Microsoft June 2024 Patch Tuesday fixes 51 flaws, 18 RCEs

Microsoft May 2024 Patch Tuesday fixes 3 zero-days, 61 flaws


Today is Microsoft’s June 2024 Patch Tuesday, which includes security updates for 51 flaws, eighteen remote code execution flaws, and one publicly disclosed zero-day vulnerability.

This Patch Tuesday fixed 18 RCE flaws but only one critical vulnerability, a remote code execution vulnerability in Microsoft Message Queuing (MSMQ).

The number of bugs in each vulnerability category is listed below:

  • 25 Elevation of Privilege Vulnerabilities
  • 18 Remote Code Execution Vulnerabilities
  • 3 Information Disclosure Vulnerabilities
  • 5 Denial of Service Vulnerabilities

The total count of 51 flaws does not include 7 Microsoft Edge flaws fixed on June 3rd.

To learn more about the non-security updates released today, you can review our dedicated articles on the new Windows 11 KB5039212 update and the Windows 10 KB5039211 update.

One publicly disclosed zero-day

This month’s Patch Tuesday fixes one publicly disclosed zero-day, with no actively exploited flaw fixed today.

Microsoft classifies a zero-day as a flaw publicly disclosed or actively exploited with no official fix available.

The publicly disclosed zero-day vulnerability is the previously disclosed ‘Keytrap’ attack in the DNS protocol that Microsoft has now fixed as part of today’s updates.

CVE-2023-50868 – MITRE: CVE-2023-50868 NSEC3 closest encloser proof can exhaust CPU

CVE-2023-50868 is regarding a vulnerability in DNSSEC validation where an attacker could exploit standard DNSSEC protocols intended for DNS integrity by using excessive resources on a resolver, causing a denial of service for legitimate users. MITRE created this CVE on their behalf,” reads the Microsoft advisory.

This flaw was previously disclosed in February and patched in numerous DNS implementations, including BIND, PowerDNS, Unbound, Knot Resolver, and Dnsmasq.

Other interesting vulnerabilities fixed this month include multiple Microsoft Office remote code execution flaws, including Microsoft Outlook RCEs that can be exploited from the preview pane.

Microsoft also fixed seven Windows Kernel privilege elevation flaws that could allow a local attacker to gain SYSTEM privileges.

Recent updates from other companies

Other vendors who released updates or advisories in June 2024 include:

Unfortunately, we will no longer be linking to SAP’s Patch Tuesday security updates as they have placed them behind a customer login.

The June 2024 Patch Tuesday Security Updates

Below is the complete list of resolved vulnerabilities in the June 2024 Patch Tuesday updates.

To access the full description of each vulnerability and the systems it affects, you can view the full report here.

