June, 2024: Patch Tuesday - Zero zero days!

Welcome to my June Patch Tuesday newsletter.  I was pleasantly surprised this month while researching the updates.  There isn't much to bring attention to for June's Patch Tuesday.  Our biggest concerns are two publicly disclosed but not exploited (yet) updates.  Let's look at CVE-2023-50868 first.  Rated as "Exploitation Less Likely" this update could allow an attacker to exploit standard DNSSEC protocols intended for DNS integrity by using excessive resources causing a denial of service for legitimate users.  It would good to test and update when you can.  CVE-2024-30060 is our next update that is also publicly disclosed.  This CVE has a CVSS score a little bit higher at 7.8/6.8.  This is also rated "Exploitation Less Likely".  This vulnerability could allow an attacker to delete targeted files on a system which could result in a privilege escalation gaining SYSTEM privileges.  Browse the chart below and make sure that any products in your environment don't get missed this month.  

Besides these there is not much to talk about this month.  It's a fairly light month with the usual being released.  I recently had a webinar showing how my Supercharger product can help you collect the events you need from your domain controllers to detect malicious activity.  Unfortunately, our webinar service provider had a few audio issues.  We still managed to do the live event but if you missed it or were there and want to see a recording of it you can register for it here.

So, without further ado, here’s the chart of MS patches that affect Windows platforms in the past month.

Happy patching!

Patch data provided by:

LOGbinder.com

Technology

Products Affected

Severity

Reference

Workaround/ Exploited / Publicly Disclosed

Vulnerability Info

Windows

Windows 10, 11

Server 2008 SP2, 2008 R2 SP1, 2012, 2012 R2, 2016, 2019, 2022 including Server Core Installations

Critical

CVE-2023-50868
CVE-2024-30062
CVE-2024-30063
CVE-2024-30064
CVE-2024-30065
CVE-2024-30066
CVE-2024-30067
CVE-2024-30068
CVE-2024-30069
CVE-2024-30070
CVE-2024-30072
CVE-2024-30074
CVE-2024-30075
CVE-2024-30076
CVE-2024-30077
CVE-2024-30078
CVE-2024-30080
CVE-2024-30082
CVE-2024-30083
CVE-2024-30084
CVE-2024-30085
CVE-2024-30086
CVE-2024-30087
CVE-2024-30088
CVE-2024-30089
CVE-2024-30090
CVE-2024-30091
CVE-2024-30093
CVE-2024-30094
CVE-2024-30095
CVE-2024-30096
CVE-2024-30097
CVE-2024-30099
CVE-2024-35250
CVE-2024-35265

Workaround: No
Exploited: No
Public: Yes

Denial of Service

Elevation of Privilege

Information Disclosure

Remote Code Execution

Edge

Chromium-based

Important

CVE-2024-30056
CVE-2024-4947
CVE-2024-4948
CVE-2024-4949
CVE-2024-4950
CVE-2024-5157
CVE-2024-5158
CVE-2024-5159
CVE-2024-5160
CVE-2024-5274
CVE-2024-5493
CVE-2024-5494
CVE-2024-5495
CVE-2024-5496
CVE-2024-5497
CVE-2024-5498
CVE-2024-5499

Workaround: No
Exploited: No
Public: No

Information Disclosure

Office and SharePoint

365 Apps for Enterprise

Office 2016, 2019, LTSC 2021

Outlook 2016

SharePoint Enterprise Server 2016

SharePoint Server 2019

SharePoint Server Subscription Edition

Important

CVE-2024-30100
CVE-2024-30101
CVE-2024-30102
CVE-2024-30103
CVE-2024-30104

Workaround: No
Exploited: No
Public: No

Remote Code Execution

Dynamics

365 On-Prem version 9.1

365 Business Central 2023 Release Wave 1 & 2

365 Business Central 2024 Release Wave 1

Important

CVE-2024-35248
CVE-2024-35249
CVE-2024-35263

Workaround: No
Exploited: No
Public: No

Elevation of Privilege

Information Disclosure

Remote Code Execution

Visual Studio

2017 15.9 - 15.0

2019 16.11 - 16.0

2022 17.4, 17.6, 17.8, 17.10

Important

CVE-2024-29060
CVE-2024-29187
CVE-2024-30052

Workaround: No
Exploited: No
Public: No

Elevation of Privilege

Remote Code Execution

Azure 

Data Science Virtual Machines for Linux

File Sync v16 - v18

Identity Library for .NET, C++, Go, Java, JavaScript, Python

Monitor Agent

Storage Movement Client Library for .NET

MSAL for .NET, Java, Node.js

Important

CVE-2024-30060
CVE-2024-35252
CVE-2024-35253
CVE-2024-35254
CVE-2024-35255
CVE-2024-37325

Workaround: No
Exploited: No
Public: Yes

Denial of Service

Elevation of Privilege