE	FAQs?	Workarounds?	Mitigations?
CERT/CC	NPS RADIUS Server	CVE-2024-3596	Yes	No	No
Intel	Intel	CVE-2024-37985	Yes	No	No
GitHub	Active Directory Rights Management Services	CVE-2024-38517	Yes	No	No
Github	Active Directory Rights Management Services	CVE-2024-39684	Yes	No	No

Date	Blog Post
June 27, 2024	Toward greater transparency: Unveiling Cloud Service CVEs
April 9, 2024	Toward greater transparency: Security Update Guide now shares CWEs for CVEs
January 6, 2023	Publishing CBL-Mariner CVEs on the Security Update Guide CVRF API
January 11, 2022	Coming Soon: New Security Update Guide Notification System
February 9, 2021	Continuing to Listen: Good News about the Security Update Guide API
January 13, 2021	Security Update Guide Supports CVEs Assigned by Industry Partners
December 8, 2020	Security Update Guide: Let’s keep the conversation going
November 9, 2020	Vulnerability Descriptions in the New Version of the Security Update Guide

KB Article	Applies To
5040427	Windows 10, version 21H2, Windows 10, version 22H2
5040430	Windows 10, version 1809, Windows Server 2019
5040431	Windows 11, version 21H2
5040437	Windows Server 2022
5040442	Windows 11, version 22H2, Windows 11, version 23H2
5040490	Windows Server 2008 (Security-only update)
5040499	Windows Server 2008 (Monthly Rollup)

Bottles 51.12 released

watchOS 10.6 Beta 3 released

Microsoft July 2024 Security Updates

Security Update Guide - Microsoft Security Response Center

This release consists of the following 139 Microsoft CVEs:

We are republishing 4 non-Microsoft CVEs:

Security Update Guide Blog Posts

Relevant Resources

Known Issues

Windows

Linux

macOS

Community