Nowadays is Microsoft’s June 2024 Patch Tuesday, which contains safety updates for 51 flaws, eighteen faraway code execution flaws, and one publicly disclosed zero-day vulnerability.
This Patch Tuesday fastened 18 RCE flaws however just one crucial vulnerability, a faraway code execution vulnerability in Microsoft Message Queuing (MSMQ).
The choice of insects in every vulnerability class is indexed beneath:
- 25 Elevation of Privilege Vulnerabilities
- 18 Far flung Code Execution Vulnerabilities
- 3 Knowledge Disclosure Vulnerabilities
- 5 Denial of Carrier Vulnerabilities
The entire rely of 51 flaws does no longer come with 7 Microsoft Edge flaws fastened on June third.
To be told extra concerning the non-security updates launched as of late, you’ll evaluation our devoted articles at the new Home windows 11 KB5039212 replace and the Home windows 10 KB5039211 replace.
One publicly disclosed zero-day
This month’s Patch Tuesday fixes one publicly disclosed zero-day, and not using a actively exploited flaw fastened as of late.
Microsoft classifies a zero-day as a flaw publicly disclosed or actively exploited and not using a reputable repair to be had.
The publicly disclosed zero-day vulnerability is the up to now disclosed ‘Keytrap’ assault within the DNS protocol that Microsoft has now fastened as a part of as of late’s updates.
CVE-2023-50868 – MITRE: CVE-2023-50868 NSEC3 closest encloser evidence can exhaust CPU
“CVE-2023-50868 is relating to a vulnerability in DNSSEC validation the place an attacker may just exploit same old DNSSEC protocols supposed for DNS integrity through the use of over the top sources on a resolver, inflicting a denial of carrier for official customers. MITRE created this CVE on their behalf,” reads the Microsoft advisory.
This flaw used to be up to now disclosed in February and patched in a lot of DNS implementations, together with BIND, PowerDNS, Unbound, Knot Resolver, and Dnsmasq.
Different fascinating vulnerabilities fastened this month come with more than one Microsoft Place of work faraway code execution flaws, together with Microsoft Outlook RCEs that may be exploited from the preview pane.
Microsoft additionally fastened seven Home windows Kernel privilege elevation flaws that might permit a neighborhood attacker to achieve SYSTEM privileges.
Contemporary updates from different corporations
Different distributors who launched updates or advisories in June 2024 come with:
Sadly, we will be able to now not be linking to SAP’s Patch Tuesday safety updates as they’ve positioned them in the back of a buyer login.
The June 2024 Patch Tuesday Safety Updates
Underneath is your entire listing of resolved vulnerabilities within the June 2024 Patch Tuesday updates.
To get entry to the entire description of every vulnerability and the techniques it impacts, you’ll view the complete record right here.
| Tag | CVE ID | CVE Name | Severity |
|---|---|---|---|
| Azure Information Science Digital Machines | CVE-2024-37325 | Azure Science Digital System (DSVM) Elevation of Privilege Vulnerability | Necessary |
| Azure Report Sync | CVE-2024-35253 | Microsoft Azure Report Sync Elevation of Privilege Vulnerability | Necessary |
| Azure Observe | CVE-2024-35254 | Azure Observe Agent Elevation of Privilege Vulnerability | Necessary |
| Azure SDK | CVE-2024-35255 | Azure Identification Libraries and Microsoft Authentication Library Elevation of Privilege Vulnerability | Necessary |
| Azure Garage Library | CVE-2024-35252 | Azure Garage Motion Consumer Library Denial of Carrier Vulnerability | Necessary |
