Article Details
Scrape Timestamp (UTC): 2024-06-11 17:36:12.348
Original Article Text
Click to Toggle View
Microsoft June 2024 Patch Tuesday fixes 51 flaws, 18 RCEs. Today is Microsoft's June 2024 Patch Tuesday, which includes security updates for 51 flaws, eighteen remote code execution flaws, and one publicly disclosed zero-day vulnerability. This Patch Tuesday fixed 18 RCE flaws but only one critical vulnerability, a remote code execution vulnerability in Microsoft Message Queuing (MSMQ). The number of bugs in each vulnerability category is listed below: The total count of 51 flaws does not include 7 Microsoft Edge flaws fixed on June 3rd. One publicly disclosed zero-day This month's Patch Tuesday fixes one publicly disclosed zero-day, with no actively exploited flaw fixed today. Microsoft classifies a zero-day as a flaw publicly disclosed or actively exploited with no official fix available. The publicly disclosed zero-day vulnerability is the previously disclosed 'Keytrap' attack in the DNS protocol that Microsoft has now fixed as part of today's updates. CVE-2023-50868 - MITRE: CVE-2023-50868 NSEC3 closest encloser proof can exhaust CPU "CVE-2023-50868 is regarding a vulnerability in DNSSEC validation where an attacker could exploit standard DNSSEC protocols intended for DNS integrity by using excessive resources on a resolver, causing a denial of service for legitimate users. MITRE created this CVE on their behalf," reads the Microsoft advisory. This flaw was previously disclosed in February and patched in numerous DNS implementations, including BIND, PowerDNS, Unbound, Knot Resolver, and Dnsmasq. Other interesting vulnerabilities fixed this month include multiple Microsoft Office remote code execution flaws, including Microsoft Outlook RCEs that can be exploited from the preview pane. Microsoft also fixed seven Windows Kernel privilege elevation flaws that could allow a local attacker to gain SYSTEM privileges. Recent updates from other companies Other vendors who released updates or advisories in June 2024 include: Unfortunately, we will no longer be linking to SAP's Patch Tuesday security updates as they have placed them behind a customer login. The June 2024 Patch Tuesday Security Updates Below is the complete list of resolved vulnerabilities in the June 2024 Patch Tuesday updates. To access the full description of each vulnerability and the systems it affects, you can view the full report here.
Daily Brief Summary
Microsoft released security updates for 51 flaws on June 2024 Patch Tuesday, including 18 Remote Code Execution (RCE) vulnerabilities.
The patch includes fixes for a critical RCE flaw in Microsoft Message Queuing (MSMQ) and a publicly disclosed zero-day vulnerability known as 'Keytrap' in the DNS protocol.
The zero-day had been disclosed previously without an available fix, potentially impacting DNS integrity and performance.
Other notable fixes include multiple Microsoft Office-related RCEs, specifically vulnerabilities in Microsoft Outlook that could be exploited from the preview pane.
The update also resolved seven Windows Kernel privilege elevation flaws, which could allow a local attacker to obtain SYSTEM privileges.
Alongside Microsoft updates, other vendors have also released patches and advisories, however, SAP now restricts access to their updates behind a customer login.
This Patch Tuesday did not address any actively exploited vulnerabilities but focused on previously known issues and enhancing overall system security.