5 Critical Security Vulnerabilities in Patch Tuesday Updates

Microsoft released July month’s security updates on 9 July 2024. These updates address 142 vulnerabilities released on 9 July 2024. We look at 5 CRITICAL security vulnerabilities disclosed by Microsoft. Three security vulnerabilities have a CVSS score of 9.8 and could lead to the ‘Remote Code Execution’ attacks. One vulnerability is specific to the Sharepoint server. The other 4 vulnerabilities affect Windows servers.

Critical Security Vulnerabilities in July security updates

    The brief details of this vulnerability are listed below:

    • CVSS Score – 9.8
    • Impact – Remote Code Execution
    • The vulnerability affects ‘Windows Remote Desktop Licensing Service’
    • It affects Windows Server 2022, Windows Server 2019, Windows Server 2016, Windows Server 2012, Windows Server 2012 R2, and Windows Server 2008.
    • You could disable the Windows Remote Desktop Licensing Service to tide over the threat. But, Microsoft does suggest applying the relevant cumulative or security update.
    • CVSS Score – 9.8
    • Impact – Remote Code Execution
    • The vulnerability affects ‘Windows Remote Desktop Licensing Service’
    • It affects Windows Server 2022, Windows Server 2019, Windows Server 2016, Windows Server 2012, Windows Server 2012 R2, and Windows Server 2008.
    • You could disable the Windows Remote Desktop Licensing Service to tide over the threat. But, Microsoft does suggest applying the relevant cumulative or security update.
    • CVSS Score – 9.8
    • Impact – Remote Code Execution
    • The vulnerability affects ‘Windows Remote Desktop Licensing Service’
    • It affects Windows Server 2022, Windows Server 2019, Windows Server 2016, Windows Server 2012, Windows Server 2012 R2, and Windows Server 2008.
    • You could disable the Windows Remote Desktop Licensing Service to tide over the threat. But, Microsoft does suggest applying the relevant cumulative or security update.
    • CVSS Score – 8.8
    • Impact – Remote Code Execution
    • The vulnerability affects ‘Windows Imaging Component’. An authenticated attacker could exploit the vulnerability by uploading a malicious TIFF file to a server. Any authenticated attacker could trigger this vulnerability. It does not require admin or other elevated privileges.
    • It affects Windows Server 2022, Windows Server 2019, Windows Server 2016, Windows Server 2012, Windows Server 2012 R2, Windows Server 2008, Windows 10, and Windows 11.
    • CVSS Score – 7.2
    • Impact – Remote Code Execution
    • An authenticated attacker with Site Owner permissions or higher could upload a specially crafted file to the targeted SharePoint Server and craft specialized API requests to trigger deserialization of file’s parameters. This would enable the attacker to perform remote code execution in the context of the SharePoint Server.
    • It affects Microsoft SharePoint Enterprise Server 2016, Microsoft SharePoint Server 2019, and Microsoft SharePoint Server Subscription Edition.
    Rajesh Dhawan

    Rajesh Dhawan is a technology professional who loves to blog about smart wearables, Cloud computing and Microsoft technologies. He loves to break complex problems into manageable chunks of meaningful information.