HomeWinBuzzer NewsMicrosoft Enhances Windows 11 24H2 Copilot+ PCs in July Patch Tuesday

Microsoft Enhances Windows 11 24H2 Copilot+ PCs in July Patch Tuesday

As part of the wider July 2024 Patch Tuesday, Microsoft has rolled out fixes for 142 vulnerabilities across its software services.

-

has rolled out update KB5040435 for Windows 11 24H2, geared towards enhancing security on Copilot+ PCs. This release, part of Microsoft's scheduled July 2024 Patch Tuesday updates, advances the OS to Build 26100.1150 and fixes several .

Improvements and Fixes

Incorporating improvements from the June 28, 2024, KB5039304 update, one notable change with KB5040435 involves the User Account Control (UAC) system. Now, reparation of applications using the Windows Installer will prompt users for credentials.

Automation scripts may need updating to display the Shield icon, indicating the requirement for elevated permissions. To bypass this prompt, users can set the registry value

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Installer\DisableLUAInRepair to 1

RADIUS Protocol Fixes

A major issue addressed in this update concerns the Remote Authentication Dial-In User Service (RADIUS) protocol, specifically resolving MD5 collision vulnerabilities. Additional details are available in KB5040268.

This update includes the Servicing Stack Update (KB5039333) for Build 26100.998, crucial for maintaining a stable and reliable servicing stack essential for the application of Microsoft updates.

However, there is an identified issue where Roblox cannot be downloaded and played on Arm devices via the Microsoft Store. A recommended workaround is to download the game directly from the Roblox website.

Security Focus

The KB5040435 update primarily aims at reinforcing security by addressing critical vulnerabilities within Windows 11. Detailed information on the resolved security issues can be found in the Security Update Guide and the July 2024 Security Updates on the Microsoft website. In the meantime, the vulnerabilities addressed in July 2024 Patch Tuesday can be seen below:

CVE ID

Tag

CVE Title

CVE-2024-30105

.NET and Visual Studio

.NET Core and Visual Studio Denial of Service Vulnerability

CVE-2024-38081

.NET and Visual Studio

.NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability

CVE-2024-35264

.NET and Visual Studio

.NET and Visual Studio Remote Code Execution Vulnerability

CVE-2024-38095

.NET and Visual Studio

.NET and Visual Studio Denial of Service Vulnerability

CVE-2024-39684

Active Directory Rights Management Services

Github: CVE-2024-39684 TenCent RapidJSON Elevation of Privilege Vulnerability

CVE-2024-38517

Active Directory Rights Management Services

Github: CVE-2024-38517 TenCent RapidJSON Elevation of Privilege Vulnerability

CVE-2024-38092

Azure CycleCloud

Azure CycleCloud Elevation of Privilege Vulnerability

CVE-2024-35266

Azure DevOps

Azure DevOps Server Spoofing Vulnerability

CVE-2024-35267

Azure DevOps

Azure DevOps Server Spoofing Vulnerability

CVE-2024-38086

Azure Kinect SDK

Azure Kinect SDK Remote Code Execution Vulnerability

CVE-2024-35261

Azure Network Watcher

Azure Network Watcher VM Extension Elevation of Privilege Vulnerability

CVE-2024-37985

Arm: CVE-2024-37985 Systematic Identification and Characterization of Proprietary Prefetchers

CVE-2024-38027

Line Printer Daemon Service (LPD)

