|
|
Microsoft July 2024 Patch and Windows 11 KB5040442 Update: Full Coverage
Microsoft has just released its Patch Tuesday updates for July 2024, accompanied by the Windows 11 KB5040442 cumulative update. These updates bring a lot of improvements, security patches, and new features to enhance users' overall experience and repair some of the critical vulnerabilities.
Windows 11 KB5040442 Update Highlights
The KB5040442 update to Windows 11 23H2 has gone live, packing 31 improvements and changes that make it geared basically toward the betterment of functionality and usability. The key highlights of this update include:
- "Show Desktop" Button Restored: Of course, users will have the "Show Desktop" button on the bar again by default. This feature, brought back after it was replaced by Copilot, contributed to easier and quicker access to the Desktop view for enhanced workflow efficiency.
- Game Pass Recommendation Card: A new Game Pass recommendation card on the Settings home page will now light up for users who have their PCs as their primary gaming platform. It will enhance the gaming experience by recommending related content and updates.
- Context Menu Improvements: Now, you can create 7-Zip and Tape Archive files directly from the context menu in File Explorer. The improvement offers flexibility in options for the compression of files; hence, it meets different user needs.
- Emoji 15.1 Support: Windows 11 has native support for Emoji 15.1, which comes with a new range of emojis that portray horizontal and vertical head shakes, the phoenix, lime, brown mushroom, and broken chain. These will enhance the different dimensions of communication and expression across platforms for users.
- Improved Account Manager: There is an updated account manager available within the Start menu, making it easier for users to imagine viewing and thus managing account settings and the benefits associated with their Microsoft account.
- Improved Copilot Experience: Copilot, pinned now to the taskbar and acting more like a regular app, brings with itself improved usabilities. A user can resize, move, and snap the Copilot window for improved multitasking and enhanced user interaction.
- VFP Improvements: VFP inside Windows nodes improved with better packet drop collection in network troubleshooting and management.
- Task Manager and DDR Speed Enhancements: The changes in the sort order of processes in Task Manager and the update to show DDR speed in MT/s, Mega Transfers per second, rather than MHz, further improve performance monitoring and clarity for users.
Microsoft July 2024 Patch Tuesday Fixing Critical Vulnerabilities
On the Patch Tuesday event, Microsoft addresses 142 vulnerabilities in all products, including windowing systems and other Microsoft software. These updates are quite critical since they were perpetrated by a handful of zero-day vulnerabilities that were being weaponized by actors to affect system security and compromise user data.
Key Vulnerabilities Addressed:
- Zero-Day Vulnerabilities: Microsoft has fixed 4 zero-day vulnerabilities—critical in the sense that they are being acted upon while in the wild by cybercriminals. Such vulnerabilities could be exploited to allow an attacker to access the system without authorization, execute arbitrary code with system privileges, or even result in compromise if Criteria: User interaction is not required.
- RCE vulnerabilities: This update addresses various RCE vulnerabilities found in different Windows components and other Microsoft products. Of all the system vulnerabilities, RCE vulnerabilities are the most dangerous because they allow hackers to run their evil code on a system remotely, potentially hijacking them.
- Elevation of Privilege Vulnerabilities: This package addresses EoP vulnerabilities that could be exploited by attackers to elevate their privileges on an already compromised system. These vulnerabilities would provide attackers with access levels higher than those set and intended by the administrators, thus compromising the system and exposing the data.
- Information Disclosure Vulnerabilities: Information disclosure vulnerabilities that may lead to the exposure of sensitive information to unauthorized third parties are also hardened by this update. These vulnerabilities could allow critical exposure of sensitive or confidential data, hence tainting user privacy and organizational security.
- DoS vulnerabilities: This update resolves DoS issues that could be brought about by exploitation to undermine administrations or crash systems running influenced programming. These measures are taken to ensure the reliability and availability of Microsoft's products and services so that customers can rely on them when they need them.
Importance of Installing Security Updates:
Up-to-date security patches, like those included in July 2024 Patch Tuesday, greatly contribute to maintaining a secure system and defending against emerging threats. Keeping a system updated on a regular basis will help minimize the risk of exploitation by known vulnerabilities and reduce the possibility of security breaches and data compromise.
How to Install Updates:
To install updates for July 2024 Patch Tuesday and ensure your system is safe, please proceed with the following steps:
- Go to Start > Settings > Windows Update.
