July’s (2024) Microsoft Patch Tuesday Damage Report

** 2 Weeks After Patch Tuesday **

It’s certainly been an eventful month for IT operators… Obviously the biggest disruption to happen in the last two weeks was the Crowdstrike incident, albeit caused by themselves, not Microsoft. Regardless, if I didn’t call it out someone would Spongemock me, so it’s here. 

Moving on… Since my late post on Friday we’ve seen a couple of new reports. One off on-prem Exchange servers dorked before rebooting, Bitlocker bias against Windows 11, Windows 10 sometimes just generally slow to complete the update and more…

Server 2022

• Huge numbers of empty security logs for certain event IDs

Server 2019

• Unable to complete upgrade/failover on MSMQ clusters

Server 2016

• On-prem Exchange servers down until reboot

Windows 11

• Bitlocker recovery screens after rebooting

Windows 10

• Device lockup after user login
• Network drive access lost

Crowdstrike

• Widespread blue screen due to bad channel file

To stay in the loop on social media check out the comments on LinkedIn and Reddit.

---

** 72 Hours After Patch Tuesday **

Delayed a few hours… thanks United, but here it is:

This is only my second month of official Damage Reports, but I’ve been tracking Patch Tuesday disruptions for a while now and this is the first in over a year with Blue Screen of Death reports with Signed Windows Defender … Strap in, this one’s a doozy.

In addition to the BSoD claim, broken RADIUS authentication with multiple 3rd parties (CheckPoint Firewalls and NPS Azure MFA, for example), inability to edit registry settings with GPO, Remote Desktop Gateway crashes and other disruptions abound.  Some minor reports like monitors and printers being dorked too..

Server 2022

• Users unable to authenticate with NPS Azure MFA plugin
• SAP printing issues 
• Remote Desktop Gateway crashes

Server 2019

• SAP printing issues
• Remote Desktop Gateway crashes

Windows Server 2016

• Users unable to authenticate with NPS Azure MFA plugin

Windows 10

• Blue Screen of Death when signed Windows Defender Application Control policies exist
• Users unable to authenticate with NPS Azure MFA plugin

Checkpoint Firewall

• Management RADIUS Authentication not working after update

To stay in the loop on social media check out the comments on LinkedIn and Reddit.

---

July 2024 – Patch Tuesday is here 🙂

139 vulnerabilities addressed (not including 4 others for Chromium and non-MSFT products), 4 Criticals, 1 Zero Day (Exploit Code Exists), 4 Proof of Concepts/Exploit Code Exists

Zero Day:

• CVE-2024-38112 – Windows MSHTML Platform – Exploit Code Maturity: Functional

Vulnerabilities with Exploit Code:

• CVE-2024-35261 – Azure Network Watcher – Exploit Code Maturity: Proof of Concept

• CVE-2024-38017 – Windows Message Queuing – Exploit Code Maturity: Proof of Concept

• CVE-2024-38092 – Azure CycleCloud – Exploit Code Maturity: Proof of Concept

• CVE-2024-38112 – Windows MSHTML Platform – Exploit Code Maturity: Functional

Follow the conversation on LinkedIn!

Check out all of the details surrounding Microsoft’s July updates Sources on their Release Notes page