Microsoft has released its June 2024 Patch Tuesday security updates, addressing a wide range of vulnerabilities across various platforms and services. This month's update resolves numerous critical and important security issues, enhancing the overall security posture for users and organizations. Below, we provide an overview of the resolved vulnerabilities, their severity, and the systems affected.
Key Highlights
Critical Vulnerabilities
Windows Server Service:
: A critical remote code execution vulnerability in Microsoft Message Queuing (MSMQ) that could allow an attacker to execute arbitrary code on the affected system.
Important Vulnerabilities
Azure Services:
Azure Data Science Virtual Machines:
: Elevation of privilege vulnerability.
Azure File Sync:
: Elevation of privilege vulnerability.
Azure Monitor:
: Elevation of privilege vulnerability.
Azure SDK:
: Elevation of privilege vulnerability in Azure Identity Libraries and Microsoft Authentication Library.
Azure Storage Library:
: Denial of service vulnerability in Azure Storage Movement Client Library.
Dynamics Business Central:
: Elevation of privilege vulnerability.
: Remote code execution vulnerability.
Microsoft Edge (Chromium-based):
Multiple vulnerabilities in Chromium, such as use after free and heap buffer overflow, affecting components like Presentation API, WebRTC, Keyboard Inputs, Dawn, Streams API, and Media Session.
Microsoft Office and Related Services:
CVE-2024-30101, CVE-2024-30104, CVE-2024-30102
: Remote code execution vulnerabilities in Microsoft Office.
: Remote code execution vulnerability in Microsoft Outlook.
: Remote code execution vulnerability in Microsoft SharePoint Server.
Windows Components:
: Remote code execution vulnerability in Microsoft WDAC OLE DB provider for SQL.
: Remote code execution vulnerability in Microsoft Speech Application Programming Interface (SAPI).
: Denial of service vulnerability in Windows DHCP Server.
: Remote code execution vulnerability in Windows Distributed File System (DFS).
: Remote code execution vulnerability in Microsoft Event Trace Log File Parsing.
: Elevation of privilege vulnerability in Windows Cloud Files Mini Filter Driver.
: Elevation of privilege vulnerability in Windows Container Manager Service.
: Information disclosure vulnerability in Windows Cryptographic Services.
CVE-2024-30064, CVE-2024-30068, CVE-2024-30084, CVE-2024-35250
: Elevation of privilege vulnerabilities in Windows Kernel and Kernel-Mode Drivers.
CVE-2024-30075, CVE-2024-30074
: Remote code execution vulnerabilities in Windows Link Layer Topology Discovery Protocol.
CVE-2024-30099, CVE-2024-30088
: Elevation of privilege vulnerabilities in Windows NT OS Kernel.
: Information disclosure vulnerability in Windows Remote Access Connection Manager.
CVE-2024-30095, CVE-2024-30094
: Remote code execution vulnerabilities in Windows Routing and Remote Access Service (RRAS).
: Remote code execution vulnerability in Windows Standards-Based Storage Management Service.
: Denial of service vulnerability in Windows Standards-Based Storage Management Service.
: Elevation of privilege vulnerability in Windows Storage.
: Denial of service vulnerability in Windows Themes.
: Remote code execution vulnerability in Windows Wi-Fi Driver.
: Elevation of privilege vulnerability in Windows Win32 Kernel Subsystem.
CVE-2024-30087, CVE-2024-30091, CVE-2024-30082
: Elevation of privilege vulnerabilities in Windows Win32K - GRFX.
CVE-2024-30067, CVE-2024-30066
: Elevation of privilege vulnerabilities in Winlogon.
Visual Studio:
: Remote code execution vulnerability.
: Elevation of privilege vulnerability.
: Vulnerability in WiX Burn-based bundles, allowing binary hijack when run as SYSTEM.