Microsoft’s June 2024 Patch
Microsoft’s June 2024 Patch Tuesday updates address 51 security vulnerabilities, including one rated Critical and 50 rated Important.
Additionally, 17 vulnerabilities in the Chromium-based Edge browser have been resolved. None of these flaws have been actively exploited, though one, CVE-2023-50868, is publicly known. This particular issue, discovered by ATHENE researchers, impacts the DNSSEC validation process, potentially causing CPU exhaustion.
Another significant vulnerability fixed is a Critical remote code execution (RCE) flaw in the Microsoft Message Queuing (MSMQ) service, CVE-2024-30080, with a CVSS score of 9.8. Exploiting this flaw involves sending a specially crafted MSMQ packet to a server, potentially allowing remote code execution. Other notable fixes include RCE bugs in Microsoft Outlook (CVE-2024-30103), Windows Wi-Fi Driver (CVE-2024-30078), and several privilege escalation flaws in the Windows Win32 Kernel Subsystem and related drivers.
Cybersecurity firm Morphisec identified the Outlook vulnerability, highlighting its potential for code execution without user interaction, which could lead to system compromise.
Beyond Microsoft, other vendors have also released security updates. These include Adobe, AWS, AMD, Apple visionOS, ASUS, Atlassian, Bosch, Broadcom (including VMware), Cisco, Citrix, D-Link, Dell, Drupal, F5, Fortinet, Fortra Tripwire Enterprise, GitLab, various Google platforms, Hitachi Energy, HP, IBM, Ivanti, Jenkins, Juniper Networks, Lenovo, multiple Linux distributions, MediaTek, Mitsubishi Electric, Mozilla Firefox, NETGEAR, NVIDIA, PHP, Progress Software, QNAP, Qualcomm, Samsung, SAP, Schneider Electric, Siemens, SolarWinds, Sophos, Synology, TP-Link, Trend Micro, Veeam, Veritas, Zoho ManageEngine ServiceDesk Plus, Zoom, and Zyxel.
