Invest
HomeVulnerabilityMicrosoft June 2024 Patch Tuesday fixes 51 flaws, 18 RCEs
Vulnerability

Microsoft June 2024 Patch Tuesday fixes 51 flaws, 18 RCEs

stanlieder
By stanlieder

At this time is Microsoft’s June 2024 Patch Tuesday, which incorporates security updates for 51 flaws, eighteen distant code execution flaws, and one publicly disclosed zero-day vulnerability.

This Patch Tuesday mounted 18 RCE flaws however just one essential vulnerability, a distant code execution vulnerability in Microsoft Message Queuing (MSMQ).

The variety of bugs in every vulnerability class is listed under:

  • 25 Elevation of Privilege Vulnerabilities
  • 18 Distant Code Execution Vulnerabilities
  • 3 Info Disclosure Vulnerabilities
  • 5 Denial of Service Vulnerabilities

The full depend of 51 flaws doesn’t embody 7 Microsoft Edge flaws mounted on June third.

One publicly disclosed zero-day

This month’s Patch Tuesday fixes one publicly disclosed zero-day, with no actively exploited flaw mounted at present.

Microsoft classifies a zero-day as a flaw publicly disclosed or actively exploited with no official repair obtainable.

The publicly disclosed zero-day vulnerability is the beforehand disclosed ‘Keytrap’ assault within the DNS protocol that Microsoft has now mounted as a part of at present’s updates.

CVE-2023-50868 – MITRE: CVE-2023-50868 NSEC3 closest encloser proof can exhaust CPU

“CVE-2023-50868 is relating to a vulnerability in DNSSEC validation the place an attacker may exploit commonplace DNSSEC protocols supposed for DNS integrity by utilizing extreme sources on a resolver, inflicting a denial of service for authentic customers. MITRE created this CVE on their behalf,” reads the Microsoft advisory.

This flaw was beforehand disclosed in February and patched in quite a few DNS implementations, together with BIND, PowerDNS, Unbound, Knot Resolver, and Dnsmasq.

Different fascinating vulnerabilities mounted this month embody a number of Microsoft Workplace distant code execution flaws, together with Microsoft Outlook RCEs that may be exploited from the preview pane.

Microsoft additionally mounted seven Home windows Kernel privilege elevation flaws that would permit a neighborhood attacker to achieve SYSTEM privileges.

Latest updates from different firms

Different distributors who launched updates or advisories in June 2024 embody:

Sadly, we’ll not be linking to SAP’s Patch Tuesday security updates as they’ve positioned them behind a buyer login.

See also  VMware Alert: Uninstall EAP Now

The June 2024 Patch Tuesday Safety Updates

Beneath is the whole checklist of resolved vulnerabilities within the June 2024 Patch Tuesday updates.

To entry the complete description of every vulnerability and the methods it impacts, you’ll be able to view the full report right here.

