At the moment is Microsoft’s June 2024 Patch Tuesday, which incorporates safety updates for 51 flaws, eighteen distant code execution flaws, and one publicly disclosed zero-day vulnerability.
This Patch Tuesday mounted 18 RCE flaws however just one crucial vulnerability, a distant code execution vulnerability in Microsoft Message Queuing (MSMQ).
The variety of bugs in every vulnerability class is listed under:
- 25 Elevation of Privilege Vulnerabilities
- 18 Distant Code Execution Vulnerabilities
- 3 Data Disclosure Vulnerabilities
- 5 Denial of Service Vulnerabilities
The whole depend of 51 flaws doesn’t embody 7 Microsoft Edge flaws mounted on June third.
To be taught extra in regards to the non-security updates launched at present, you may evaluation our devoted articles on the brand new Home windows 11 KB5039212 replace and the Home windows 10 KB5039211 replace.
One publicly disclosed zero-day
This month’s Patch Tuesday fixes one publicly disclosed zero-day, with no actively exploited flaw mounted at present.
Microsoft classifies a zero-day as a flaw publicly disclosed or actively exploited with no official repair accessible.
The publicly disclosed zero-day vulnerability is the beforehand disclosed ‘Keytrap’ assault within the DNS protocol that Microsoft has now mounted as a part of at present’s updates.
CVE-2023-50868 – MITRE: CVE-2023-50868 NSEC3 closest encloser proof can exhaust CPU
“CVE-2023-50868 is relating to a vulnerability in DNSSEC validation the place an attacker might exploit customary DNSSEC protocols meant for DNS integrity by utilizing extreme assets on a resolver, inflicting a denial of service for respectable customers. MITRE created this CVE on their behalf,” reads the Microsoft advisory.
This flaw was beforehand disclosed in February and patched in quite a few DNS implementations, together with BIND, PowerDNS, Unbound, Knot Resolver, and Dnsmasq.
Different fascinating vulnerabilities mounted this month embody a number of Microsoft Workplace distant code execution flaws, together with Microsoft Outlook RCEs that may be exploited from the preview pane.
Microsoft additionally mounted seven Home windows Kernel privilege elevation flaws that would enable a neighborhood attacker to realize SYSTEM privileges.
Current updates from different corporations
Different distributors who launched updates or advisories in June 2024 embody:
Sadly, we’ll not be linking to SAP’s Patch Tuesday safety updates as they’ve positioned them behind a buyer login.
The June 2024 Patch Tuesday Safety Updates
Beneath is the entire listing of resolved vulnerabilities within the June 2024 Patch Tuesday updates.
To entry the total description of every vulnerability and the methods it impacts, you may view the full report right here.
Tag | CVE ID | CVE Title | Severity |
---|---|---|---|
Azure Information Science Digital Machines | CVE-2024-37325 | Azure Science Digital Machine (DSVM) Elevation of Privilege Vulnerability | Vital |
Azure File Sync | CVE-2024-35253 | Microsoft Azure File Sync Elevation of Privilege Vulnerability | Vital |
Azure Monitor | CVE-2024-35254 | Azure Monitor Agent Elevation of Privilege Vulnerability | Vital |
Azure SDK | CVE-2024-35255 | Azure Identification Libraries and Microsoft Authentication Library Elevation of Privilege Vulnerability | Vital |
Azure Storage Library | CVE-2024-35252 | Azure Storage Motion Consumer Library Denial of Service Vulnerability | Vital |
Dynamics Enterprise Central | CVE-2024-35248 | Microsoft Dynamics 365 Enterprise Central Elevation of Privilege Vulnerability | Vital |
Dynamics Enterprise Central | CVE-2024-35249 | Microsoft Dynamics 365 Enterprise Central Distant Code Execution Vulnerability | Vital |
Microsoft Dynamics | CVE-2024-35263 | Microsoft Dynamics 365 (On-Premises) Data Disclosure Vulnerability | Vital |
Microsoft Edge (Chromium-based) | CVE-2024-5498 | Chromium: CVE-2024-5498 Use after free in Presentation API | Unknown |
Microsoft Edge (Chromium-based) | CVE-2024-5493 | Chromium: CVE-2024-5493 Heap buffer overflow in WebRTC | Unknown |
Microsoft Edge (Chromium-based) | CVE-2024-5497 | Chromium: CVE-2024-5497 Out of bounds reminiscence entry in Keyboard Inputs | Unknown |
Microsoft Edge (Chromium-based) | CVE-2024-5495 | Chromium: CVE-2024-5495 Use after free in Daybreak | Unknown |
Microsoft Edge (Chromium-based) | CVE-2024-5499 | Chromium: CVE-2024-5499 Out of bounds write in Streams API | Unknown |
Microsoft Edge (Chromium-based) | CVE-2024-5494 | Chromium: CVE-2024-5494 Use after free in Daybreak | Unknown |
Microsoft Edge (Chromium-based) | CVE-2024-5496 | Chromium: CVE-2024-5496 Use after free in Media Session | Unknown |
Microsoft Workplace | CVE-2024-30101 | Microsoft Workplace Distant Code Execution Vulnerability | Vital |
Microsoft Workplace | CVE-2024-30104 | Microsoft Workplace Distant Code Execution Vulnerability | Vital |
Microsoft Workplace Outlook | CVE-2024-30103 | Microsoft Outlook Distant Code Execution Vulnerability | Vital |
Microsoft Workplace SharePoint | CVE-2024-30100 | Microsoft SharePoint Server Distant Code Execution Vulnerability | Vital |
