MS Family July 2024 Routine Security Update Advisory

Overview

 

Microsoft(https://www.microsoft.com) has released a security update that fixes vulnerabilities in products it has supplied. Users of affected products are advised to update to the latest version.

 

Affected Products

 

GroupMe Products

 

Resolved Vulnerabilities

 

Two vulnerabilities rated Critical and zero rated Important were discovered.

Vulnerability in GroupMe improperly limiting excessive authentication attempts, which could allow an unauthenticated attacker to escalate privileges on the network (CVE-2024-38176)

Improper access control vulnerability in GroupMe that could allow an unauthenticated attacker to elevate privileges on the network by tricking users into clicking a malicious link (CVE-2024-38164)

 

Vulnerability Patches

 

The following product-specific Vulnerability Patches were made available in the July 23, 2024 Update Please use the Windows Update feature for automatic installation or refer to the URLs in the product information below to download and install.

 

CVE-2024-38176

  • See references [2] “Security Updates” for updates

 

CVE-2024-38164

  • See references [4] “Security Updates” for update

 

references

 

[1] CVE-2024-38176 Detail

https://nvd.nist.gov/vuln/detail/cve-2024-38176

[2] GroupMe Elevation of Privilege Vulnerability

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38176

[3] CVE-2024-38164 Detail

https://nvd.nist.gov/vuln/detail/cve-2024-38164

[4] GroupMe Elevation of Privilege Vulnerability

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38164

Article Link: MS Family July 2024 Routine Security Update Advisory – ASEC