Tag CVE ID CVE Title Severity
Azure Data Science Digital Machines CVE-2024-37325 Azure Science Digital Machine (DSVM) Elevation of Privilege Vulnerability Essential
Azure File Sync CVE-2024-35253 Microsoft Azure File Sync Elevation of Privilege Vulnerability Essential
Azure Monitor CVE-2024-35254 Azure Monitor Agent Elevation of Privilege Vulnerability Essential
Azure SDK CVE-2024-35255 Azure Identification Libraries and Microsoft Authentication Library Elevation of Privilege Vulnerability Essential
Azure Storage Library CVE-2024-35252 Azure Storage Motion Shopper Library Denial of Service Vulnerability Essential
Dynamics Enterprise Central CVE-2024-35248 Microsoft Dynamics 365 Enterprise Central Elevation of Privilege Vulnerability Essential
Dynamics Enterprise Central CVE-2024-35249 Microsoft Dynamics 365 Enterprise Central Distant Code Execution Vulnerability Essential
Microsoft Dynamics CVE-2024-35263 Microsoft Dynamics 365 (On-Premises) Info Disclosure Vulnerability Essential
Microsoft Edge (Chromium-based) CVE-2024-5498 Chromium: CVE-2024-5498 Use after free in Presentation API Unknown
Microsoft Edge (Chromium-based) CVE-2024-5493 Chromium: CVE-2024-5493 Heap buffer overflow in WebRTC Unknown
Microsoft Edge (Chromium-based) CVE-2024-5497 Chromium: CVE-2024-5497 Out of bounds reminiscence entry in Keyboard Inputs Unknown
Microsoft Edge (Chromium-based) CVE-2024-5495 Chromium: CVE-2024-5495 Use after free in Daybreak Unknown
Microsoft Edge (Chromium-based) CVE-2024-5499 Chromium: CVE-2024-5499 Out of bounds write in Streams API Unknown
Microsoft Edge (Chromium-based) CVE-2024-5494 Chromium: CVE-2024-5494 Use after free in Daybreak Unknown
Microsoft Edge (Chromium-based) CVE-2024-5496 Chromium: CVE-2024-5496 Use after free in Media Session Unknown
Microsoft Workplace CVE-2024-30101 Microsoft Workplace Distant Code Execution Vulnerability Essential
Microsoft Workplace CVE-2024-30104 Microsoft Workplace Distant Code Execution Vulnerability Essential
Microsoft Workplace Outlook CVE-2024-30103 Microsoft Outlook Distant Code Execution Vulnerability Essential
Microsoft Workplace SharePoint CVE-2024-30100 Microsoft SharePoint Server Distant Code Execution Vulnerability Essential
Microsoft Workplace Phrase CVE-2024-30102 Microsoft Workplace Distant Code Execution Vulnerability Essential
Microsoft Streaming Service CVE-2024-30090 Microsoft Streaming Service Elevation of Privilege Vulnerability Essential
Microsoft Streaming Service CVE-2024-30089 Microsoft Streaming Service Elevation of Privilege Vulnerability Essential
Microsoft WDAC OLE DB supplier for SQL CVE-2024-30077 Home windows OLE Distant Code Execution Vulnerability Essential
Microsoft Home windows CVE-2023-50868 MITRE: CVE-2023-50868 NSEC3 closest encloser proof can exhaust CPU Essential
Microsoft Home windows Speech CVE-2024-30097 Microsoft Speech Utility Programming Interface (SAPI) Distant Code Execution Vulnerability Essential
Visible Studio CVE-2024-30052 Visible Studio Distant Code Execution Vulnerability Essential
Visible Studio CVE-2024-29060 Visible Studio Elevation of Privilege Vulnerability Essential
Visible Studio CVE-2024-29187 GitHub: CVE-2024-29187 WiX Burn-based bundles are susceptible to binary hijack when run as SYSTEM Essential
Home windows Cloud Recordsdata Mini Filter Driver CVE-2024-30085 Home windows Cloud Recordsdata Mini Filter Driver Elevation of Privilege Vulnerability Essential
Home windows Container Supervisor Service CVE-2024-30076 Home windows Container Supervisor Service Elevation of Privilege Vulnerability Essential
Home windows Cryptographic Companies CVE-2024-30096 Home windows Cryptographic Companies Info Disclosure Vulnerability Essential
Home windows DHCP Server CVE-2024-30070 DHCP Server Service Denial of Service Vulnerability Essential
Home windows Distributed File System (DFS) CVE-2024-30063 Home windows Distributed File System (DFS) Distant Code Execution Vulnerability Essential
Home windows Occasion Logging Service CVE-2024-30072 Microsoft Occasion Hint Log File Parsing Distant Code Execution Vulnerability Essential
Home windows Kernel CVE-2024-30068 Home windows Kernel Elevation of Privilege Vulnerability Essential
Home windows Kernel CVE-2024-30064 Home windows Kernel Elevation of Privilege Vulnerability Essential
Home windows Kernel-Mode Drivers CVE-2024-30084 Home windows Kernel-Mode Driver Elevation of Privilege Vulnerability Essential
Home windows Kernel-Mode Drivers CVE-2024-35250 Home windows Kernel-Mode Driver Elevation of Privilege Vulnerability Essential
Home windows Hyperlink Layer Topology Discovery Protocol CVE-2024-30075 Home windows Hyperlink Layer Topology Discovery Protocol Distant Code Execution Vulnerability Essential
Home windows Hyperlink Layer Topology Discovery Protocol CVE-2024-30074 Home windows Hyperlink Layer Topology Discovery Protocol Distant Code Execution Vulnerability Essential
Home windows NT OS Kernel CVE-2024-30099 Home windows Kernel Elevation of Privilege Vulnerability Essential
Home windows NT OS Kernel CVE-2024-30088 Home windows Kernel Elevation of Privilege Vulnerability Essential
Home windows Notion Service CVE-2024-35265 Home windows Notion Service Elevation of Privilege Vulnerability Essential
Home windows Distant Entry Connection Supervisor CVE-2024-30069 Home windows Distant Entry Connection Supervisor Info Disclosure Vulnerability Essential
Home windows Routing and Distant Entry Service (RRAS) CVE-2024-30095 Home windows Routing and Distant Entry Service (RRAS) Distant Code Execution Vulnerability Essential
Home windows Routing and Distant Entry Service (RRAS) CVE-2024-30094 Home windows Routing and Distant Entry Service (RRAS) Distant Code Execution Vulnerability Essential
Home windows Server Service CVE-2024-30062 Home windows Requirements-Based mostly Storage Administration Service Distant Code Execution Vulnerability Essential
Home windows Server Service CVE-2024-30080 Microsoft Message Queuing (MSMQ) Distant Code Execution Vulnerability Crucial
Home windows Requirements-Based mostly Storage Administration Service CVE-2024-30083 Home windows Requirements-Based mostly Storage Administration Service Denial of Service Vulnerability Essential
Home windows Storage CVE-2024-30093 Home windows Storage Elevation of Privilege Vulnerability Essential
Home windows Themes CVE-2024-30065 Home windows Themes Denial of Service Vulnerability Essential
Home windows Wi-Fi Driver CVE-2024-30078 Home windows Wi-Fi Driver Distant Code Execution Vulnerability Essential
Home windows Win32 Kernel Subsystem CVE-2024-30086 Home windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability Essential
Home windows Win32K – GRFX CVE-2024-30087 Win32k Elevation of Privilege Vulnerability Essential
Home windows Win32K – GRFX CVE-2024-30091 Win32k Elevation of Privilege Vulnerability Essential
Home windows Win32K – GRFX CVE-2024-30082 Win32k Elevation of Privilege Vulnerability Essential
Winlogon CVE-2024-30067 Winlogon Elevation of Privilege Vulnerability Essential
Winlogon CVE-2024-30066 Winlogon Elevation of Privilege Vulnerability Essential
See also  Telegram fixes Home windows app zero-day used to launch Python scripts
- Advertisment -spot_img
Previous article
Netskope secures SaaS apps with genAI
Next article
Finally, Apple’s Messages app will assist RCS and scheduling texts
stanlieder
stanliederhttps://news.killnetswitch.com
RELATED ARTICLES

