HomeWinBuzzer NewsJune 2024 Patch Tuesday: Microsoft Fixes Critical Message Queuing Flaw

June 2024 Patch Tuesday: Microsoft Fixes Critical Message Queuing Flaw

June 2024 Patch Tuesday sees Microsoft make 51 security fixes across its product range, but only one is critical severity.

-

June 2024 updates have been released, fixing 51 security loopholes across a variety of their products. Available in the Microsoft Update Catalog, this month's updates encompass critical patches for Windows, Office, Azure, Dynamics Business Central, and Visual Studio. Noteworthy is the absence of zero-day vulnerabilities, a deviation from recent history.

MSMQ Vulnerability at the Forefront

Among the critical issues addressed is the Microsoft Message Queuing (MSMQ) vulnerability, designated CVE-2024-30080. This flaw, scoring 9.8 on the CVSS scale, allows attackers to remotely execute arbitrary code on systems with MSMQ enabled. The vulnerability can spread across servers due to its wormable nature, simply by sending a specially crafted MSMQ packet, which could lead to remote code execution.

New Fix for DNSSEC Zero-Day Issue

Microsoft also tackled a previously disclosed zero-day flaw in DNSSEC validation, CVE-2023-50868. Carrying a CVSS score of 7.5, this flaw can be exploited to cause a denial of service by using up resources on a resolver, impacting legitimate users. The issue lies in standard DNSSEC protocols intended to ensure DNS data integrity. A proof of concept for this vulnerability is available.

Another critical issue addressed involves a Remote Code Execution vulnerability in Windows Wi-Fi drivers, tagged as CVE-2024-30078 with a CVSS score of 8.8. For exploitation, an attacker needs to be in close proximity to the target system to interact with its Wi-Fi adapter using a crafted networking packet, leading to potential remote code execution.

Microsoft Office Security Patches

This release also includes several important fixes for Remote Code Execution vulnerabilities in Microsoft Office. Notable are CVE-2024-30101, CVE-2024-30104, CVE-2024-30102, and CVE-2024-30103, with CVSS scores from 7.3 to 8.8. These vulnerabilities involve Use After Free and Improper Link Resolution flaws, which necessitate user interaction for exploitation.

One more significant fix targets the Microsoft Event Trace Log File Parsing Remote Code Execution vulnerability (CVE-2024-30072), attributed to an integer overflow issue. Systems affected include Windows Server 2022 and .

Full June 2024 Patch Tuesday Changelog

CVE ID

Tag

CVE Title

CVE-2024-37325

Azure Data Science Virtual Machines

Azure Science Virtual Machine (DSVM) Elevation of Privilege Vulnerability

CVE-2024-35253

Azure File Sync

File Sync Elevation of Privilege Vulnerability

CVE-2024-35254

Azure Monitor

Azure Monitor Agent Elevation of Privilege Vulnerability

CVE-2024-35255

Azure SDK

Azure Identity Libraries and Microsoft Authentication Library Elevation of Privilege Vulnerability

CVE-2024-35252

Azure Storage Library

Azure Storage Movement Client Library Denial of Service Vulnerability

CVE-2024-35248

Dynamics Business Central

Microsoft Business Central Elevation of Privilege Vulnerability

CVE-2024-35249

Dynamics Business Central

Microsoft Dynamics 365 Business Central Remote Code Execution Vulnerability

CVE-2024-35263

Microsoft Dynamics

Microsoft Dynamics 365 (On-Premises) Information Disclosure Vulnerability

CVE-2024-5498

Microsoft Edge (Chromium-based)

Chromium: CVE-2024-5498 Use after free in Presentation API

CVE-2024-5493

Microsoft Edge (Chromium-based)

Chromium: CVE-2024-5493 Heap buffer overflow in WebRTC

CVE-2024-5497

Microsoft Edge (Chromium-based)

Chromium: CVE-2024-5497 Out of bounds memory access in Keyboard Inputs

CVE-2024-5495

Microsoft Edge (Chromium-based)

Chromium: CVE-2024-5495 Use after free in Dawn

CVE-2024-5499

Microsoft Edge (Chromium-based)

Chromium: CVE-2024-5499 Out of bounds write in Streams API

CVE-2024-5494

Microsoft Edge (Chromium-based)

Chromium: CVE-2024-5494 Use after free in Dawn

CVE-2024-5496

Microsoft Edge (Chromium-based)