- Click 'Check for Updates'. This will initiate the download and installation of the update if it is available.
- You can also go to the Microsoft Update Catalog for some updates, which will allow them to be downloaded offline and deployed across the network.
Conclusion
The July 2024 Patch Tuesday updates of Microsoft and the Windows 11 KB5040442 update have been very major moves that pertain to security, functionality, and overall user experience across Microsoft's ecosystem. Keeping updated is therefore very important, both for the integrity of the system and to get the best of what's new with critical security patches to flaws and all-new functionality that enhances usability.
Ensure to deploy these updates on your system, and these include security enhancement and a refined version with feature enrichment that keep further evolving to meet modern-day computing demands. Besides those critical vulnerability patches for system security, these July 2024 Patch Tuesday updates from Microsoft have fixed Windows reliability and other Microsoft products for better performance. Upbeat installation of this update will specially give the users an added advantage in defending against cyber threats or maintaining top security.
Keep your systems current in order to remain updated with these security enhancements, knowing that your Microsoft products will be working for you in terms of productivity and innovation.
Below is the complete list of resolved vulnerabilities in the July 2024 Patch Tuesday updates.
| Tag | CVE ID | CVE Title | Severity |
|---|---|---|---|
| .NET and Visual Studio | CVE-2024-30105 | .NET Core and Visual Studio Denial of Service Vulnerability | Important |
| .NET and Visual Studio | CVE-2024-38081 | .NET Framework and Visual Studio Elevation of Privilege Vulnerability | Important |
| .NET and Visual Studio | CVE-2024-35264 | .NET and Visual Studio Remote Code Execution Vulnerability | Important |
| .NET and Visual Studio | CVE-2024-38095 | .NET and Visual Studio Denial of Service Vulnerability | Important |
| Active Directory Rights Management Services | CVE-2024-39684 | Github: CVE-2024-39684 TenCent RapidJSON Elevation of Privilege Vulnerability | Moderate |
| Active Directory Rights Management Services | CVE-2024-38517 | Github: CVE-2024-38517 TenCent RapidJSON Elevation of Privilege Vulnerability | Moderate |
| Azure CycleCloud | CVE-2024-38092 | Azure CycleCloud Elevation of Privilege Vulnerability | Important |
| Azure DevOps | CVE-2024-35266 | Azure DevOps Server Spoofing Vulnerability | Important |
| Azure DevOps | CVE-2024-35267 | Azure DevOps Server Spoofing Vulnerability | Important |
| Azure Kinect SDK | CVE-2024-38086 | Azure Kinect SDK Remote Code Execution Vulnerability | Important |
| Azure Network Watcher | CVE-2024-35261 | Azure Network Watcher VM Extension Elevation of Privilege Vulnerability | Important |
| Intel | CVE-2024-37985 | Arm: CVE-2024-37985 Systematic Identification and Characterization of Proprietary Prefetchers | Important |
| Line Printer Daemon Service (LPD) | CVE-2024-38027 | Windows Line Printer Daemon Service Denial of Service Vulnerability | Important |
| Microsoft Defender for IoT | CVE-2024-38089 | Microsoft Defender for IoT Elevation of Privilege Vulnerability | Important |
| Microsoft Dynamics | CVE-2024-30061 | Microsoft Dynamics 365 (On-Premises) Information Disclosure Vulnerability | Important |
| Microsoft Graphics Component | CVE-2024-38079 | Windows Graphics Component Elevation of Privilege Vulnerability | Important |
| Microsoft Graphics Component | CVE-2024-38051 | Windows Graphics Component Remote Code Execution Vulnerability | Important |
| Microsoft Office | CVE-2024-38021 | Microsoft Office Remote Code Execution Vulnerability | Important |
| Microsoft Office Outlook | CVE-2024-38020 | Microsoft Outlook Spoofing Vulnerability | Moderate |
| Microsoft Office SharePoint | CVE-2024-38024 | Microsoft SharePoint Server Remote Code Execution Vulnerability | Important |
| Microsoft Office SharePoint | CVE-2024-38023 | Microsoft SharePoint Server Remote Code Execution Vulnerability | Critical |
| Microsoft Office SharePoint | CVE-2024-32987 | Microsoft SharePoint Server Information Disclosure Vulnerability | Important |
| Microsoft Office SharePoint | CVE-2024-38094 | Microsoft SharePoint Remote Code Execution Vulnerability | Important |
| Microsoft Streaming Service | CVE-2024-38057 | Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability | Important |
