49 security vulnerabilities were fixed in the update, one of which is categorized as critical and another as a zero-day vulnerability.
Background:
In order to strengthen Microsoft products against a range of security threats, Microsoft has issued the June 2024 Patch Tuesday updates, which include the essential fixes and security updates. 49 security vulnerabilities were fixed in the update, one of which is categorized as critical and another as a zero-day vulnerability.
The following categories of vulnerabilities are the main focus of the June 2024 Patch Tuesday:
Vulnerability Category | Quantity | Severities |
Denial of Service Vulnerability | 5 | Important: 5 |
Elevation of Privilege Vulnerability | 25 | Important: 25 |
Information Disclosure Vulnerability | 3 | Important: 3 |
Remote Code Execution Vulnerability | 18 | Critical: 1
Important: 17 |
Zero Day Vulnerability:
CVE-2023-50868: MITRE: NSEC3 Closest Encloser Proof in DNSSEC Can Cause CPU Exhaustion
A vulnerability has been identified in DNSSEC validation that could let attackers misuse standard DNSSEC protocols, designed to ensure DNS integrity, to consume excessive resources on a resolver. This can lead to a denial of service for legitimate users. The issue was disclosed in February and has since been patched in multiple DNS implementations.
Critical Vulnerability:
CVE-2024-30080 (Microsoft Message Queuing (MSMQ) RCE Vulnerability)
Microsoft created the Message Queuing (MSMQ) protocol to maintain a message queue of undeliverable messages and guarantee dependable communication between Windows devices on various networks, even in the event of a host’s temporary unavailability.
An attacker must transmit a malicious MSMQ packet to an MSMQ server in order to take advantage of this vulnerability. If the exploitation is successful, the attacker could execute code remotely on the server.
Other vulnerabilities:
- A Win32k elevation of privilege vulnerability is identified as CVE-2024-30082. If the vulnerability is properly exploited, the attacker might be able to obtain SYSTEM rights.
- An elevation of privilege vulnerability in the Windows Kernel-Mode Driver is identified as CVE-2024-35250. If the attack is successful, the attacker could obtain SYSTEM rights.
- A vulnerability pertaining to an elevation of privilege exists in the Windows Kernel-Mode Driver (CVE-2024-30084). An attacker has to win a race condition in order to take advantage of the vulnerability. If the attack is successful, the attacker could obtain SYSTEM rights.
- An elevation of privilege vulnerability in the Windows Cloud Files Mini Filter Driver is identified as CVE-2024-30085. If the vulnerability is properly exploited, the attacker might be able to obtain SYSTEM rights.
- An elevation of privilege vulnerability in the Windows Win32 Kernel Subsystem is identified as CVE-2024-30086. If the attack is successful, the attacker could obtain SYSTEM rights.
- A Win32k elevation of privilege vulnerability is identified as CVE-2024-30087. The rights of the user executing the impacted application would be obtained by an attacker.
- A vulnerability pertaining to an elevation of privilege exists in the Microsoft Streaming Service (CVE-2024-30089). If the attack is successful, the attacker could obtain SYSTEM rights.
- A Win32k elevation of privilege vulnerability is identified as CVE-2024-30091. The user executing the impacted application would provide the attacker access permissions.
- The Windows Kernel contains an elevation of privilege vulnerabilities, CVE-2024-30088 and CVE-2024-30099. They require an attacker to win a race condition in order to be exploited. If the attack is successful, the attacker could obtain SYSTEM rights.
Recommendation:
To stop possible exploitation, we highly advise updating all affected products with the security updates that are currently available.
Note: To prevent operational effects, please adhere to your organization’s patching and testing policies.
Product | Vulnerability | Article | Download |
Windows 10 for 32-bit Systems | CVE-2024-30080 | 5039225 | Security Update |
Windows 10 for x64-based Systems | CVE-2024-30080 | 5039225 | Security Update |
Windows 10 Version 1607 for 32-bit Systems | CVE-2024-30080 | 5039214 | Security Update |
Windows 10 Version 1607 for x64-based Systems | CVE-2024-30080 | 5039214 | Security Update |
Windows 10 Version 1809 for 32-bit Systems | CVE-2024-30080 | 5039217 | Security Update |
Windows 10 Version 1809 for ARM64-based Systems | CVE-2024-30080 | 5039217 | Security Update |
Windows 10 Version 1809 for x64-based Systems | CVE-2024-30080 | 5039217 | Security Update |
Windows 10 Version 21H2 for 32-bit Systems | CVE-2024-30080 | 5039211 | Security Update |
Windows 10 Version 21H2 for ARM64-based Systems | CVE-2024-30080 | 5039211 | Security Update |
Windows 10 Version 21H2 for x64-based Systems | CVE-2024-30080 | 5039211 | Security Update |
Windows 10 Version 22H2 for 32-bit Systems | CVE-2024-30080 | 5039211 | Security Update |
Windows 10 Version 22H2 for ARM64-based Systems | CVE-2024-30080 | 5039211 | Security Update |
Windows 10 Version 22H2 for x64-based Systems | CVE-2024-30080 | 5039211 | Security Update |
Windows 11 version 21H2 for ARM64-based Systems | CVE-2024-30080 | 5039213 | Security Update |
Windows 11 version 21H2 for x64-based Systems | CVE-2024-30080 | 5039213 | Security Update |
Windows 11 Version 22H2 for ARM64-based Systems | CVE-2024-30080 | 5039212 | Security Update |
Windows 11 Version 22H2 for x64-based Systems | CVE-2024-30080 | 5039212 | Security Update |
Windows 11 Version 23H2 for ARM64-based Systems | CVE-2024-30080 | 5039212 | Security Update |
Windows 11 Version 23H2 for x64-based Systems | CVE-2024-30080 | 5039212 | Security Update |
Windows Server 2008 for 32-bit Systems Service Pack 2 | CVE-2024-30080 | 5039245, 5039266 | Monthly Rollup, Security Only |
Windows Server 2008 for x64-based Systems Service Pack 2 | CVE-2024-30080 | 5039245, 5039266 | Monthly Rollup, Security Only |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | CVE-2024-30080 | 5039289, 5039274 | Monthly Rollup, Security Only |
Windows Server 2012 | CVE-2024-30080 | 5039260 | Monthly Rollup |
Windows Server 2012 R2 | CVE-2024-30080 | 5039294 | Monthly Rollup |
Windows Server 2016 | CVE-2024-30080 | 5039214 | Security Update |
Windows Server 2019 | CVE-2024-30080 | 5039217 | Security Update |
Windows Server 2022 | CVE-2024-30080 | 5039227, 5039330 | Security Update, Security Hotpatch Update |
Windows Server 2022, 23H2 Edition | CVE-2024-30080 | 5039236 | Security Update |
The Message Queuing (MSMQ) service must be enabled for CVE-2024-30080 to be vulnerable. If MSMQ is not needed in your environment, you could choose to disable it to stop exploitation.
Consider restricting incoming connections to TCP port 1801 from suspicious sources if it is not possible to disable MSMQ.
Reference:
https://msrc.microsoft.com/update-guide/releaseNote/2024-Jun