Microsoft released its monthly security update on Tuesday, disclosing 142 vulnerabilities across its suite of products and software. Of those, there are five critical vulnerabilities, and every other security issue disclosed this month is considered "important."
This is the largest Patch Tuesday since April when Microsoft patched 150 vulnerabilities.
Of the critical vulnerabilities, two are considered more likely to be exploited:
CVE-2024-38023, a remote code execution vulnerability in Microsoft SharePoint server, where an authenticated attacker with Site Owner permissions can use the vulnerability to execute arbitrary code in the context of SharePoint server.
CVE-2024-38060, a remote code execution vulnerability in Microsoft Windows Codecs Library that can be exploited by an authenticated attacker who uploads a specially crafted malicious TIFF file.
There are three other critical vulnerabilities listed in this advisory. All three (CVE-2024-38074, CVE-2024-38076 and CVE-2024-38077) are remote code execution vulnerabilities in Windows Remote Desktop Licensing Service. In all of them, an attacker could send a specially crafted network packet which could cause remote code execution. In the case of CVE-2024-38077, the adversary does not need to be authenticated.
All the remaining vulnerabilities are considered important. Of these, CVE-2024-38080 is particularly relevant because Microsoft ..
Support the originator by clicking the read the rest link below.