LEAVE A REPLY

Please enter your comment!
Please enter your name here

- Advertisment -

Most Popular

Load more

EDITOR PICKS

POPULAR News

POPULAR TAGS

NewsVulnerabilityvulnerabilitiesCybersecurityData BreachCyber AttacksMalwareransomwareCyber Attacknetwork securityThreat IntelligenceRemote Code Executionzero dayCloud SecuritymicrosoftSecurity TipsData ProtectionsecurityCybercrimesoftware security

POPULAR Tags

NewsVulnerabilityvulnerabilitiesCybersecurityData BreachCyber AttacksMalwareransomwareCyber Attacknetwork securityThreat IntelligenceRemote Code Executionzero dayCloud SecuritymicrosoftSecurity TipsData ProtectionsecurityCybercrimesoftware security

POPULAR Tags

NewsVulnerabilityvulnerabilitiesCybersecurityData BreachCyber AttacksMalwareransomwareCyber Attacknetwork securityThreat IntelligenceRemote Code Executionzero dayCloud Securitymicrosoft

ABOUT US

Welcome to News.killnetswitch, your trusted source for the latest updates, insights, and analysis in the world of cybersecurity and network security.

Contact us : info@killnetswitch.com

FOLLOW US

© 2024 All Rights reserved | Protected by News.Killnetswitch