Patch Tuesday Update – June 2024
2024-6-12 04:18:21 Author: securityboulevard.com(查看原文) 阅读量:28 收藏

Fortra VM will include the Microsoft Patch Tuesday checks in the NIRV 4.44.0 and FVM Agent 2.8 releases.

  • Microsoft addressed 51 vulnerabilities in this release, including 1 rated as Critical and 18 Remote Code Execution vulnerabilities.
CVE/Advisory Title Tag Microsoft Severity Rating Base Score Microsoft Impact Exploited Publicly Disclosed
CVE-2024-30069 Windows Remote Access Connection Manager Information Disclosure Vulnerability Windows Remote Access Connection Manager Important 4.7 Information Disclosure No No
CVE-2024-30070 DHCP Server Service Denial of Service Vulnerability Windows DHCP Server Important 7.5 Denial of Service No No
CVE-2024-30072 Microsoft Event Trace Log File Parsing Remote Code Execution Vulnerability Windows Event Logging Service Important 7.8 Remote Code Execution No No
CVE-2024-30074 Windows Link Layer Topology Discovery Protocol Remote Code Execution Vulnerability Windows Link Layer Topology Discovery Protocol Important 8 Remote Code Execution No No
CVE-2024-30075 Windows Link Layer Topology Discovery Protocol Remote Code Execution Vulnerability Windows Link Layer Topology Discovery Protocol Important 8 Remote Code Execution No No
CVE-2024-30076 Windows Container Manager Service Elevation of Privilege Vulnerability Windows Container Manager Service Important 6.8 Elevation of Privilege No No
CVE-2024-30077 Windows OLE Remote Code Execution Vulnerability Microsoft WDAC OLE DB provider for SQL Important 8 Remote Code Execution No No
CVE-2024-30078 Windows Wi-Fi Driver Remote Code Execution Vulnerability Windows Wi-Fi Driver Important 8.8 Remote Code Execution No No
CVE-2024-30080 Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability Windows Server Service Critical 9.8 Remote Code Execution No No
CVE-2024-30082 Win32k Elevation of Privilege Vulnerability Windows Win32K – GRFX Important 7.8 Elevation of Privilege No No
CVE-2024-35250 Windows Kernel-Mode Driver Elevation of Privilege Vulnerability Windows Kernel-Mode Drivers Important 7.8 Elevation of Privilege No No
CVE-2024-35255 Azure Identity Libraries and Microsoft Authentication Library Elevation of Privilege Vulnerability Azure SDK Important 5.5 Elevation of Privilege No No
CVE-2023-50868 MITRE: CVE-2023-50868 NSEC3 closest encloser proof can exhaust CPU Microsoft Windows Important 7.5 Denial of Service No Yes
CVE-2024-29187 GitHub: CVE-2024-29187 WiX Burn-based bundles are vulnerable to binary hijack when run as SYSTEM Visual Studio Important 7.3 Elevation of Privilege No No
CVE-2024-29060 Visual Studio Elevation of Privilege Vulnerability Visual Studio Important 6.7 Elevation of Privilege No No
CVE-2024-30062 Windows Standards-Based Storage Management Service Remote Code Execution Vulnerability Windows Server Service Important 7.8 Remote Code Execution No No
CVE-2024-30063 Windows Distributed File System (DFS) Remote Code Execution Vulnerability Windows Distributed File System (DFS) Important 6.7 Remote Code Execution No No
CVE-2024-30064 Windows Kernel Elevation of Privilege Vulnerability Windows Kernel Important 8.8 Elevation of Privilege No No
CVE-2024-30065 Windows Themes Denial of Service Vulnerability Windows Themes Important 5.5 Denial of Service No No
CVE-2024-30066 Winlogon Elevation of Privilege Vulnerability Winlogon Important 5.5 Elevation of Privilege No No
CVE-2024-30067 Winlogon Elevation of Privilege Vulnerability Winlogon Important 5.5 Elevation of Privilege No No
CVE-2024-30068 Windows Kernel Elevation of Privilege Vulnerability Windows Kernel Important 8.8 Elevation of Privilege No No
CVE-2024-30083 Windows Standards-Based Storage Management Service Denial of Service Vulnerability Windows Standards-Based Storage Management Service Important 7.5 Denial of Service No No
CVE-2024-30084 Windows Kernel-Mode Driver Elevation of Privilege Vulnerability Windows Kernel-Mode Drivers Important 7 Elevation of Privilege No No
CVE-2024-30085 Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability Windows Cloud Files Mini Filter Driver Important 7.8 Elevation of Privilege No No