| Microsoft Streaming Service | CVE-2024-38054 | Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability | Important |
| Microsoft Streaming Service | CVE-2024-38052 | Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability | Important |
| Microsoft Windows Codecs Library | CVE-2024-38055 | Microsoft Windows Codecs Library Information Disclosure Vulnerability | Important |
| Microsoft Windows Codecs Library | CVE-2024-38056 | Microsoft Windows Codecs Library Information Disclosure Vulnerability | Important |
| Microsoft WS-Discovery | CVE-2024-38091 | Microsoft WS-Discovery Denial of Service Vulnerability | Important |
| NDIS | CVE-2024-38048 | Windows Network Driver Interface Specification (NDIS) Denial of Service Vulnerability | Important |
| NPS RADIUS Server | CVE-2024-3596 | CERT/CC: CVE-2024-3596 RADIUS Protocol Spoofing Vulnerability | Important |
| Role: Active Directory Certificate Services; Active Directory Domain Services | CVE-2024-38061 | DCOM Remote Cross-Session Activation Elevation of Privilege Vulnerability | Important |
| Role: Windows Hyper-V | CVE-2024-38080 | Windows Hyper-V Elevation of Privilege Vulnerability | Important |
| SQL Server | CVE-2024-28928 | SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | Important |
| SQL Server | CVE-2024-38088 | SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | Important |
| SQL Server | CVE-2024-20701 | SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | Important |
| SQL Server | CVE-2024-21317 | SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | Important |
| SQL Server | CVE-2024-21331 | SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | Important |
| SQL Server | CVE-2024-21308 | SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | Important |
| SQL Server | CVE-2024-21333 | SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | Important |
| SQL Server | CVE-2024-35256 | SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | Important |
| SQL Server | CVE-2024-21303 | SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | Important |
| SQL Server | CVE-2024-21335 | SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | Important |
| SQL Server | CVE-2024-35271 | SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | Important |
| SQL Server | CVE-2024-35272 | SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | Important |
| SQL Server | CVE-2024-21332 | SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | Important |
| SQL Server | CVE-2024-38087 | SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | Important |
| SQL Server | CVE-2024-21425 | SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | Important |
| SQL Server | CVE-2024-21449 | SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | Important |
| SQL Server | CVE-2024-37324 | SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | Important |
| SQL Server | CVE-2024-37330 | SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | Important |
| SQL Server | CVE-2024-37326 | SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | Important |
| SQL Server | CVE-2024-37329 | SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | Important |
| SQL Server | CVE-2024-37328 | SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | Important |
| SQL Server | CVE-2024-37327 | SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | Important |
| SQL Server | CVE-2024-37334 | Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability | Important |
| SQL Server | CVE-2024-37321 | SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | Important |
| SQL Server | CVE-2024-37320 | SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | Important |
| SQL Server | CVE-2024-37319 | SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | Important |
| SQL Server | CVE-2024-37322 | SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | Important |
| SQL Server | CVE-2024-37333 | SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | Important |
| SQL Server | CVE-2024-37336 | SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | Important |
| SQL Server | CVE-2024-37323 | SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | Important |
| SQL Server | CVE-2024-37331 | SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | Important |
| SQL Server | CVE-2024-21398 | SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | Important |
| SQL Server | CVE-2024-21373 | SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | Important |
| SQL Server | CVE-2024-37318 | SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | Important |
