Right now is Microsoft’s June 2024 Patch Tuesday, which incorporates safety updates for 51 flaws, eighteen distant code execution flaws, and one publicly disclosed zero-day vulnerability.
This Patch Tuesday fastened 18 RCE flaws however just one crucial vulnerability, a distant code execution vulnerability in Microsoft Message Queuing (MSMQ).
The variety of bugs in every vulnerability class is listed beneath:
- 25 Elevation of Privilege Vulnerabilities
- 18 Distant Code Execution Vulnerabilities
- 3 Data Disclosure Vulnerabilities
- 5 Denial of Service Vulnerabilities
The full rely of 51 flaws doesn’t embrace 7 Microsoft Edge flaws fastened on June third.
One publicly disclosed zero-day
This month’s Patch Tuesday fixes one publicly disclosed zero-day, with no actively exploited flaw fastened in the present day.
Microsoft classifies a zero-day as a flaw publicly disclosed or actively exploited with no official repair accessible.
The publicly disclosed zero-day vulnerability is the beforehand disclosed ‘Keytrap’ assault within the DNS protocol that Microsoft has now fastened as a part of in the present day’s updates.
CVE-2023-50868 – MITRE: CVE-2023-50868 NSEC3 closest encloser proof can exhaust CPU
“CVE-2023-50868 is regarding a vulnerability in DNSSEC validation where an attacker could exploit standard DNSSEC protocols intended for DNS integrity by using excessive resources on a resolver, causing a denial of service for legitimate users. MITRE created this CVE on their behalf,” reads the Microsoft advisory.
This flaw was beforehand disclosed in February and patched in quite a few DNS implementations, together with BIND, PowerDNS, Unbound, Knot Resolver, and Dnsmasq.
Different attention-grabbing vulnerabilities fastened this month embrace a number of Microsoft Workplace distant code execution flaws, together with Microsoft Outlook RCEs that may be exploited from the preview pane.
Microsoft additionally fastened seven Home windows Kernel privilege elevation flaws that might enable a neighborhood attacker to realize SYSTEM privileges.
Current updates from different corporations
Different distributors who launched updates or advisories in June 2024 embrace:
Sadly, we are going to now not be linking to SAP’s Patch Tuesday safety updates as they’ve positioned them behind a buyer login.
The June 2024 Patch Tuesday Safety Updates
Beneath is the whole listing of resolved vulnerabilities within the June 2024 Patch Tuesday updates.
To entry the total description of every vulnerability and the techniques it impacts, you’ll be able to view the full report right here.
| Tag | CVE ID | CVE Title | Severity |
|---|---|---|---|
| Azure Information Science Digital Machines | CVE-2024-37325 | Azure Science Digital Machine (DSVM) Elevation of Privilege Vulnerability | Vital |
| Azure File Sync | CVE-2024-35253 | Microsoft Azure File Sync Elevation of Privilege Vulnerability | Vital |
| Azure Monitor | CVE-2024-35254 | Azure Monitor Agent Elevation of Privilege Vulnerability | Vital |
| Azure SDK | CVE-2024-35255 | Azure Identification Libraries and Microsoft Authentication Library Elevation of Privilege Vulnerability | Vital |
| Azure Storage Library | CVE-2024-35252 | Azure Storage Motion Shopper Library Denial of Service Vulnerability | Vital |
| Dynamics Enterprise Central | CVE-2024-35248 | Microsoft Dynamics 365 Enterprise Central Elevation of Privilege Vulnerability | Vital |
| Dynamics Enterprise Central | CVE-2024-35249 | Microsoft Dynamics 365 Enterprise Central Distant Code Execution Vulnerability | Vital |
| Microsoft Dynamics | CVE-2024-35263 | Microsoft Dynamics 365 (On-Premises) Data Disclosure Vulnerability | Vital |
| Microsoft Edge (Chromium-based) | CVE-2024-5498 | Chromium: CVE-2024-5498 Use after free in Presentation API | Unknown |
| Microsoft Edge (Chromium-based) | CVE-2024-5493 | Chromium: CVE-2024-5493 Heap buffer overflow in WebRTC | Unknown |
| Microsoft Edge (Chromium-based) | CVE-2024-5497 | Chromium: CVE-2024-5497 Out of bounds reminiscence entry in Keyboard Inputs | Unknown |
| Microsoft Edge (Chromium-based) | CVE-2024-5495 | Chromium: CVE-2024-5495 Use after free in Daybreak | Unknown |
| Microsoft Edge (Chromium-based) | CVE-2024-5499 | Chromium: CVE-2024-5499 Out of bounds write in Streams API | Unknown |
| Microsoft Edge (Chromium-based) | CVE-2024-5494 | Chromium: CVE-2024-5494 Use after free in Daybreak | Unknown |
| Microsoft Edge (Chromium-based) | CVE-2024-5496 | Chromium: CVE-2024-5496 Use after free in Media Session | Unknown |
| Microsoft Workplace | CVE-2024-30101 | Microsoft Workplace Distant Code Execution Vulnerability | Vital |
| Microsoft Workplace | CVE-2024-30104 | Microsoft Workplace Distant Code Execution Vulnerability | Vital |
| Microsoft Workplace Outlook | CVE-2024-30103 | Microsoft Outlook Distant Code Execution Vulnerability | Vital |
| Microsoft Workplace SharePoint | CVE-2024-30100 | Microsoft SharePoint Server Distant Code Execution Vulnerability | Vital |
| Microsoft Workplace Phrase | CVE-2024-30102 | Microsoft Workplace Distant Code Execution Vulnerability | Vital |
