Search here...
Cyber Security

Microsoft June 2024 Patch Tuesday fixes 51 flaws, 18 RCEs

admin
admin

Right now is Microsoft’s June 2024 Patch Tuesday, which incorporates safety updates for 51 flaws, eighteen distant code execution flaws, and one publicly disclosed zero-day vulnerability.

This Patch Tuesday fastened 18 RCE flaws however just one crucial vulnerability, a distant code execution vulnerability in Microsoft Message Queuing (MSMQ).

The variety of bugs in every vulnerability class is listed beneath:

  • 25 Elevation of Privilege Vulnerabilities
  • 18 Distant Code Execution Vulnerabilities
  • 3 Data Disclosure Vulnerabilities
  • 5 Denial of Service Vulnerabilities

The full rely of 51 flaws doesn’t embrace 7 Microsoft Edge flaws fastened on June third.

One publicly disclosed zero-day

This month’s Patch Tuesday fixes one publicly disclosed zero-day, with no actively exploited flaw fastened in the present day.

Microsoft classifies a zero-day as a flaw publicly disclosed or actively exploited with no official repair accessible.

The publicly disclosed zero-day vulnerability is the beforehand disclosed ‘Keytrap’ assault within the DNS protocol that Microsoft has now fastened as a part of in the present day’s updates.

CVE-2023-50868 – MITRE: CVE-2023-50868 NSEC3 closest encloser proof can exhaust CPU

CVE-2023-50868 is regarding a vulnerability in DNSSEC validation where an attacker could exploit standard DNSSEC protocols intended for DNS integrity by using excessive resources on a resolver, causing a denial of service for legitimate users. MITRE created this CVE on their behalf,” reads the Microsoft advisory.

This flaw was beforehand disclosed in February and patched in quite a few DNS implementations, together with BIND, PowerDNS, Unbound, Knot Resolver, and Dnsmasq.

Different attention-grabbing vulnerabilities fastened this month embrace a number of Microsoft Workplace distant code execution flaws, together with Microsoft Outlook RCEs that may be exploited from the preview pane.

Microsoft additionally fastened seven Home windows Kernel privilege elevation flaws that might enable a neighborhood attacker to realize SYSTEM privileges.

Current updates from different corporations

Different distributors who launched updates or advisories in June 2024 embrace:

Sadly, we are going to now not be linking to SAP’s Patch Tuesday safety updates as they’ve positioned them behind a buyer login.

The June 2024 Patch Tuesday Safety Updates

Beneath is the whole listing of resolved vulnerabilities within the June 2024 Patch Tuesday updates.

To entry the total description of every vulnerability and the techniques it impacts, you’ll be able to view the full report right here.