| Dynamics Trade Central | CVE-2024-35248 | Microsoft Dynamics 365 Trade Central Elevation of Privilege Vulnerability | Necessary |
| Dynamics Trade Central | CVE-2024-35249 | Microsoft Dynamics 365 Trade Central Far flung Code Execution Vulnerability | Necessary |
| Microsoft Dynamics | CVE-2024-35263 | Microsoft Dynamics 365 (On-Premises) Knowledge Disclosure Vulnerability | Necessary |
| Microsoft Edge (Chromium-based) | CVE-2024-5498 | Chromium: CVE-2024-5498 Use after loose in Presentation API | Unknown |
| Microsoft Edge (Chromium-based) | CVE-2024-5493 | Chromium: CVE-2024-5493 Heap buffer overflow in WebRTC | Unknown |
| Microsoft Edge (Chromium-based) | CVE-2024-5497 | Chromium: CVE-2024-5497 Out of bounds reminiscence get entry to in Keyboard Inputs | Unknown |
| Microsoft Edge (Chromium-based) | CVE-2024-5495 | Chromium: CVE-2024-5495 Use after loose in First light | Unknown |
| Microsoft Edge (Chromium-based) | CVE-2024-5499 | Chromium: CVE-2024-5499 Out of bounds write in Streams API | Unknown |
| Microsoft Edge (Chromium-based) | CVE-2024-5494 | Chromium: CVE-2024-5494 Use after loose in First light | Unknown |
| Microsoft Edge (Chromium-based) | CVE-2024-5496 | Chromium: CVE-2024-5496 Use after loose in Media Consultation | Unknown |
| Microsoft Place of work | CVE-2024-30101 | Microsoft Place of work Far flung Code Execution Vulnerability | Necessary |
| Microsoft Place of work | CVE-2024-30104 | Microsoft Place of work Far flung Code Execution Vulnerability | Necessary |
| Microsoft Place of work Outlook | CVE-2024-30103 | Microsoft Outlook Far flung Code Execution Vulnerability | Necessary |
| Microsoft Place of work SharePoint | CVE-2024-30100 | Microsoft SharePoint Server Far flung Code Execution Vulnerability | Necessary |
| Microsoft Place of work Phrase | CVE-2024-30102 | Microsoft Place of work Far flung Code Execution Vulnerability | Necessary |
| Microsoft Streaming Carrier | CVE-2024-30090 | Microsoft Streaming Carrier Elevation of Privilege Vulnerability | Necessary |
| Microsoft Streaming Carrier | CVE-2024-30089 | Microsoft Streaming Carrier Elevation of Privilege Vulnerability | Necessary |
| Microsoft WDAC OLE DB supplier for SQL | CVE-2024-30077 | Home windows OLE Far flung Code Execution Vulnerability | Necessary |
| Microsoft Home windows | CVE-2023-50868 | MITRE: CVE-2023-50868 NSEC3 closest encloser evidence can exhaust CPU | Necessary |
| Microsoft Home windows Speech | CVE-2024-30097 | Microsoft Speech Software Programming Interface (SAPI) Far flung Code Execution Vulnerability | Necessary |
| Visible Studio | CVE-2024-30052 | Visible Studio Far flung Code Execution Vulnerability | Necessary |
| Visible Studio | CVE-2024-29060 | Visible Studio Elevation of Privilege Vulnerability | Necessary |
| Visible Studio | CVE-2024-29187 | GitHub: CVE-2024-29187 WiX Burn-based bundles are at risk of binary hijack when run as SYSTEM | Necessary |
| Home windows Cloud Information Mini Clear out Motive force | CVE-2024-30085 | Home windows Cloud Information Mini Clear out Motive force Elevation of Privilege Vulnerability | Necessary |
| Home windows Container Supervisor Carrier | CVE-2024-30076 | Home windows Container Supervisor Carrier Elevation of Privilege Vulnerability | Necessary |
| Home windows Cryptographic Products and services | CVE-2024-30096 | Home windows Cryptographic Products and services Knowledge Disclosure Vulnerability | Necessary |
| Home windows DHCP Server | CVE-2024-30070 | DHCP Server Carrier Denial of Carrier Vulnerability | Necessary |
