Security 10775 Published by

Microsoft has announced the security updates for July 2024.





Security Update Guide - Microsoft Security Response Center

This release consists of the following 139 Microsoft CVEs:

TagCVEBase ScoreExploitabilityFAQs?Workarounds?Mitigations?
SQL Server CVE-2024-207018.8Exploitation Less LikelyYesNoNo
SQL Server CVE-2024-213038.8Exploitation Less LikelyYesNoNo
SQL Server CVE-2024-213088.8Exploitation Less LikelyYesNoNo
SQL Server CVE-2024-213178.8Exploitation Less LikelyYesNoNo
SQL Server CVE-2024-213318.8Exploitation Less LikelyYesNoNo
SQL Server CVE-2024-213328.8Exploitation Less LikelyYesNoNo
SQL Server CVE-2024-213338.8Exploitation Less LikelyYesNoNo
SQL Server CVE-2024-213358.8Exploitation Less LikelyYesNoNo
SQL Server CVE-2024-213738.8Exploitation Less LikelyYesNoNo
SQL Server CVE-2024-213988.8Exploitation Less LikelyYesNoNo
SQL Server CVE-2024-214148.8Exploitation Less LikelyYesNoNo
SQL Server CVE-2024-214158.8Exploitation Less LikelyYesNoNo
Windows CoreMessaging CVE-2024-214178.8Exploitation Less LikelyYesNoNo
SQL Server CVE-2024-214258.8Exploitation Less LikelyYesNoNo
SQL Server CVE-2024-214288.8Exploitation Less LikelyYesNoNo
SQL Server CVE-2024-214498.8Exploitation Less LikelyYesNoNo
Windows Secure Boot CVE-2024-261846.8Exploitation Less LikelyYesNoNo
Windows Secure Boot CVE-2024-288998.8Exploitation Less LikelyYesNoNo
SQL Server CVE-2024-289288.8Exploitation Less LikelyYesNoNo
Windows MultiPoint Services CVE-2024-300138.8Exploitation Less LikelyYesNoNo
Microsoft Dynamics CVE-2024-300617.3Exploitation Less LikelyYesNoNo
Windows Remote Access Connection Manager CVE-2024-300714.7Exploitation Less LikelyYesNoNo
Windows Remote Access Connection Manager CVE-2024-300797.8Exploitation Less LikelyYesNoNo
Windows NTLM CVE-2024-300817.1Exploitation Less LikelyYesNoNo
Windows Cryptographic Services CVE-2024-300987.5Exploitation Less LikelyYesNoNo
.NET and Visual Studio CVE-2024-301057.5Exploitation Less LikelyNoNoNo
Microsoft Office SharePoint CVE-2024-329877.5Exploitation Less LikelyYesNoNo
SQL Server CVE-2024-352568.8Exploitation Less LikelyYesNoNo
Azure Network Watcher CVE-2024-352617.8Exploitation Less LikelyYesNoNo
.NET and Visual Studio CVE-2024-352648.1Exploitation Less LikelyYesNoNo
Azure DevOps CVE-2024-352667.6Exploitation Less LikelyYesNoNo
Azure DevOps CVE-2024-352677.6Exploitation Less LikelyYesNoNo
Windows iSCSI CVE-2024-352705.3Exploitation Less LikelyYesNoNo
SQL Server CVE-2024-352718.8Exploitation Less LikelyYesNoNo
SQL Server CVE-2024-352728.8Exploitation Less LikelyYesNoNo
SQL Server CVE-2024-373188.8Exploitation Less LikelyYesNoNo
SQL Server CVE-2024-373198.8Exploitation Less LikelyYesNoNo
SQL Server CVE-2024-373208.8Exploitation Less LikelyYesNoNo
SQL Server CVE-2024-373218.8Exploitation Less LikelyYesNoNo
SQL Server CVE-2024-373228.8Exploitation Less LikelyYesNoNo
SQL Server CVE-2024-373238.8Exploitation Less LikelyYesNoNo
SQL Server CVE-2024-373248.8Exploitation Less LikelyYesNoNo
SQL Server CVE-2024-373268.8Exploitation Less LikelyYesNoNo
SQL Server CVE-2024-373278.8Exploitation Less LikelyYesNoNo
SQL Server CVE-2024-373288.8Exploitation Less LikelyYesNoNo
SQL Server CVE-2024-373298.8Exploitation Less LikelyYesNoNo
SQL Server CVE-2024-373308.8Exploitation Less LikelyYesNoNo
SQL Server CVE-2024-373318.8Exploitation Less LikelyYesNoNo
SQL Server CVE-2024-373328.8Exploitation Less LikelyYesNoNo
