Microsoft fixes 51 vulnerabilities in the June 2024 Patch Tuesday update

Update your system to receive the security updates as soon as possible

Reading time icon 2 min. read


Readers help support Windows Report. We may get a commission if you buy through our links. Tooltip Icon

Read our disclosure page to find out how can you help Windows Report sustain the editorial team. Read more

Microsoft released the June Patch Tuesday security updates

Microsoft has just published its June 2024 Patch Tuesday, which resolves a total of 51 flaws with 18 being remote code execution (RCE) vulnerabilities. Apart from these, they have also fixed one publicly disclosed zero-day vulnerability that was indexed as CVE-2023-50868 and could lead to CPU exhaustion in Azure systems if successfully exploited by an attacker.

Within the 51 discovered vulnerabilities, there are 25 flaws for elevation of privilege, three weaknesses in information disclosure and five bugs causing denial of service. The 18 RCE flaws are found in different components of Windows such as kernel mode drivers, Windows Distributed File System (DFS), Microsoft Streaming Service (MSS), Microsoft WDAC OLE DB provider for SQL and Azure SDK.

What is the most important fix in the June security update?

Microsoft has resolved 18 critical vulnerabilities. However, only one vulnerability named CVE-2024-30080 is considered critical. This is because it’s a remote code execution vulnerability in Microsoft Message Queuing (MSMQ).

Apart from the important issues, Microsoft has resolved seven weaknesses in Microsoft Office that could have been used for distant code execution, such as bugs within Outlook and other programs like Word or Excel. There were also problems found in SharePoint and the Microsoft Streaming Service.

A serious elevation of privilege bug and RCE bugs were fixed for Microsoft Dynamics 365 Business Central enterprise resource planning platform as well as Microsoft Dynamics 365 (On-Premises) customer relationship management software. Also, Microsoft Speech Application Programming Interface (SAPI) has been patched for similar risks.

Furthermore, Microsoft has addressed a vulnerability in Windows Cloud Files Mini Filter Driver that could enable an intruder to evade the sandbox and raise their privileges. This is the second instance where this type of flaw has been resolved within past many months.

The flaw with the code number CVE-2024-30085 was fixed by Microsoft in May, yet it seems that the patch they provided was not enough. Microsoft also patched the same flaw, with code number CVE-2024-30085, in May but now it looks like this fix didn’t work well.

As usual, the most straightforward method for installing recent updates is to look up Windows Update in your search bar and choose the option Check for updates. If you like to do it yourself, find these upgrades on Microsoft Update Catalog site.

What are your thoughts on the most recent Microsoft Patch Tuesday updates? Share them in the comments section.

User forum

0 messages