Tag CVE ID CVE Title Severity
Azure Information Science Digital Machines CVE-2024-37325 Azure Science Digital Machine (DSVM) Elevation of Privilege Vulnerability Vital
Azure File Sync CVE-2024-35253 Microsoft Azure File Sync Elevation of Privilege Vulnerability Vital
Azure Monitor CVE-2024-35254 Azure Monitor Agent Elevation of Privilege Vulnerability Vital
Azure SDK CVE-2024-35255 Azure Identification Libraries and Microsoft Authentication Library Elevation of Privilege Vulnerability Vital
Azure Storage Library CVE-2024-35252 Azure Storage Motion Shopper Library Denial of Service Vulnerability Vital
Dynamics Enterprise Central CVE-2024-35248 Microsoft Dynamics 365 Enterprise Central Elevation of Privilege Vulnerability Vital
Dynamics Enterprise Central CVE-2024-35249 Microsoft Dynamics 365 Enterprise Central Distant Code Execution Vulnerability Vital
Microsoft Dynamics CVE-2024-35263 Microsoft Dynamics 365 (On-Premises) Data Disclosure Vulnerability Vital
Microsoft Edge (Chromium-based) CVE-2024-5498 Chromium: CVE-2024-5498 Use after free in Presentation API Unknown
Microsoft Edge (Chromium-based) CVE-2024-5493 Chromium: CVE-2024-5493 Heap buffer overflow in WebRTC Unknown
Microsoft Edge (Chromium-based) CVE-2024-5497 Chromium: CVE-2024-5497 Out of bounds reminiscence entry in Keyboard Inputs Unknown
Microsoft Edge (Chromium-based) CVE-2024-5495 Chromium: CVE-2024-5495 Use after free in Daybreak Unknown
Microsoft Edge (Chromium-based) CVE-2024-5499 Chromium: CVE-2024-5499 Out of bounds write in Streams API Unknown
Microsoft Edge (Chromium-based) CVE-2024-5494 Chromium: CVE-2024-5494 Use after free in Daybreak Unknown
Microsoft Edge (Chromium-based) CVE-2024-5496 Chromium: CVE-2024-5496 Use after free in Media Session Unknown
Microsoft Workplace CVE-2024-30101 Microsoft Workplace Distant Code Execution Vulnerability Vital
Microsoft Workplace CVE-2024-30104 Microsoft Workplace Distant Code Execution Vulnerability Vital
Microsoft Workplace Outlook CVE-2024-30103 Microsoft Outlook Distant Code Execution Vulnerability Vital
Microsoft Workplace SharePoint CVE-2024-30100 Microsoft SharePoint Server Distant Code Execution Vulnerability Vital
Microsoft Workplace Phrase CVE-2024-30102 Microsoft Workplace Distant Code Execution Vulnerability Vital
Microsoft Streaming Service CVE-2024-30090 Microsoft Streaming Service Elevation of Privilege Vulnerability Vital
Microsoft Streaming Service CVE-2024-30089 Microsoft Streaming Service Elevation of Privilege Vulnerability Vital
Microsoft WDAC OLE DB supplier for SQL CVE-2024-30077 Home windows OLE Distant Code Execution Vulnerability Vital
Microsoft Home windows CVE-2023-50868 MITRE: CVE-2023-50868 NSEC3 closest encloser proof can exhaust CPU Vital
Microsoft Home windows Speech CVE-2024-30097 Microsoft Speech Software Programming Interface (SAPI) Distant Code Execution Vulnerability Vital
Visible Studio CVE-2024-30052 Visible Studio Distant Code Execution Vulnerability Vital
Visible Studio CVE-2024-29060 Visible Studio Elevation of Privilege Vulnerability Vital
Visible Studio CVE-2024-29187 GitHub: CVE-2024-29187 WiX Burn-based bundles are weak to binary hijack when run as SYSTEM Vital
Home windows Cloud Information Mini Filter Driver CVE-2024-30085 Home windows Cloud Information Mini Filter Driver Elevation of Privilege Vulnerability Vital
Home windows Container Supervisor Service CVE-2024-30076 Home windows Container Supervisor Service Elevation of Privilege Vulnerability Vital
Home windows Cryptographic Companies CVE-2024-30096 Home windows Cryptographic Companies Data Disclosure Vulnerability Vital
Home windows DHCP Server CVE-2024-30070 DHCP Server Service Denial of Service Vulnerability Vital
Home windows Distributed File System (DFS) CVE-2024-30063 Home windows Distributed File System (DFS) Distant Code Execution Vulnerability Vital
Home windows Occasion Logging Service CVE-2024-30072 Microsoft Occasion Hint Log File Parsing Distant Code Execution Vulnerability Vital
Home windows Kernel CVE-2024-30068 Home windows Kernel Elevation of Privilege Vulnerability Vital
Home windows Kernel CVE-2024-30064 Home windows Kernel Elevation of Privilege Vulnerability Vital
Home windows Kernel-Mode Drivers CVE-2024-30084 Home windows Kernel-Mode Driver Elevation of Privilege Vulnerability Vital
Home windows Kernel-Mode Drivers CVE-2024-35250 Home windows Kernel-Mode Driver Elevation of Privilege Vulnerability Vital
Home windows Hyperlink Layer Topology Discovery Protocol CVE-2024-30075 Home windows Hyperlink Layer Topology Discovery Protocol Distant Code Execution Vulnerability Vital
Home windows Hyperlink Layer Topology Discovery Protocol CVE-2024-30074 Home windows Hyperlink Layer Topology Discovery Protocol Distant Code Execution Vulnerability Vital
Home windows NT OS Kernel CVE-2024-30099 Home windows Kernel Elevation of Privilege Vulnerability Vital
Home windows NT OS Kernel CVE-2024-30088 Home windows Kernel Elevation of Privilege Vulnerability Vital
Home windows Notion Service CVE-2024-35265 Home windows Notion Service Elevation of Privilege Vulnerability Vital
Home windows Distant Entry Connection Supervisor CVE-2024-30069 Home windows Distant Entry Connection Supervisor Data Disclosure Vulnerability Vital
Home windows Routing and Distant Entry Service (RRAS) CVE-2024-30095 Home windows Routing and Distant Entry Service (RRAS) Distant Code Execution Vulnerability Vital
Home windows Routing and Distant Entry Service (RRAS) CVE-2024-30094 Home windows Routing and Distant Entry Service (RRAS) Distant Code Execution Vulnerability Vital
Home windows Server Service CVE-2024-30062 Home windows Requirements-Based mostly Storage Administration Service Distant Code Execution Vulnerability Vital
Home windows Server Service CVE-2024-30080 Microsoft Message Queuing (MSMQ) Distant Code Execution Vulnerability Essential
Home windows Requirements-Based mostly Storage Administration Service CVE-2024-30083 Home windows Requirements-Based mostly Storage Administration Service Denial of Service Vulnerability Vital
Home windows Storage CVE-2024-30093 Home windows Storage Elevation of Privilege Vulnerability Vital
Home windows Themes CVE-2024-30065 Home windows Themes Denial of Service Vulnerability Vital
Home windows Wi-Fi Driver CVE-2024-30078 Home windows Wi-Fi Driver Distant Code Execution Vulnerability Vital
Home windows Win32 Kernel Subsystem CVE-2024-30086 Home windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability Vital
Home windows Win32K – GRFX CVE-2024-30087 Win32k Elevation of Privilege Vulnerability Vital
Home windows Win32K – GRFX CVE-2024-30091 Win32k Elevation of Privilege Vulnerability Vital
Home windows Win32K – GRFX CVE-2024-30082 Win32k Elevation of Privilege Vulnerability Vital
Winlogon CVE-2024-30067 Winlogon Elevation of Privilege Vulnerability Vital
Winlogon CVE-2024-30066 Winlogon Elevation of Privilege Vulnerability Vital

