Categories
Blog

Microsoft fixes 49+ security bugs with its June edition of Patch Tuesday 

Home » Blog » Microsoft fixes 49+ security bugs with its June edition of Patch Tuesday 

Microsoft fixes 49+ security bugs with its June edition of Patch Tuesday 

Microsoft has come up with another big update with its Patch Tuesday. With this single Patch Tuesday update, Microsoft has fixed more than 49 security vulnerabilities across its products. These 49 vulnerabilities do not include the 7 Microsoft Edge security flaws that Microsoft had fixed in June. 

Out of all the fixed vulnerabilities, 5 were Denial of Service, 25 were Privilege Escalation, 18 were Remote Code Execution Vulnerabilities, and 3 were Information Disclosure Vulnerabilities (Bleeping Computer)   

To check the complete list of security vulnerabilities fixed you can do it here

Let us dive straight into some of the key aspects of the update. 

Microsoft Office bugs fixed  

Through the Patch Tuesday update, Microsoft has addressed security vulnerabilities in Microsoft Office products, including one remote code execution flaw in Outlook with a base CVSS score of 8.8 (High). This vulnerability could allow an attacker to create malicious DLL through the Preview Pane as an attack vector. 

Microsoft Office SharePoint CVE-2024-30100 7.8 
Microsoft Office CVE-2024-30101 7.5 
Microsoft Office Word CVE-2024-30102 7.3 
Microsoft Office Outlook CVE-2024-30103 8.8 
Microsoft Office CVE-2024-30104 7.8 

One publicly disclosed zero-day flaw addressed 

Microsoft has fixed one publicly disclosed zero-day flaw, earlier referred to as a KeyTrap attack in the DNS protocol.  

Tracked as CVE-2023-50868, it pertains to a flaw in DNS protocol that could allow the attacker to engage in long term Denial-of-service attacks, denying access to the internet for applications.   

It is a security vulnerability created due to a design issue in DNSSEC, a feature of DNS that provides authentication to the responses by providing cryptographic signatures.  

The security vulnerability impacts all DNS implementation services exploitation of which the attacker could create unavailability of essential technologies across applications like web browsing, emails, and instant messaging.

7 Windows Kernel major security bugs fixed 

Major security bugs with more than CVSS scores of 7 and 8 were fixed by Microsoft, exploitation of which could give attackers privileged access to SYSTEM 

Windows Kernel CVE-2024-30064 8.8 
Windows Kernel CVE-2024-30068 8.8 
Windows Kernel-Mode Drivers CVE-2024-30084 
Windows Win32 Kernel Subsystem CVE-2024-30086 7.8 
Windows NT OS Kernel CVE-2024-30088 
Windows NT OS Kernel CVE-2024-30099 
Windows Kernel-Mode Drivers CVE-2024-35250 7.8 

A critical vulnerability with rating 9.8 in Microsoft Message Queuing MSMQ fixed 

MSMQ is a Microsoft Windows feature used for getting the message delivered to and read by the receiver.  

Since it is a vulnerability (tracked as CVE-2024-30080) with a critical CVSS score of 9.8 (critical), Microsoft has urged the affected parties to patch it immediately.  

The vulnerability is exploitable if the Windows MQ service is enabled. Microsoft has advised to check for a service that runs by the “Message Queuing and TCP port 1801 is listening on the machine”. 

Wi-Fi Windows security vulnerability fixed 

A remote code execution vulnerability in the Windows Wi-Fi driver with a CVSS score of 8.8 was also fixed which allows attackers to send malicious networking packets to another system with a Wi-Fi adaptor disguising malware running to probably snoop on the target’s system. It could be used to hijack systems for malicious purposes. 

Here is more on the previous Patch Tuesday update  

Services

Experience end-to-end management
of statutory and regulatory compliance
through our dedicated service for compliance

Explore More >

Latest Post

All
Blog