SQL Server CVE-2024-373338.8Exploitation Less LikelyYesNoNo
SQL Server CVE-2024-373348.8Exploitation Less LikelyYesNoNo
SQL Server CVE-2024-373368.8Exploitation Less LikelyYesNoNo
Windows Secure Boot CVE-2024-379698.0Exploitation Less LikelyYesNoNo
Windows Secure Boot CVE-2024-379708.0Exploitation Less LikelyYesNoNo
Windows Secure Boot CVE-2024-379718.0Exploitation Less LikelyYesNoNo
Windows Secure Boot CVE-2024-379728.0Exploitation Less LikelyYesNoNo
Windows Secure Boot CVE-2024-379738.4Exploitation Less LikelyYesNoNo
Windows Secure Boot CVE-2024-379748.0Exploitation Less LikelyYesNoNo
Windows Secure Boot CVE-2024-379758.0Exploitation Less LikelyYesNoNo
Windows Secure Boot CVE-2024-379778.0Exploitation Less LikelyYesNoNo
Windows Secure Boot CVE-2024-379788.0Exploitation Less LikelyYesNoNo
Windows Secure Boot CVE-2024-379818.0Exploitation Less LikelyYesNoNo
Windows Secure Boot CVE-2024-379848.4Exploitation Less LikelyYesNoNo
Windows Secure Boot CVE-2024-379868.0Exploitation Less LikelyYesNoNo
Windows Secure Boot CVE-2024-379878.0Exploitation Less LikelyYesNoNo
Windows Secure Boot CVE-2024-379888.0Exploitation Less LikelyYesNoNo
Windows Secure Boot CVE-2024-379898.0Exploitation Less LikelyYesNoNo
Windows Secure Boot CVE-2024-380108.0Exploitation Less LikelyYesNoNo
Windows Secure Boot CVE-2024-380118.0Exploitation Less LikelyYesNoNo
Windows Server Backup CVE-2024-380136.7Exploitation Less LikelyYesNoNo
Windows Remote Desktop CVE-2024-380157.5Exploitation Less LikelyNoNoNo
Windows Message Queuing CVE-2024-380175.5Exploitation Less LikelyYesNoNo
Windows Performance Monitor CVE-2024-380197.2Exploitation Less LikelyYesNoNo
Microsoft Office Outlook CVE-2024-380206.5Exploitation Less LikelyYesNoNo
Microsoft Office CVE-2024-380218.8Exploitation More LikelyYesNoNo
Windows Image Acquisition CVE-2024-380227.0Exploitation Less LikelyYesNoNo
Microsoft Office SharePoint CVE-2024-380237.2Exploitation More LikelyYesNoNo
Microsoft Office SharePoint CVE-2024-380247.2Exploitation More LikelyYesNoNo
Windows Performance Monitor CVE-2024-380257.2Exploitation Less LikelyYesNoNo
Line Printer Daemon Service (LPD) CVE-2024-380276.5Exploitation Less LikelyYesNoNo
Windows Performance Monitor CVE-2024-380287.2Exploitation Less LikelyYesNoNo
Windows Themes CVE-2024-380306.5Exploitation Less LikelyYesNoYes
Windows Online Certificate Status Protocol (OCSP) CVE-2024-380317.5Exploitation Less LikelyNoNoNo
XBox Crypto Graphic Services CVE-2024-380327.1Exploitation Less LikelyYesNoNo
Windows PowerShell CVE-2024-380337.3Exploitation Less LikelyYesNoNo
Windows Filtering CVE-2024-380347.8Exploitation Less LikelyYesNoNo
Windows Kernel CVE-2024-380415.5Exploitation Less LikelyYesNoNo
Windows PowerShell CVE-2024-380437.8Exploitation Less LikelyYesNoNo
Windows DHCP Server CVE-2024-380447.2Exploitation Less LikelyYesNoNo
Windows PowerShell CVE-2024-380477.8Exploitation Less LikelyYesNoNo
NDIS CVE-2024-380486.5Exploitation Less LikelyYesNoNo
Windows Distributed Transaction Coordinator CVE-2024-380496.6Exploitation Less LikelyYesNoNo
Windows Workstation Service CVE-2024-380507.8Exploitation Less LikelyYesNoNo
Microsoft Graphics Component CVE-2024-380517.8Exploitation Less LikelyYesNoNo
Microsoft Streaming Service CVE-2024-380527.8Exploitation More LikelyYesNoNo
Windows Internet Connection Sharing (ICS) CVE-2024-380538.8Exploitation Less LikelyYesNoNo