Windows Line Printer Daemon Service Denial of Service Vulnerability

CVE-2024-38089

Microsoft Defender for IoT

Microsoft Defender for IoT Elevation of Privilege Vulnerability

CVE-2024-30061

Microsoft Dynamics

Microsoft (On-Premises) Information Disclosure Vulnerability

CVE-2024-38079

Microsoft Graphics Component

Windows Graphics Component Elevation of Privilege Vulnerability

CVE-2024-38051

Microsoft Graphics Component

Windows Graphics Component Remote Code Execution Vulnerability

CVE-2024-38021

Microsoft Office

Microsoft Office Remote Code Execution Vulnerability

CVE-2024-38020

Microsoft Office Outlook

Microsoft Outlook Spoofing Vulnerability

CVE-2024-38024

Microsoft Office SharePoint

Microsoft SharePoint Server Remote Code Execution Vulnerability

CVE-2024-38023

Microsoft Office SharePoint

Microsoft SharePoint Server Remote Code Execution Vulnerability

CVE-2024-32987

Microsoft Office SharePoint

Microsoft SharePoint Server Information Disclosure Vulnerability

CVE-2024-38094

Microsoft Office SharePoint

Microsoft SharePoint Remote Code Execution Vulnerability

CVE-2024-38057

Microsoft Streaming Service

Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability

CVE-2024-38054

Microsoft Streaming Service

Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability

CVE-2024-38052

Microsoft Streaming Service

Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability

CVE-2024-38055

Codecs Library

Microsoft Windows Codecs Library Information Disclosure Vulnerability

CVE-2024-38056

Microsoft Windows Codecs Library

Microsoft Windows Codecs Library Information Disclosure Vulnerability

CVE-2024-38091

Microsoft WS-Discovery

Microsoft WS-Discovery Denial of Service Vulnerability

CVE-2024-38048

NDIS

Windows Network Driver Interface Specification (NDIS) Denial of Service Vulnerability

