Microsoft Fixes Four Zero-Days in July Patch Tuesday

10-July-24

Microsoft patched five critical RCE vulnerabilities in this July’s Patch Tuesday.


First, a SharePoint vulnerability CVE-2024-38023 has been identified. “[It] could allow an authenticated attacker with site owner permissions or higher to upload a specially crafted file to a SharePoint Server, then craft malicious API requests to trigger deserialisation of the file’s parameters, thus enabling them to achieve remote code execution in the context of the SharePoint server,” explained Rapid7 product manager, Greg Wiseman.


Next, CVE-2024-38060 is a bug in the Windows Imaging Component related to TIFF (Tagged Image File Format) image processing, which could enable execution of arbitrary code on a targeted system.


The final three RCE vulnerabilities – CVE-2024-38074, CVE-2024-38076 and CVE-2024-38077 – relate to the Windows Remote Desktop Licensing Service, and have CVSS base score of 9.8.

Read More…