Microsofts June 2024 Patch Tuesday security update addressed a total of 51 vulnerabilities, including critical flaws in various Microsoft services and applications.
Description
Microsofts June 2024 Patch Tuesday security update addressed a total of 51 vulnerabilities, including 18 remote code execution flaws and one critical bug in the Microsoft Message Queuing service. This flaw, CVE-2024-30080 [1] [2] [4] [5], allows for remote code execution with a CVSS severity rating of 9.8 and can be exploited remotely without user interaction, potentially leading to remote malware installation [1]. Other high-risk vulnerabilities patched include denial-of-service flaws in Windows Server and DHCP Server [6], as well as remote code execution vulnerabilities in Microsoft Office [6], Outlook [1] [2] [3] [4] [5] [6], and SharePoint Server [6]. Additionally, remote code execution flaws in Outlook (CVE-2024-30101) and a file-based exploit (CVE-2024-30104) were also addressed. High-priority bugs include remote code execution vulnerabilities in Microsoft Streaming Services and privilege escalation bugs in Windows Cloud Files Mini Filter Driver and Windows Kernel Driver [2].
In addition to these critical flaws [1], Microsoft also fixed several vulnerabilities affecting Outlook [1], Dynamics 365 [1], and the Windows Kernel that could allow for remote code execution and privilege escalation attacks [1]. While not classified as critical, these issues still pose a significant risk and should be patched promptly [1].
Security experts note that the real-world risk of these flaws is limited [1], as certain components need to be manually enabled and exposed to the open internet [1]. While serious, it is unlikely that many systems are currently vulnerable [1]. However, users are advised to update their systems promptly to prevent potential exploitation by attackers.
Microsoft recommends updating Windows as soon as possible and urges administrators to prioritize testing and deploying updates [1]. Adobe also released a patch update addressing 163 vulnerabilities [1], with a focus on cross-site scripting issues in Experience Manager [1]. Users and admins are advised to update their Adobe software promptly [1].
Conclusion
The June 2024 Patch Tuesday security update from Microsoft addresses critical vulnerabilities that could lead to remote code execution and privilege escalation attacks. While the real-world risk is limited, users are advised to update their systems promptly to prevent potential exploitation. Administrators should prioritize testing and deploying updates to ensure the security of their systems.
References
[1] https://www.scmagazine.com/news/june-2024-patch-tuesday-brings-fixes-for-49-security-flaws
[2] https://www.darkreading.com/vulnerabilities-threats/critical-msmq-rce-bug-microsoft-servers-complete-takeover
[3] https://cyber.vumetric.com/security-news/2024/06/11/microsoft-june-2024-patch-tuesday-fixes-51-flaws-18-rces/
[4] https://krebsonsecurity.com/2024/06/patch-tuesday-june-2024-recall-edition/
[5] https://www.helpnetsecurity.com/2024/06/11/cve-2024-30080-cve-2024-30103/
[6] https://www.techtarget.com/searchWindowsServer/news/366588484/Microsoft-delivers-51-fixes-for-June-Patch-Tuesday