CVE-2024-3596

NPS RADIUS Server

CERT/CC: CVE-2024-3596 RADIUS Protocol Spoofing Vulnerability

CVE-2024-38061

Role: Active Directory Certificate Services; Active Directory Domain Services

DCOM Remote Cross-Session Activation Elevation of Privilege Vulnerability

CVE-2024-38080

Role: Windows Hyper-V

Windows Hyper-V Elevation of Privilege Vulnerability

CVE-2024-28928

SQL Server

SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

CVE-2024-38088

SQL Server

SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

CVE-2024-20701

SQL Server

SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

CVE-2024-21317

SQL Server

SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

CVE-2024-21331

SQL Server

SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

CVE-2024-21308

SQL Server

SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

CVE-2024-21333

SQL Server

SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

CVE-2024-35256

SQL Server

SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

CVE-2024-21303

SQL Server

SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

CVE-2024-21335

SQL Server

SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

CVE-2024-35271

SQL Server

SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

CVE-2024-35272

SQL Server

SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

CVE-2024-21332

SQL Server

SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

CVE-2024-38087

SQL Server

SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

CVE-2024-21425

SQL Server

SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

CVE-2024-21449

SQL Server

SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

CVE-2024-37324

SQL Server

SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

CVE-2024-37330

SQL Server

SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

CVE-2024-37326

SQL Server

SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

CVE-2024-37329

SQL Server

SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

CVE-2024-37328

SQL Server

SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

CVE-2024-37327

SQL Server

SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

CVE-2024-37334

SQL Server

Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability

CVE-2024-37321

SQL Server

SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

CVE-2024-37320

SQL Server

SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

CVE-2024-37319

SQL Server

SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

CVE-2024-37322

SQL Server

SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

CVE-2024-37333

SQL Server

SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

CVE-2024-37336

SQL Server

SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

CVE-2024-37323

SQL Server

SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

CVE-2024-37331

SQL Server

SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

CVE-2024-21398

SQL Server

SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

CVE-2024-21373

SQL Server

SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

CVE-2024-37318

SQL Server

SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

CVE-2024-21428

SQL Server

SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

CVE-2024-21415

SQL Server

SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

CVE-2024-37332

SQL Server

SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

CVE-2024-21414

SQL Server

SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

CVE-2024-38058

Windows BitLocker

BitLocker Security Feature Bypass Vulnerability

CVE-2024-38100

Windows COM Session

Windows File Explorer Elevation of Privilege Vulnerability

CVE-2024-21417

Windows CoreMessaging

Windows Text Services Framework Elevation of Privilege Vulnerability

CVE-2024-30098

Windows Cryptographic Services

Windows Cryptographic Services Security Feature Bypass Vulnerability

CVE-2024-38044

Windows DHCP Server

DHCP Server Service Remote Code Execution Vulnerability

CVE-2024-38049

Windows Distributed Transaction Coordinator

Windows Distributed Transaction Coordinator Remote Code Execution Vulnerability

CVE-2024-38069

Windows Enroll Engine

Windows Enroll Engine Security Feature Bypass Vulnerability

CVE-2024-38104

Windows Fax and Scan Service

Windows Fax Service Remote Code Execution Vulnerability

CVE-2024-38034

Windows Filtering

Windows Filtering Platform Elevation of Privilege Vulnerability

CVE-2024-38022

Windows Image Acquisition

Windows Image Acquisition Elevation of Privilege Vulnerability

CVE-2024-38060

Windows Imaging Component

Windows Imaging Component Remote Code Execution Vulnerability

CVE-2024-38105

Windows Internet Connection Sharing (ICS)

Windows Layer-2 Bridge Network Driver Denial of Service Vulnerability

CVE-2024-38053

Windows Internet Connection Sharing (ICS)

Windows Layer-2 Bridge Network Driver Remote Code Execution Vulnerability

CVE-2024-38102

Windows Internet Connection Sharing (ICS)

Windows Layer-2 Bridge Network Driver Denial of Service Vulnerability

CVE-2024-38101

Windows Internet Connection Sharing (ICS)

Windows Layer-2 Bridge Network Driver Denial of Service Vulnerability

CVE-2024-35270

Windows iSCSI

Windows iSCSI Service Denial of Service Vulnerability

CVE-2024-38041

Windows Kernel

Windows Kernel Information Disclosure Vulnerability

CVE-2024-38062

Windows Kernel-Mode Drivers

Windows Kernel-Mode Driver Elevation of Privilege Vulnerability

CVE-2024-38070

Windows LockDown Policy (WLDP)

Windows LockDown Policy (WLDP) Security Feature Bypass Vulnerability

CVE-2024-38017

Windows Message Queuing

Microsoft Message Queuing Information Disclosure Vulnerability

CVE-2024-38112

Windows MSHTML Platform

Windows MSHTML Platform Spoofing Vulnerability

CVE-2024-30013

Windows MultiPoint Services

Windows MultiPoint Services Remote Code Execution Vulnerability

CVE-2024-30081

Windows NTLM

Windows NTLM Spoofing Vulnerability

CVE-2024-38068

Windows Online Certificate Status Protocol (OCSP)

Windows Online Certificate Status Protocol (OCSP) Server Denial of Service Vulnerability

CVE-2024-38067

Windows Online Certificate Status Protocol (OCSP)

Windows Online Certificate Status Protocol (OCSP) Server Denial of Service Vulnerability

CVE-2024-38031

Windows Online Certificate Status Protocol (OCSP)

Windows Online Certificate Status Protocol (OCSP) Server Denial of Service Vulnerability

CVE-2024-38028

Windows Performance Monitor

Microsoft Windows Performance Data Helper Library Remote Code Execution Vulnerability

CVE-2024-38019

Windows Performance Monitor

Microsoft Windows Performance Data Helper Library Remote Code Execution Vulnerability

CVE-2024-38025

Windows Performance Monitor

Microsoft Windows Performance Data Helper Library Remote Code Execution Vulnerability