| Microsoft Streaming Service | CVE-2024-30090 | Microsoft Streaming Service Elevation of Privilege Vulnerability | Vital |
| Microsoft Streaming Service | CVE-2024-30089 | Microsoft Streaming Service Elevation of Privilege Vulnerability | Vital |
| Microsoft WDAC OLE DB supplier for SQL | CVE-2024-30077 | Home windows OLE Distant Code Execution Vulnerability | Vital |
| Microsoft Home windows | CVE-2023-50868 | MITRE: CVE-2023-50868 NSEC3 closest encloser proof can exhaust CPU | Vital |
| Microsoft Home windows Speech | CVE-2024-30097 | Microsoft Speech Software Programming Interface (SAPI) Distant Code Execution Vulnerability | Vital |
| Visible Studio | CVE-2024-30052 | Visible Studio Distant Code Execution Vulnerability | Vital |
| Visible Studio | CVE-2024-29060 | Visible Studio Elevation of Privilege Vulnerability | Vital |
| Visible Studio | CVE-2024-29187 | GitHub: CVE-2024-29187 WiX Burn-based bundles are weak to binary hijack when run as SYSTEM | Vital |
| Home windows Cloud Information Mini Filter Driver | CVE-2024-30085 | Home windows Cloud Information Mini Filter Driver Elevation of Privilege Vulnerability | Vital |
| Home windows Container Supervisor Service | CVE-2024-30076 | Home windows Container Supervisor Service Elevation of Privilege Vulnerability | Vital |
| Home windows Cryptographic Companies | CVE-2024-30096 | Home windows Cryptographic Companies Data Disclosure Vulnerability | Vital |
| Home windows DHCP Server | CVE-2024-30070 | DHCP Server Service Denial of Service Vulnerability | Vital |
| Home windows Distributed File System (DFS) | CVE-2024-30063 | Home windows Distributed File System (DFS) Distant Code Execution Vulnerability | Vital |
| Home windows Occasion Logging Service | CVE-2024-30072 | Microsoft Occasion Hint Log File Parsing Distant Code Execution Vulnerability | Vital |
| Home windows Kernel | CVE-2024-30068 | Home windows Kernel Elevation of Privilege Vulnerability | Vital |
| Home windows Kernel | CVE-2024-30064 | Home windows Kernel Elevation of Privilege Vulnerability | Vital |
| Home windows Kernel-Mode Drivers | CVE-2024-30084 | Home windows Kernel-Mode Driver Elevation of Privilege Vulnerability | Vital |
| Home windows Kernel-Mode Drivers | CVE-2024-35250 | Home windows Kernel-Mode Driver Elevation of Privilege Vulnerability | Vital |
| Home windows Hyperlink Layer Topology Discovery Protocol | CVE-2024-30075 | Home windows Hyperlink Layer Topology Discovery Protocol Distant Code Execution Vulnerability | Vital |
| Home windows Hyperlink Layer Topology Discovery Protocol | CVE-2024-30074 | Home windows Hyperlink Layer Topology Discovery Protocol Distant Code Execution Vulnerability | Vital |
| Home windows NT OS Kernel | CVE-2024-30099 | Home windows Kernel Elevation of Privilege Vulnerability | Vital |
| Home windows NT OS Kernel | CVE-2024-30088 | Home windows Kernel Elevation of Privilege Vulnerability | Vital |
| Home windows Notion Service | CVE-2024-35265 | Home windows Notion Service Elevation of Privilege Vulnerability | Vital |
| Home windows Distant Entry Connection Supervisor | CVE-2024-30069 | Home windows Distant Entry Connection Supervisor Data Disclosure Vulnerability | Vital |
| Home windows Routing and Distant Entry Service (RRAS) | CVE-2024-30095 | Home windows Routing and Distant Entry Service (RRAS) Distant Code Execution Vulnerability | Vital |
| Home windows Routing and Distant Entry Service (RRAS) | CVE-2024-30094 | Home windows Routing and Distant Entry Service (RRAS) Distant Code Execution Vulnerability | Vital |
| Home windows Server Service | CVE-2024-30062 | Home windows Requirements-Based mostly Storage Administration Service Distant Code Execution Vulnerability | Vital |
| Home windows Server Service | CVE-2024-30080 | Microsoft Message Queuing (MSMQ) Distant Code Execution Vulnerability | Essential |
| Home windows Requirements-Based mostly Storage Administration Service | CVE-2024-30083 | Home windows Requirements-Based mostly Storage Administration Service Denial of Service Vulnerability | Vital |
| Home windows Storage | CVE-2024-30093 | Home windows Storage Elevation of Privilege Vulnerability | Vital |
| Home windows Themes | CVE-2024-30065 | Home windows Themes Denial of Service Vulnerability | Vital |
| Home windows Wi-Fi Driver | CVE-2024-30078 | Home windows Wi-Fi Driver Distant Code Execution Vulnerability | Vital |
| Home windows Win32 Kernel Subsystem | CVE-2024-30086 | Home windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability | Vital |
| Home windows Win32K – GRFX | CVE-2024-30087 | Win32k Elevation of Privilege Vulnerability | Vital |
| Home windows Win32K – GRFX | CVE-2024-30091 | Win32k Elevation of Privilege Vulnerability | Vital |
| Home windows Win32K – GRFX | CVE-2024-30082 | Win32k Elevation of Privilege Vulnerability | Vital |
| Winlogon | CVE-2024-30067 | Winlogon Elevation of Privilege Vulnerability | Vital |
| Winlogon | CVE-2024-30066 | Winlogon Elevation of Privilege Vulnerability | Vital |
