June’s Patch Tuesday saw a release of 49 patches across 7 product families by Microsoft. The largest chunk of patches, 34 in total, were dedicated to Windows. The remaining patches were for Azure, 365 Apps for Enterprise, Dynamics 365, Office, Visual Studio, and SharePoint.
None of the issues addressed in the patches were known to be actively exploited. However, Microsoft highlighted eleven vulnerabilities in Windows that were deemed more likely to be exploited in the next 30 days. Among these, one critical-severity issue stood out and was discussed in detail – CVE-2024-30080, the Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability.
Aside from the Windows patches, there were advisory information on patches related to the Edge browser, GitHub, and an intriguing advisory from MITRE that had implications beyond just Windows but also affected a significant portion of the internet. In addition, two patches from Adobe were also included in the release.
The distribution of impacts among the patches in June were displayed in a bar chart, with Remote Code Execution vulnerabilities leading the pack, followed by Elevation of Privilege, Information Disclosure, Denial of Service, and other categories.
One of the notable updates in June was CVE-2023-50868 issued by MITRE regarding NSEC3 closest encloser proof, which could potentially exhaust CPU resources and affect DNSSEC operations.
Another critical vulnerability highlighted was CVE-2024-37325, an Azure Science Virtual Machine (DSVM) Elevation of Privilege Vulnerability, which could allow unauthorized access to user credentials if the affected machine is not updated.
Across different product families, notable vulnerabilities were listed, such as those affecting Visual Studio, Azure, 365 Apps for Enterprise, Dynamics 365, Office, and SharePoint. Each vulnerability was assessed based on its severity and impact on the respective products.
In terms of exploitability, Microsoft identified certain CVEs that were more likely to be exploited within the first 30 days post-release. These vulnerabilities were listed according to severity and product family to aid administrators in prioritizing their patching efforts.
Overall, the June Patch Tuesday release by Microsoft covered a wide range of vulnerabilities across various products and highlighted the importance of staying updated with security patches to mitigate potential risks associated with cyber threats.