| SQL Server | CVE-2024-21428 | SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | Important |
| SQL Server | CVE-2024-21415 | SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | Important |
| SQL Server | CVE-2024-37332 | SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | Important |
| SQL Server | CVE-2024-21414 | SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | Important |
| Windows BitLocker | CVE-2024-38058 | BitLocker Security Feature Bypass Vulnerability | Important |
| Windows COM Session | CVE-2024-38100 | Windows File Explorer Elevation of Privilege Vulnerability | Important |
| Windows CoreMessaging | CVE-2024-21417 | Windows Text Services Framework Elevation of Privilege Vulnerability | Important |
| Windows Cryptographic Services | CVE-2024-30098 | Windows Cryptographic Services Security Feature Bypass Vulnerability | Important |
| Windows DHCP Server | CVE-2024-38044 | DHCP Server Service Remote Code Execution Vulnerability | Important |
| Windows Distributed Transaction Coordinator | CVE-2024-38049 | Windows Distributed Transaction Coordinator Remote Code Execution Vulnerability | Important |
| Windows Enroll Engine | CVE-2024-38069 | Windows Enroll Engine Security Feature Bypass Vulnerability | Important |
| Windows Fax and Scan Service | CVE-2024-38104 | Windows Fax Service Remote Code Execution Vulnerability | Important |
| Windows Filtering | CVE-2024-38034 | Windows Filtering Platform Elevation of Privilege Vulnerability | Important |
| Windows Image Acquisition | CVE-2024-38022 | Windows Image Acquisition Elevation of Privilege Vulnerability | Important |
| Windows Imaging Component | CVE-2024-38060 | Windows Imaging Component Remote Code Execution Vulnerability | Critical |
| Windows Internet Connection Sharing (ICS) | CVE-2024-38105 | Windows Layer-2 Bridge Network Driver Denial of Service Vulnerability | Important |
| Windows Internet Connection Sharing (ICS) | CVE-2024-38053 | Windows Layer-2 Bridge Network Driver Remote Code Execution Vulnerability | Important |
| Windows Internet Connection Sharing (ICS) | CVE-2024-38102 | Windows Layer-2 Bridge Network Driver Denial of Service Vulnerability | Important |
| Windows Internet Connection Sharing (ICS) | CVE-2024-38101 | Windows Layer-2 Bridge Network Driver Denial of Service Vulnerability | Important |
| Windows iSCSI | CVE-2024-35270 | Windows iSCSI Service Denial of Service Vulnerability | Important |
| Windows Kernel | CVE-2024-38041 | Windows Kernel Information Disclosure Vulnerability | Important |
| Windows Kernel-Mode Drivers | CVE-2024-38062 | Windows Kernel-Mode Driver Elevation of Privilege Vulnerability | Important |
| Windows LockDown Policy (WLDP) | CVE-2024-38070 | Windows LockDown Policy (WLDP) Security Feature Bypass Vulnerability | Important |
| Windows Message Queuing | CVE-2024-38017 | Microsoft Message Queuing Information Disclosure Vulnerability | Important |
| Windows MSHTML Platform | CVE-2024-38112 | Windows MSHTML Platform Spoofing Vulnerability | Important |
| Windows MultiPoint Services | CVE-2024-30013 | Windows MultiPoint Services Remote Code Execution Vulnerability | Important |
| Windows NTLM | CVE-2024-30081 | Windows NTLM Spoofing Vulnerability | Important |
| Windows Online Certificate Status Protocol (OCSP) | CVE-2024-38068 | Windows Online Certificate Status Protocol (OCSP) Server Denial of Service Vulnerability | Important |
| Windows Online Certificate Status Protocol (OCSP) | CVE-2024-38067 | Windows Online Certificate Status Protocol (OCSP) Server Denial of Service Vulnerability | Important |
| Windows Online Certificate Status Protocol (OCSP) | CVE-2024-38031 | Windows Online Certificate Status Protocol (OCSP) Server Denial of Service Vulnerability | Important |
| Windows Performance Monitor | CVE-2024-38028 | Microsoft Windows Performance Data Helper Library Remote Code Execution Vulnerability | Important |
| Windows Performance Monitor | CVE-2024-38019 | Microsoft Windows Performance Data Helper Library Remote Code Execution Vulnerability | Important |
| Windows Performance Monitor | CVE-2024-38025 | Microsoft Windows Performance Data Helper Library Remote Code Execution Vulnerability | Important |
| Windows PowerShell | CVE-2024-38043 | PowerShell Elevation of Privilege Vulnerability | Important |
| Windows PowerShell | CVE-2024-38047 | PowerShell Elevation of Privilege Vulnerability | Important |
| Windows PowerShell | CVE-2024-38033 | PowerShell Elevation of Privilege Vulnerability | Important |