CVE-2024-38043

Windows PowerShell

PowerShell Elevation of Privilege Vulnerability

CVE-2024-38047

Windows PowerShell

PowerShell Elevation of Privilege Vulnerability

CVE-2024-38033

Windows PowerShell

PowerShell Elevation of Privilege Vulnerability

CVE-2024-30071

Windows Remote Access Connection Manager

Windows Remote Access Connection Manager Information Disclosure Vulnerability

CVE-2024-30079

Windows Remote Access Connection Manager

Windows Remote Access Connection Manager Elevation of Privilege Vulnerability

CVE-2024-38076

Windows Remote Desktop

Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability

CVE-2024-38015

Windows Remote Desktop

Windows Remote Desktop Gateway (RD Gateway) Denial of Service Vulnerability

CVE-2024-38071

Windows Remote Desktop Licensing Service

Windows Remote Desktop Licensing Service Denial of Service Vulnerability

CVE-2024-38073

Windows Remote Desktop Licensing Service

Windows Remote Desktop Licensing Service Denial of Service Vulnerability

CVE-2024-38074

Windows Remote Desktop Licensing Service

Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability

CVE-2024-38072

Windows Remote Desktop Licensing Service

Windows Remote Desktop Licensing Service Denial of Service Vulnerability

CVE-2024-38077

Windows Remote Desktop Licensing Service

Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability

CVE-2024-38099

Windows Remote Desktop Licensing Service

Windows Remote Desktop Licensing Service Denial of Service Vulnerability

CVE-2024-38065

Windows Secure Boot

Secure Boot Security Feature Bypass Vulnerability

CVE-2024-37986

Windows Secure Boot

Secure Boot Security Feature Bypass Vulnerability

CVE-2024-37981

Windows Secure Boot

Secure Boot Security Feature Bypass Vulnerability

CVE-2024-37987

Windows Secure Boot

Secure Boot Security Feature Bypass Vulnerability

CVE-2024-28899

Windows Secure Boot

Secure Boot Security Feature Bypass Vulnerability

CVE-2024-26184

Windows Secure Boot

Secure Boot Security Feature Bypass Vulnerability

CVE-2024-38011

Windows Secure Boot

Secure Boot Security Feature Bypass Vulnerability

CVE-2024-37984

Windows Secure Boot

Secure Boot Security Feature Bypass Vulnerability

CVE-2024-37988

Windows Secure Boot

Secure Boot Security Feature Bypass Vulnerability

CVE-2024-37977

Windows Secure Boot

Secure Boot Security Feature Bypass Vulnerability

CVE-2024-37978

Windows Secure Boot

Secure Boot Security Feature Bypass Vulnerability

CVE-2024-37974

Windows Secure Boot

Secure Boot Security Feature Bypass Vulnerability

CVE-2024-38010

Windows Secure Boot

Secure Boot Security Feature Bypass Vulnerability

CVE-2024-37989

Windows Secure Boot

Secure Boot Security Feature Bypass Vulnerability

CVE-2024-37970

Windows Secure Boot

Secure Boot Security Feature Bypass Vulnerability

CVE-2024-37975

Windows Secure Boot

Secure Boot Security Feature Bypass Vulnerability

CVE-2024-37972

Windows Secure Boot

Secure Boot Security Feature Bypass Vulnerability

CVE-2024-37973

Windows Secure Boot

Secure Boot Security Feature Bypass Vulnerability

CVE-2024-37971

Windows Secure Boot

Secure Boot Security Feature Bypass Vulnerability

CVE-2024-37969

Windows Secure Boot

Secure Boot Security Feature Bypass Vulnerability

CVE-2024-38013

Backup

Microsoft Windows Server Backup Elevation of Privilege Vulnerability

CVE-2024-38064

Windows TCP/IP

Windows TCP/IP Information Disclosure Vulnerability

CVE-2024-38030

Windows Themes

Windows Themes Spoofing Vulnerability

CVE-2024-38085

Windows Win32 Kernel Subsystem

Windows Graphics Component Elevation of Privilege Vulnerability

CVE-2024-38066

Windows Win32K – GRFX

Windows Win32k Elevation of Privilege Vulnerability

CVE-2024-38059

Windows Win32K – ICOMP

Win32k Elevation of Privilege Vulnerability

CVE-2024-38050

Windows Workstation Service

Windows Workstation Service Elevation of Privilege Vulnerability

CVE-2024-38032

XBox Crypto Graphic Services

Microsoft Xbox Remote Code Execution Vulnerability

CVE-2024-38078

XBox Crypto Graphic Services

Xbox Wireless Adapter Remote Code Execution Vulnerability

 

SourceMicrosoft
Luke Jones
Luke Jones
Luke has been writing about all things tech for more than five years. He is following Microsoft closely to bring you the latest news about Windows, Office, Azure, Skype, HoloLens and all the rest of their products.
Mastodon