Tag CVE ID CVE Title Severity
Azure Data Science Virtual Machines CVE-2024-37325 Azure Science Virtual Machine (DSVM) Elevation of Privilege Vulnerability Important
Azure File Sync CVE-2024-35253 Microsoft Azure File Sync Elevation of Privilege Vulnerability Important
Azure Monitor CVE-2024-35254 Azure Monitor Agent Elevation of Privilege Vulnerability Important
Azure SDK CVE-2024-35255 Azure Identity Libraries and Microsoft Authentication Library Elevation of Privilege Vulnerability Important
Azure Storage Library CVE-2024-35252 Azure Storage Movement Client Library Denial of Service Vulnerability Important
Dynamics Business Central CVE-2024-35248 Microsoft Dynamics 365 Business Central Elevation of Privilege Vulnerability Important
Dynamics Business Central CVE-2024-35249 Microsoft Dynamics 365 Business Central Remote Code Execution Vulnerability Important
Microsoft Dynamics CVE-2024-35263 Microsoft Dynamics 365 (On-Premises) Information Disclosure Vulnerability Important
Microsoft Edge (Chromium-based) CVE-2024-5498 Chromium: CVE-2024-5498 Use after free in Presentation API Unknown
Microsoft Edge (Chromium-based) CVE-2024-5493 Chromium: CVE-2024-5493 Heap buffer overflow in WebRTC Unknown
Microsoft Edge (Chromium-based) CVE-2024-5497 Chromium: CVE-2024-5497 Out of bounds memory access in Keyboard Inputs Unknown
Microsoft Edge (Chromium-based) CVE-2024-5495 Chromium: CVE-2024-5495 Use after free in Dawn Unknown
Microsoft Edge (Chromium-based) CVE-2024-5499 Chromium: CVE-2024-5499 Out of bounds write in Streams API Unknown
Microsoft Edge (Chromium-based) CVE-2024-5494 Chromium: CVE-2024-5494 Use after free in Dawn Unknown
Microsoft Edge (Chromium-based) CVE-2024-5496 Chromium: CVE-2024-5496 Use after free in Media Session Unknown
Microsoft Office CVE-2024-30101 Microsoft Office Remote Code Execution Vulnerability Important
Microsoft Office CVE-2024-30104 Microsoft Office Remote Code Execution Vulnerability Important
Microsoft Office Outlook CVE-2024-30103 Microsoft Outlook Remote Code Execution Vulnerability Important
Microsoft Office SharePoint CVE-2024-30100 Microsoft SharePoint Server Remote Code Execution Vulnerability Important
Microsoft Office Word CVE-2024-30102 Microsoft Office Remote Code Execution Vulnerability Important
Microsoft Streaming Service CVE-2024-30090 Microsoft Streaming Service Elevation of Privilege Vulnerability Important
Microsoft Streaming Service CVE-2024-30089 Microsoft Streaming Service Elevation of Privilege Vulnerability Important
Microsoft WDAC OLE DB provider for SQL CVE-2024-30077 Windows OLE Remote Code Execution Vulnerability Important
Microsoft Windows CVE-2023-50868 MITRE: CVE-2023-50868 NSEC3 closest encloser proof can exhaust CPU Important
Microsoft Windows Speech CVE-2024-30097 Microsoft Speech Application Programming Interface (SAPI) Remote Code Execution Vulnerability Important
Visual Studio CVE-2024-30052 Visual Studio Remote Code Execution Vulnerability Important
Visual Studio CVE-2024-29060 Visual Studio Elevation of Privilege Vulnerability Important
Visual Studio CVE-2024-29187 GitHub: CVE-2024-29187 WiX Burn-based bundles are vulnerable to binary hijack when run as SYSTEM Important
Windows Cloud Files Mini Filter Driver CVE-2024-30085 Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability Important
Windows Container Manager Service CVE-2024-30076 Windows Container Manager Service Elevation of Privilege Vulnerability Important
Windows Cryptographic Services CVE-2024-30096 Windows Cryptographic Services Information Disclosure Vulnerability Important
Windows DHCP Server CVE-2024-30070 DHCP Server Service Denial of Service Vulnerability Important
Windows Distributed File System (DFS) CVE-2024-30063 Windows Distributed File System (DFS) Remote Code Execution Vulnerability Important
Windows Event Logging Service CVE-2024-30072 Microsoft Event Trace Log File Parsing Remote Code Execution Vulnerability Important
Windows Kernel CVE-2024-30068 Windows Kernel Elevation of Privilege Vulnerability Important
Windows Kernel CVE-2024-30064 Windows Kernel Elevation of Privilege Vulnerability Important
Windows Kernel-Mode Drivers CVE-2024-30084 Windows Kernel-Mode Driver Elevation of Privilege Vulnerability Important
Windows Kernel-Mode Drivers CVE-2024-35250 Windows Kernel-Mode Driver Elevation of Privilege Vulnerability Important
Windows Link Layer Topology Discovery Protocol CVE-2024-30075 Windows Link Layer Topology Discovery Protocol Remote Code Execution Vulnerability Important
Windows Link Layer Topology Discovery Protocol CVE-2024-30074 Windows Link Layer Topology Discovery Protocol Remote Code Execution Vulnerability Important
Windows NT OS Kernel CVE-2024-30099 Windows Kernel Elevation of Privilege Vulnerability Important
Windows NT OS Kernel CVE-2024-30088 Windows Kernel Elevation of Privilege Vulnerability Important
Windows Perception Service CVE-2024-35265 Windows Perception Service Elevation of Privilege Vulnerability Important
Windows Remote Access Connection Manager CVE-2024-30069 Windows Remote Access Connection Manager Information Disclosure Vulnerability Important
Windows Routing and Remote Access Service (RRAS) CVE-2024-30095 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability Important
Windows Routing and Remote Access Service (RRAS) CVE-2024-30094 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability Important
Windows Server Service CVE-2024-30062 Windows Standards-Based Storage Management Service Remote Code Execution Vulnerability Important
Windows Server Service CVE-2024-30080 Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability Critical
Windows Standards-Based Storage Management Service CVE-2024-30083 Windows Standards-Based Storage Management Service Denial of Service Vulnerability Important
Windows Storage CVE-2024-30093 Windows Storage Elevation of Privilege Vulnerability Important
Windows Themes CVE-2024-30065 Windows Themes Denial of Service Vulnerability Important
Windows Wi-Fi Driver CVE-2024-30078 Windows Wi-Fi Driver Remote Code Execution Vulnerability Important
Windows Win32 Kernel Subsystem CVE-2024-30086 Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability Important
Windows Win32K – GRFX CVE-2024-30087 Win32k Elevation of Privilege Vulnerability Important
Windows Win32K – GRFX CVE-2024-30091 Win32k Elevation of Privilege Vulnerability Important
Windows Win32K – GRFX CVE-2024-30082 Win32k Elevation of Privilege Vulnerability Important
Winlogon CVE-2024-30067 Winlogon Elevation of Privilege Vulnerability Important
Winlogon CVE-2024-30066 Winlogon Elevation of Privilege Vulnerability Important



Source link
lol

Today is Microsoft’s June 2024 Patch Tuesday, which includes security updates for 51 flaws, eighteen remote code execution flaws, and one publicly disclosed zero-day vulnerability. This Patch Tuesday fixed 18 RCE flaws but only one critical vulnerability, a remote code execution vulnerability in Microsoft Message Queuing (MSMQ). The number of bugs in each vulnerability category is…

Leave a Reply

Your email address will not be published. Required fields are marked *