| Home windows Dispensed Report Gadget (DFS) | CVE-2024-30063 | Home windows Dispensed Report Gadget (DFS) Far flung Code Execution Vulnerability | Necessary |
| Home windows Tournament Logging Carrier | CVE-2024-30072 | Microsoft Tournament Hint Log Report Parsing Far flung Code Execution Vulnerability | Necessary |
| Home windows Kernel | CVE-2024-30068 | Home windows Kernel Elevation of Privilege Vulnerability | Necessary |
| Home windows Kernel | CVE-2024-30064 | Home windows Kernel Elevation of Privilege Vulnerability | Necessary |
| Home windows Kernel-Mode Drivers | CVE-2024-30084 | Home windows Kernel-Mode Motive force Elevation of Privilege Vulnerability | Necessary |
| Home windows Kernel-Mode Drivers | CVE-2024-35250 | Home windows Kernel-Mode Motive force Elevation of Privilege Vulnerability | Necessary |
| Home windows Hyperlink Layer Topology Discovery Protocol | CVE-2024-30075 | Home windows Hyperlink Layer Topology Discovery Protocol Far flung Code Execution Vulnerability | Necessary |
| Home windows Hyperlink Layer Topology Discovery Protocol | CVE-2024-30074 | Home windows Hyperlink Layer Topology Discovery Protocol Far flung Code Execution Vulnerability | Necessary |
| Home windows NT OS Kernel | CVE-2024-30099 | Home windows Kernel Elevation of Privilege Vulnerability | Necessary |
| Home windows NT OS Kernel | CVE-2024-30088 | Home windows Kernel Elevation of Privilege Vulnerability | Necessary |
| Home windows Belief Carrier | CVE-2024-35265 | Home windows Belief Carrier Elevation of Privilege Vulnerability | Necessary |
| Home windows Far flung Get entry to Connection Supervisor | CVE-2024-30069 | Home windows Far flung Get entry to Connection Supervisor Knowledge Disclosure Vulnerability | Necessary |
| Home windows Routing and Far flung Get entry to Carrier (RRAS) | CVE-2024-30095 | Home windows Routing and Far flung Get entry to Carrier (RRAS) Far flung Code Execution Vulnerability | Necessary |
| Home windows Routing and Far flung Get entry to Carrier (RRAS) | CVE-2024-30094 | Home windows Routing and Far flung Get entry to Carrier (RRAS) Far flung Code Execution Vulnerability | Necessary |
| Home windows Server Carrier | CVE-2024-30062 | Home windows Requirements-Primarily based Garage Control Carrier Far flung Code Execution Vulnerability | Necessary |
| Home windows Server Carrier | CVE-2024-30080 | Microsoft Message Queuing (MSMQ) Far flung Code Execution Vulnerability | Essential |
| Home windows Requirements-Primarily based Garage Control Carrier | CVE-2024-30083 | Home windows Requirements-Primarily based Garage Control Carrier Denial of Carrier Vulnerability | Necessary |
| Home windows Garage | CVE-2024-30093 | Home windows Garage Elevation of Privilege Vulnerability | Necessary |
| Home windows Topics | CVE-2024-30065 | Home windows Topics Denial of Carrier Vulnerability | Necessary |
| Home windows Wi-Fi Motive force | CVE-2024-30078 | Home windows Wi-Fi Motive force Far flung Code Execution Vulnerability | Necessary |
| Home windows Win32 Kernel Subsystem | CVE-2024-30086 | Home windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability | Necessary |
| Home windows Win32K – GRFX | CVE-2024-30087 | Win32k Elevation of Privilege Vulnerability | Necessary |
| Home windows Win32K – GRFX | CVE-2024-30091 | Win32k Elevation of Privilege Vulnerability | Necessary |
| Home windows Win32K – GRFX | CVE-2024-30082 | Win32k Elevation of Privilege Vulnerability | Necessary |
| Winlogon | CVE-2024-30067 | Winlogon Elevation of Privilege Vulnerability | Necessary |
| Winlogon | CVE-2024-30066 | Winlogon Elevation of Privilege Vulnerability | Necessary |