Microsoft Streaming Service CVE-2024-380547.8Exploitation More LikelyYesNoNo
Microsoft Windows Codecs Library CVE-2024-380555.5Exploitation Less LikelyYesNoNo
Microsoft Windows Codecs Library CVE-2024-380565.5Exploitation Less LikelyYesNoNo
Microsoft Streaming Service CVE-2024-380577.8Exploitation Less LikelyYesNoNo
Windows BitLocker CVE-2024-380586.8Exploitation Less LikelyYesNoNo
Windows Win32K - ICOMP CVE-2024-380597.8Exploitation More LikelyYesNoNo
Microsoft Windows Codecs Library CVE-2024-380608.8Exploitation More LikelyYesNoNo
Role: Active Directory Certificate Services; Active Directory Domain Services CVE-2024-380617.5Exploitation Less LikelyYesNoYes
Windows Kernel-Mode Drivers CVE-2024-380627.8Exploitation Less LikelyYesNoNo
Windows TCP/IP CVE-2024-380647.5Exploitation Less LikelyYesNoNo
Windows Secure Boot CVE-2024-380656.8Exploitation Less LikelyYesNoNo
Windows Win32K - GRFX CVE-2024-380667.8Exploitation More LikelyYesNoNo
Windows Online Certificate Status Protocol (OCSP) CVE-2024-380677.5Exploitation Less LikelyNoNoNo
Windows Online Certificate Status Protocol (OCSP) CVE-2024-380687.5Exploitation Less LikelyNoNoNo
Windows Enroll Engine CVE-2024-380697.0Exploitation Less LikelyYesNoNo
Windows LockDown Policy (WLDP) CVE-2024-380707.8Exploitation Less LikelyYesNoNo
Windows Remote Desktop Licensing Service CVE-2024-380717.5Exploitation Less LikelyYesNoNo
Windows Remote Desktop Licensing Service CVE-2024-380727.5Exploitation Less LikelyYesNoNo
Windows Remote Desktop Licensing Service CVE-2024-380737.5Exploitation Less LikelyYesNoNo
Windows Remote Desktop Licensing Service CVE-2024-380749.8Exploitation Less LikelyYesNoYes
Active Directory Federation Services CVE-2024-380757.4Exploitation Less LikelyNoNoNo
Windows Remote Desktop CVE-2024-380769.8Exploitation Less LikelyYesNoYes
Windows Remote Desktop Licensing Service CVE-2024-380779.8Exploitation Less LikelyYesNoYes
XBox Crypto Graphic Services CVE-2024-380787.5Exploitation Less LikelyYesNoNo
Microsoft Graphics Component CVE-2024-380797.8Exploitation More LikelyYesNoNo
Role: Windows Hyper-V CVE-2024-380807.8Exploitation More LikelyYesNoNo
.NET and Visual Studio CVE-2024-380817.3Exploitation Less LikelyYesNoNo
Windows Win32 Kernel Subsystem CVE-2024-380857.8Exploitation More LikelyYesNoNo
Azure Kinect SDK CVE-2024-380866.4Exploitation Less LikelyYesNoNo
SQL Server CVE-2024-380878.8Exploitation Less LikelyYesNoNo
SQL Server CVE-2024-380888.8Exploitation Less LikelyYesNoNo
Microsoft Defender for IoT CVE-2024-380899.1Exploitation Less LikelyYesNoNo
Microsoft WS-Discovery CVE-2024-380917.5Exploitation Less LikelyNoNoNo
Azure CycleCloud CVE-2024-380928.8Exploitation Less LikelyYesNoNo
Microsoft Office SharePoint CVE-2024-380947.2Exploitation More LikelyYesNoNo
.NET and Visual Studio CVE-2024-380957.5Exploitation Less LikelyNoNoNo
Windows Remote Desktop Licensing Service CVE-2024-380995.9Exploitation More LikelyYesNoNo
Windows COM Session CVE-2024-381007.8Exploitation More LikelyYesNoNo
Windows Internet Connection Sharing (ICS) CVE-2024-381016.5Exploitation Less LikelyYesNoNo
Windows Internet Connection Sharing (ICS) CVE-2024-381026.5Exploitation Less LikelyYesNoNo
Windows Fax and Scan Service CVE-2024-381048.8Exploitation Less LikelyYesNoNo
Windows Internet Connection Sharing (ICS) CVE-2024-381056.5Exploitation Less LikelyYesNoNo
Windows MSHTML Platform CVE-2024-381127.5Exploitation DetectedYesNoNo