Recent articles

Hacking

Grasp Certificates Administration: Be part of This Webinar on Crypto Agility and Finest Practices

Nov 15, 2024The Hacker InformationWebinar / Cyber Security Within the...
Read more
Cyber Security

Microsoft simply killed the Home windows 10 Beta Channel for good

​Microsoft has shut down the Home...
Read more
Information Technology

9 Worthwhile Product Launch Templates for Busy Leaders

Launching a product doesn’t should really feel like blindly...
Read more
Cyber Security

Bitfinex hacker will get 5 years in jail for 120,000 bitcoin heist

A hacker liable for stealing 119,754...
Read more
Cloud Security

How Runtime Insights Assist with Container Safety

Containers are a key constructing block for cloud workloads,...
Read more
Previous article
Chinese language hackers breached 20,000 FortiGate methods worldwide
Next article
How Cynet Makes MSPs Wealthy & Their Purchasers Safe
admin
adminhttps://chinamoney.network

About us

We understand that cybersecurity is a rapidly evolving field, with new threats emerging every day. That’s why we are committed to staying ahead of the curve and providing our readers with the most up-to-date and relevant information available.

Company

Must Read

The 6 Finest Pentesting Corporations for 2024

Information Technology 0
Penetration testing (usually shortened to “pentesting”) helps corporations discover...

Fewer, Excessive-Profile Ransomware Assaults Are Yielding Increased Ransoms

Hacking 0
Evaluation of cryptocurrency funds made on the blockchain highlights...

Machine Studying Made Easy for Knowledge Analysts with BigQuery ML – KDnuggets

AI 0
Picture by freepik   Knowledge evaluation is present process a revolution....

Subscribe

© 2024 Wanderlust. All Rights Reserved.