Microsoft Workplace Phrase | CVE-2024-30102 | Microsoft Workplace Distant Code Execution Vulnerability | Vital |
Microsoft Streaming Service | CVE-2024-30090 | Microsoft Streaming Service Elevation of Privilege Vulnerability | Vital |
Microsoft Streaming Service | CVE-2024-30089 | Microsoft Streaming Service Elevation of Privilege Vulnerability | Vital |
Microsoft WDAC OLE DB supplier for SQL | CVE-2024-30077 | Home windows OLE Distant Code Execution Vulnerability | Vital |
Microsoft Home windows | CVE-2023-50868 | MITRE: CVE-2023-50868 NSEC3 closest encloser proof can exhaust CPU | Vital |
Microsoft Home windows Speech | CVE-2024-30097 | Microsoft Speech Software Programming Interface (SAPI) Distant Code Execution Vulnerability | Vital |
Visible Studio | CVE-2024-30052 | Visible Studio Distant Code Execution Vulnerability | Vital |
Visible Studio | CVE-2024-29060 | Visible Studio Elevation of Privilege Vulnerability | Vital |
Visible Studio | CVE-2024-29187 | GitHub: CVE-2024-29187 WiX Burn-based bundles are susceptible to binary hijack when run as SYSTEM | Vital |
Home windows Cloud Recordsdata Mini Filter Driver | CVE-2024-30085 | Home windows Cloud Recordsdata Mini Filter Driver Elevation of Privilege Vulnerability | Vital |
Home windows Container Supervisor Service | CVE-2024-30076 | Home windows Container Supervisor Service Elevation of Privilege Vulnerability | Vital |
Home windows Cryptographic Companies | CVE-2024-30096 | Home windows Cryptographic Companies Data Disclosure Vulnerability | Vital |
Home windows DHCP Server | CVE-2024-30070 | DHCP Server Service Denial of Service Vulnerability | Vital |
Home windows Distributed File System (DFS) | CVE-2024-30063 | Home windows Distributed File System (DFS) Distant Code Execution Vulnerability | Vital |
Home windows Occasion Logging Service | CVE-2024-30072 | Microsoft Occasion Hint Log File Parsing Distant Code Execution Vulnerability | Vital |
Home windows Kernel | CVE-2024-30068 | Home windows Kernel Elevation of Privilege Vulnerability | Vital |
Home windows Kernel | CVE-2024-30064 | Home windows Kernel Elevation of Privilege Vulnerability | Vital |
Home windows Kernel-Mode Drivers | CVE-2024-30084 | Home windows Kernel-Mode Driver Elevation of Privilege Vulnerability | Vital |
Home windows Kernel-Mode Drivers | CVE-2024-35250 | Home windows Kernel-Mode Driver Elevation of Privilege Vulnerability | Vital |
Home windows Hyperlink Layer Topology Discovery Protocol | CVE-2024-30075 | Home windows Hyperlink Layer Topology Discovery Protocol Distant Code Execution Vulnerability | Vital |
Home windows Hyperlink Layer Topology Discovery Protocol | CVE-2024-30074 | Home windows Hyperlink Layer Topology Discovery Protocol Distant Code Execution Vulnerability | Vital |
Home windows NT OS Kernel | CVE-2024-30099 | Home windows Kernel Elevation of Privilege Vulnerability | Vital |
Home windows NT OS Kernel | CVE-2024-30088 | Home windows Kernel Elevation of Privilege Vulnerability | Vital |
Home windows Notion Service | CVE-2024-35265 | Home windows Notion Service Elevation of Privilege Vulnerability | Vital |
Home windows Distant Entry Connection Supervisor | CVE-2024-30069 | Home windows Distant Entry Connection Supervisor Data Disclosure Vulnerability | Vital |
Home windows Routing and Distant Entry Service (RRAS) | CVE-2024-30095 | Home windows Routing and Distant Entry Service (RRAS) Distant Code Execution Vulnerability | Vital |
Home windows Routing and Distant Entry Service (RRAS) | CVE-2024-30094 | Home windows Routing and Distant Entry Service (RRAS) Distant Code Execution Vulnerability | Vital |
Home windows Server Service | CVE-2024-30062 | Home windows Requirements-Primarily based Storage Administration Service Distant Code Execution Vulnerability | Vital |
Home windows Server Service | CVE-2024-30080 | Microsoft Message Queuing (MSMQ) Distant Code Execution Vulnerability | Crucial |
Home windows Requirements-Primarily based Storage Administration Service | CVE-2024-30083 | Home windows Requirements-Primarily based Storage Administration Service Denial of Service Vulnerability | Vital |
Home windows Storage | CVE-2024-30093 | Home windows Storage Elevation of Privilege Vulnerability | Vital |
Home windows Themes | CVE-2024-30065 | Home windows Themes Denial of Service Vulnerability | Vital |
Home windows Wi-Fi Driver | CVE-2024-30078 | Home windows Wi-Fi Driver Distant Code Execution Vulnerability | Vital |
Home windows Win32 Kernel Subsystem | CVE-2024-30086 | Home windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability | Vital |
Home windows Win32K – GRFX | CVE-2024-30087 | Win32k Elevation of Privilege Vulnerability | Vital |
Home windows Win32K – GRFX | CVE-2024-30091 | Win32k Elevation of Privilege Vulnerability | Vital |
Home windows Win32K – GRFX | CVE-2024-30082 | Win32k Elevation of Privilege Vulnerability | Vital |
Winlogon | CVE-2024-30067 | Winlogon Elevation of Privilege Vulnerability | Vital |
Winlogon | CVE-2024-30066 | Winlogon Elevation of Privilege Vulnerability | Vital |