| Windows Remote Access Connection Manager | CVE-2024-30071 | Windows Remote Access Connection Manager Information Disclosure Vulnerability | Important |
| Windows Remote Access Connection Manager | CVE-2024-30079 | Windows Remote Access Connection Manager Elevation of Privilege Vulnerability | Important |
| Windows Remote Desktop | CVE-2024-38076 | Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability | Critical |
| Windows Remote Desktop | CVE-2024-38015 | Windows Remote Desktop Gateway (RD Gateway) Denial of Service Vulnerability | Important |
| Windows Remote Desktop Licensing Service | CVE-2024-38071 | Windows Remote Desktop Licensing Service Denial of Service Vulnerability | Important |
| Windows Remote Desktop Licensing Service | CVE-2024-38073 | Windows Remote Desktop Licensing Service Denial of Service Vulnerability | Important |
| Windows Remote Desktop Licensing Service | CVE-2024-38074 | Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability | Critical |
| Windows Remote Desktop Licensing Service | CVE-2024-38072 | Windows Remote Desktop Licensing Service Denial of Service Vulnerability | Important |
| Windows Remote Desktop Licensing Service | CVE-2024-38077 | Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability | Critical |
| Windows Remote Desktop Licensing Service | CVE-2024-38099 | Windows Remote Desktop Licensing Service Denial of Service Vulnerability | Important |
| Windows Secure Boot | CVE-2024-38065 | Secure Boot Security Feature Bypass Vulnerability | Important |
| Windows Secure Boot | CVE-2024-37986 | Secure Boot Security Feature Bypass Vulnerability | Important |
| Windows Secure Boot | CVE-2024-37981 | Secure Boot Security Feature Bypass Vulnerability | Important |
| Windows Secure Boot | CVE-2024-37987 | Secure Boot Security Feature Bypass Vulnerability | Important |
| Windows Secure Boot | CVE-2024-28899 | Secure Boot Security Feature Bypass Vulnerability | Important |
| Windows Secure Boot | CVE-2024-26184 | Secure Boot Security Feature Bypass Vulnerability | Important |
| Windows Secure Boot | CVE-2024-38011 | Secure Boot Security Feature Bypass Vulnerability | Important |
| Windows Secure Boot | CVE-2024-37984 | Secure Boot Security Feature Bypass Vulnerability | Important |
| Windows Secure Boot | CVE-2024-37988 | Secure Boot Security Feature Bypass Vulnerability | Important |
| Windows Secure Boot | CVE-2024-37977 | Secure Boot Security Feature Bypass Vulnerability | Important |
| Windows Secure Boot | CVE-2024-37978 | Secure Boot Security Feature Bypass Vulnerability | Important |
| Windows Secure Boot | CVE-2024-37974 | Secure Boot Security Feature Bypass Vulnerability | Important |
| Windows Secure Boot | CVE-2024-38010 | Secure Boot Security Feature Bypass Vulnerability | Important |
| Windows Secure Boot | CVE-2024-37989 | Secure Boot Security Feature Bypass Vulnerability | Important |
| Windows Secure Boot | CVE-2024-37970 | Secure Boot Security Feature Bypass Vulnerability | Important |
| Windows Secure Boot | CVE-2024-37975 | Secure Boot Security Feature Bypass Vulnerability | Important |
| Windows Secure Boot | CVE-2024-37972 | Secure Boot Security Feature Bypass Vulnerability | Important |
| Windows Secure Boot | CVE-2024-37973 | Secure Boot Security Feature Bypass Vulnerability | Important |
| Windows Secure Boot | CVE-2024-37971 | Secure Boot Security Feature Bypass Vulnerability | Important |
| Windows Secure Boot | CVE-2024-37969 | Secure Boot Security Feature Bypass Vulnerability | Important |
| Windows Server Backup | CVE-2024-38013 | Microsoft Windows Server Backup Elevation of Privilege Vulnerability | Important |
| Windows TCP/IP | CVE-2024-38064 | Windows TCP/IP Information Disclosure Vulnerability | Important |
| Windows Themes | CVE-2024-38030 | Windows Themes Spoofing Vulnerability | Important |
| Windows Win32 Kernel Subsystem | CVE-2024-38085 | Windows Graphics Component Elevation of Privilege Vulnerability | Important |
| Windows Win32K - GRFX | CVE-2024-38066 | Windows Win32k Elevation of Privilege Vulnerability | Important |
| Windows Win32K - ICOMP | CVE-2024-38059 | Win32k Elevation of Privilege Vulnerability | Important |
| Windows Workstation Service | CVE-2024-38050 | Windows Workstation Service Elevation of Privilege Vulnerability | Important |
| XBox Crypto Graphic Services | CVE-2024-38032 | Microsoft Xbox Remote Code Execution Vulnerability | Important |
| XBox Crypto Graphic Services | CVE-2024-38078 | Xbox Wireless Adapter Remote Code Execution Vulnerability | Important |