Overview
Microsoft(https://www.microsoft.com) has released a security update that fixes vulnerabilities in products it has supplied. Users of affected products are advised to update to the latest version.
Affected Products
GroupMe Products
Resolved Vulnerabilities
Two vulnerabilities rated Critical and zero rated Important were discovered.
Vulnerability in GroupMe improperly limiting excessive authentication attempts, which could allow an unauthenticated attacker to escalate privileges on the network (CVE-2024-38176)
Improper access control vulnerability in GroupMe that could allow an unauthenticated attacker to elevate privileges on the network by tricking users into clicking a malicious link (CVE-2024-38164)
Vulnerability Patches
The following product-specific Vulnerability Patches were made available in the July 23, 2024 Update Please use the Windows Update feature for automatic installation or refer to the URLs in the product information below to download and install.
CVE-2024-38176
- See references [2] “Security Updates” for updates
CVE-2024-38164
- See references [4] “Security Updates” for update
references
[1] CVE-2024-38176 Detail
https://nvd.nist.gov/vuln/detail/cve-2024-38176
[2] GroupMe Elevation of Privilege Vulnerability
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38176
[3] CVE-2024-38164 Detail
https://nvd.nist.gov/vuln/detail/cve-2024-38164
[4] GroupMe Elevation of Privilege Vulnerability
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38164
Article Link: MS Family July 2024 Routine Security Update Advisory – ASEC