CVE-2024-30086 Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability Windows Win32 Kernel Subsystem Important 7.8 Elevation of Privilege No No
CVE-2024-30087 Win32k Elevation of Privilege Vulnerability Windows Win32K – GRFX Important 7.8 Elevation of Privilege No No
CVE-2024-30088 Windows Kernel Elevation of Privilege Vulnerability Windows NT OS Kernel Important 7 Elevation of Privilege No No
CVE-2024-30089 Microsoft Streaming Service Elevation of Privilege Vulnerability Microsoft Streaming Service Important 7.8 Elevation of Privilege No No
CVE-2024-30090 Microsoft Streaming Service Elevation of Privilege Vulnerability Microsoft Streaming Service Important 7 Elevation of Privilege No No
CVE-2024-30091 Win32k Elevation of Privilege Vulnerability Windows Win32K – GRFX Important 7.8 Elevation of Privilege No No
CVE-2024-30093 Windows Storage Elevation of Privilege Vulnerability Windows Storage Important 7.3 Elevation of Privilege No No
CVE-2024-30094 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability Windows Routing and Remote Access Service (RRAS) Important 7.8 Remote Code Execution No No
CVE-2024-30095 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability Windows Routing and Remote Access Service (RRAS) Important 7.8 Remote Code Execution No No
CVE-2024-30096 Windows Cryptographic Services Information Disclosure Vulnerability Windows Cryptographic Services Important 5.5 Information Disclosure No No
CVE-2024-30097 Microsoft Speech Application Programming Interface (SAPI) Remote Code Execution Vulnerability Microsoft Windows Speech Important 8.8 Remote Code Execution No No
CVE-2024-30099 Windows Kernel Elevation of Privilege Vulnerability Windows NT OS Kernel Important 7 Elevation of Privilege No No
CVE-2024-30100 Microsoft SharePoint Server Remote Code Execution Vulnerability Microsoft Office SharePoint Important 7.8 Remote Code Execution No No
CVE-2024-30101 Microsoft Office Remote Code Execution Vulnerability Microsoft Office Important 7.5 Remote Code Execution No No
CVE-2024-30102 Microsoft Office Remote Code Execution Vulnerability Microsoft Office Word Important 7.3 Remote Code Execution No No
CVE-2024-30103 Microsoft Outlook Remote Code Execution Vulnerability Microsoft Office Outlook Important 8.8 Remote Code Execution No No
CVE-2024-30104 Microsoft Office Remote Code Execution Vulnerability Microsoft Office Important 7.8 Remote Code Execution No No
CVE-2024-35248 Microsoft Dynamics 365 Business Central Elevation of Privilege Vulnerability Dynamics Business Central Important 7.3 Elevation of Privilege No No
CVE-2024-35249 Microsoft Dynamics 365 Business Central Remote Code Execution Vulnerability Dynamics Business Central Important 8.8 Remote Code Execution No No
CVE-2024-35252 Azure Storage Movement Client Library Denial of Service Vulnerability Azure Storage Library Important 7.5 Denial of Service No No
CVE-2024-35253 Microsoft Azure File Sync Elevation of Privilege Vulnerability Azure File Sync Important 4.4 Elevation of Privilege No No
CVE-2024-35254 Azure Monitor Agent Elevation of Privilege Vulnerability Azure Monitor Important 7.1 Elevation of Privilege No No
CVE-2024-35263 Microsoft Dynamics 365 (On-Premises) Information Disclosure Vulnerability Microsoft Dynamics Important 5.7 Information Disclosure No No
CVE-2024-35265 Windows Perception Service Elevation of Privilege Vulnerability Windows Perception Service Important 7 Elevation of Privilege No No
CVE-2024-37325 Azure Science Virtual Machine (DSVM) Elevation of Privilege Vulnerability Azure Data Science Virtual Machines Important 8.1 Elevation of Privilege No No
CVE-2024-30052 Visual Studio Remote Code Execution Vulnerability Visual Studio Important 4.7 Remote Code Execution No No

Quickly Find and Fix Your Most At-Risk Weaknesses

Watch this demo to see how Fortra VM can help.

WATCH THE VIDEO

The post Patch Tuesday Update – June 2024 appeared first on Digital Defense.

*** This is a Security Bloggers Network syndicated blog from Digital Defense authored by Digital Defense by Fortra. Read the original post at: https://www.digitaldefense.com/vulnerability-research/patch-tuesday-update-june-2024/


文章来源: https://securityboulevard.com/2024/06/patch-tuesday-update-june-2024/
如有侵权请联系:admin#unsafe.sh