July 2024 Patch Tuesday Unleashes a Torrent of Updates

to a pair of cowboy fighter pilots (ahem, naval aviators) in Top Gun. Less well known, but still Alive And Kicking (like the song released the same year by Simple Minds), the TIFF image file format also was introduced that year by Aldus Corporation, now known as Adobe.

This CVE addresses a critical, easily exploitable vulnerability specific to this 38-year-old file format. A specially-crafted, malicious TIFF file, uploaded to a vulnerable server, could have triggered the server that receives the file to execute malicious code embedded in the TIFF file. Patch your servers to take them out of the danger zone.

CVE-2024-38032 – Microsoft Xbox Remote Code Execution Vulnerability

Users of the Xbox gaming console who also happen to have a wireless adapter, and connect wirelessly to their local network, should beware of strangers lurking on their network who can attack these devices. The (so far) hypothetical threat is that someone who is connected to your wireless network can send a malicious network packet to the Xbox, one that could execute an arbitrary command. The attacker has to be connected to the same network as the Xbox, so it’s another good reason not to invite any threat actors to your WLAN party.

Important severity
CVE-2024-20701	Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
CVE-2024-21303	Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
CVE-2024-21308	Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
CVE-2024-21317	Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
CVE-2024-21331	Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
CVE-2024-21332	Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
CVE-2024-21333	Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
CVE-2024-21335	Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
CVE-2024-21373	Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
CVE-2024-21398	Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
CVE-2024-21414	Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
CVE-2024-21415	Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
CVE-2024-21425	Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
CVE-2024-21428	Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
CVE-2024-21449	Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
CVE-2024-28928	Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
CVE-2024-35256	Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
CVE-2024-35271	Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
CVE-2024-35272	Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
CVE-2024-37318	Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
CVE-2024-37319	Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
CVE-2024-37320	Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
CVE-2024-37321	Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
CVE-2024-37322	Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
CVE-2024-37323	Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
CVE-2024-37324	Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
CVE-2024-37326	Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
CVE-2024-37327	Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
CVE-2024-37328	Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
CVE-2024-37329	Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
CVE-2024-37330	Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
CVE-2024-37331	Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
CVE-2024-37332	Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
CVE-2024-37333	Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
CVE-2024-37334	Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
CVE-2024-37336	Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
CVE-2024-38087	Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
CVE-2024-38088	Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability

 

Azure (5 CVEs)

Important severity
CVE-2024-35261	Azure Network Watcher VM Extension Elevation of Privilege Vulnerability
CVE-2024-35266	Azure DevOps Server Spoofing Vulnerability
CVE-2024-35267	Azure DevOps Server Spoofing Vulnerability
CVE-2024-38086	Azure Kinect SDK Remote Code Execution Vulnerability
CVE-2024-38092	Azure CycleCloud Elevation of Privilege Vulnerability

 

SharePoint (4 CVEs)

Critical severity
CVE-2024-38023	Microsoft SharePoint Server Remote Code Execution Vulnerability
Important severity
CVE-2024-32987	Microsoft SharePoint Server Information Disclosure Vulnerability
CVE-2024-38024	Microsoft SharePoint Server Remote Code Execution Vulnerability
CVE-2024-38094	Microsoft SharePoint Remote Code Execution Vulnerability

 

Office 365 (2 CVEs)

Important severity
CVE-2024-38021	Microsoft Office Remote Code Execution Vulnerability
Moderate severity
CVE-2024-38020	Microsoft Outlook Spoofing Vulnerability

 

Microsoft Dynamics 365 (on-prem)

Important severity
CVE-2024-30061	Microsoft Dynamics 365 (On-Premises) Information Disclosure Vulnerability

 

Microsoft Defender for IoT (1 CVE)

Important severity
CVE-2024-38089	Microsoft Defender for