Chromium: CVE-2024-5496 Use after free in Media Session

CVE-2024-30101

Microsoft Office

Microsoft Office Remote Code Execution Vulnerability

CVE-2024-30104

Microsoft Office

Microsoft Office Remote Code Execution Vulnerability

CVE-2024-30103

Microsoft Office Outlook

Microsoft Outlook Remote Code Execution Vulnerability

CVE-2024-30100

Microsoft Office SharePoint

Microsoft SharePoint Server Remote Code Execution Vulnerability

CVE-2024-30102

Microsoft Office Word

Microsoft Office Remote Code Execution Vulnerability

CVE-2024-30090

Microsoft Streaming Service

Microsoft Streaming Service Elevation of Privilege Vulnerability

CVE-2024-30089

Microsoft Streaming Service

Microsoft Streaming Service Elevation of Privilege Vulnerability

CVE-2024-30077

Microsoft WDAC OLE DB provider for SQL

Windows OLE Remote Code Execution Vulnerability

CVE-2023-50868

MITRE: CVE-2023-50868 NSEC3 closest encloser proof can exhaust CPU

CVE-2024-30097

Microsoft Windows Speech

Microsoft Speech Application Programming Interface (SAPI) Remote Code Execution Vulnerability

CVE-2024-30052

Visual Studio

Visual Studio Remote Code Execution Vulnerability

CVE-2024-29060

Visual Studio

Visual Studio Elevation of Privilege Vulnerability

CVE-2024-29187

Visual Studio

GitHub: CVE-2024-29187 WiX Burn-based bundles are vulnerable to binary hijack when run as SYSTEM

CVE-2024-30085

Windows Cloud Files Mini Filter Driver

Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability

CVE-2024-30076

Windows Container Manager Service

Windows Container Manager Service Elevation of Privilege Vulnerability

CVE-2024-30096

Windows Cryptographic Services

Windows Cryptographic Services Information Disclosure Vulnerability

CVE-2024-30070

Windows DHCP Server

DHCP Server Service Denial of Service Vulnerability

CVE-2024-30063

Windows Distributed File System (DFS)

Windows Distributed File System (DFS) Remote Code Execution Vulnerability

CVE-2024-30072

Windows Event Logging Service

Microsoft Event Trace Log File Parsing Remote Code Execution Vulnerability

CVE-2024-30068

Windows Kernel

Windows Kernel Elevation of Privilege Vulnerability

CVE-2024-30064

Windows Kernel

Windows Kernel Elevation of Privilege Vulnerability

CVE-2024-30084

Windows Kernel-Mode Drivers

Windows Kernel-Mode Driver Elevation of Privilege Vulnerability

CVE-2024-35250

Windows Kernel-Mode Drivers

Windows Kernel-Mode Driver Elevation of Privilege Vulnerability

CVE-2024-30075

Windows Link Layer Topology Discovery Protocol

Windows Link Layer Topology Discovery Protocol Remote Code Execution Vulnerability

CVE-2024-30074

Windows Link Layer Topology Discovery Protocol

Windows Link Layer Topology Discovery Protocol Remote Code Execution Vulnerability

CVE-2024-30099

Windows NT OS Kernel

Windows Kernel Elevation of Privilege Vulnerability

CVE-2024-30088

Windows NT OS Kernel

Windows Kernel Elevation of Privilege Vulnerability

CVE-2024-35265

Windows Perception Service

Windows Perception Service Elevation of Privilege Vulnerability

CVE-2024-30069

Windows Remote Access Connection Manager

Windows Remote Access Connection Manager Information Disclosure Vulnerability

CVE-2024-30095

Windows Routing and Remote Access Service (RRAS)

Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability

CVE-2024-30094

Windows Routing and Remote Access Service (RRAS)

Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability

CVE-2024-30062

Service

Windows Standards-Based Storage Management Service Remote Code Execution Vulnerability

CVE-2024-30080

Windows Server Service

Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability

CVE-2024-30083

Windows Standards-Based Storage Management Service

Windows Standards-Based Storage Management Service Denial of Service Vulnerability

CVE-2024-30093

Windows Storage

Windows Storage Elevation of Privilege Vulnerability

CVE-2024-30065

Windows Themes

Windows Themes Denial of Service Vulnerability

CVE-2024-30078

Windows Wi-Fi Driver

Windows Wi-Fi Driver Remote Code Execution Vulnerability

CVE-2024-30086

Windows Win32 Kernel Subsystem

Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability

CVE-2024-30087

Windows Win32K – GRFX

Win32k Elevation of Privilege Vulnerability

CVE-2024-30091

Windows Win32K – GRFX

Win32k Elevation of Privilege Vulnerability

CVE-2024-30082

Windows Win32K – GRFX

Win32k Elevation of Privilege Vulnerability

CVE-2024-30067

Winlogon

Winlogon Elevation of Privilege Vulnerability

CVE-2024-30066

Winlogon

Winlogon Elevation of Privilege Vulnerability

SourceMicrosoft
Luke Jones
Luke Jones
Luke has been writing about all things tech for more than five years. He is following Microsoft closely to bring you the latest news about Windows, Office, Azure, Skype, HoloLens and all the rest of their products.