We are republishing 4 non-Microsoft CVEs:

CNATagCVEFAQs?Workarounds?Mitigations?
CERT/CCNPS RADIUS Server CVE-2024-3596YesNoNo
IntelIntel CVE-2024-37985YesNoNo
GitHubActive Directory Rights Management Services CVE-2024-38517YesNoNo
GithubActive Directory Rights Management Services CVE-2024-39684YesNoNo

Security Update Guide Blog Posts

DateBlog Post
June 27, 2024 Toward greater transparency: Unveiling Cloud Service CVEs
April 9, 2024 Toward greater transparency: Security Update Guide now shares CWEs for CVEs
January 6, 2023 Publishing CBL-Mariner CVEs on the Security Update Guide CVRF API
January 11, 2022 Coming Soon: New Security Update Guide Notification System
February 9, 2021 Continuing to Listen: Good News about the Security Update Guide API
January 13, 2021 Security Update Guide Supports CVEs Assigned by Industry Partners
December 8, 2020 Security Update Guide: Let’s keep the conversation going
November 9, 2020 Vulnerability Descriptions in the New Version of the Security Update Guide

Relevant Resources

  • The new Hotpatching feature is now generally available. Please see  Hotpatching feature for Windows Server Azure Edition virtual machines (VMs) for more information.
  • Windows 10 and Windows 11 updates are cumulative. The monthly security release includes all security fixes for vulnerabilities that affect Windows 10 and Windows 11, in addition to non-security updates. The updates are available via the  Microsoft Update Catalog. For information on lifecycle and support dates for Windows 10 and Windows 11 operating systems, please see  Windows Lifecycle Facts Sheet.
  • Microsoft is improving Windows Release Notes. For more information, please see  What's next for Windows release notes.
  • A list of the latest servicing stack updates for each operating system can be found in  ADV990001. This list will be updated whenever a new servicing stack update is released. It is important to install the latest servicing stack update.
  • In addition to security changes for the vulnerabilities, updates include defense-in-depth updates to help improve security-related features.
  • Customers running Windows Server 2008 R2, or Windows Server 2008 need to purchase the Extended Security Update to continue receiving security updates. See  4522133 for more information.

Known Issues

You can see these in more detail from the Deployments tab by selecting Known Issues column in the Edit Columns panel.

For more information about Windows Known Issues, please see  Windows message center (links to currently-supported versions of Windows are in the left pane).

KB ArticleApplies To
5040427Windows 10, version 21H2, Windows 10, version 22H2
5040430Windows 10, version 1809, Windows Server 2019
5040431Windows 11, version 21H2
5040437Windows Server 2022
5040442Windows 11, version 22H2, Windows 11, version 23H2
5040490Windows Server 2008 (Security-only update)
5040499Windows Server 2008 (Monthly Rollup)

Win10

Security Update Guide - Microsoft Security Response Center