Microsoft released security updates addressing multiple vulnerabilities across Windows, Office, and Azure services. The updates include fixes for remote code execution, elevation of privilege, and information disclosure flaws. Users should apply patches immediately.
Microsoft issued security updates for June 2024. The updates resolve 49 vulnerabilities across various products. Eleven vulnerabilities are rated critical. Thirty-eight are rated important.
Affected products include Windows 10, Windows 11, Windows Server 2022, Microsoft Office, Microsoft Exchange Server, and Azure Kubernetes Service. The updates address remote code execution, elevation of privilege, information disclosure, and spoofing vulnerabilities.
CVE-2024-30051 is a critical remote code execution vulnerability in Windows TCP/IP stack. Attackers could execute code by sending specially crafted network packets. CVSS score: 9.8. Affected versions: Windows 10 version 1809 and later, Windows 11, Windows Server 2019 and later.
CVE-2024-30078 is an elevation of privilege vulnerability in Windows Common Log File System Driver. Attackers with low privileges could gain SYSTEM privileges. CVSS score: 7.8. Affected versions: All supported Windows versions.
CVE-2024-26234 is a critical remote code execution vulnerability in Microsoft Exchange Server. Attackers could execute code via specially crafted email messages. CVSS score: 9.1. Affected versions: Exchange Server 2016 and 2019.
Mitigation: Apply the June 2024 Security Update immediately. Use Windows Update, Microsoft Update Catalog, or WSUS. For Exchange Server, apply the Cumulative Update. For Azure Kubernetes Service, update to the latest patched node image.
Workarounds are not available for CVE-2024-30051 or CVE-2024-26234. Network-level filtering may reduce risk for CVE-2024-30051 but does not replace patching.
Timeline: Vulnerabilities reported to MSRC between February and May 2024. Microsoft coordinated with partners for simultaneous patch release. Updates released June 11, 2024. Next update cycle scheduled for July 9, 2024.
Users should prioritize patching internet-facing systems. Domain controllers and Exchange servers require immediate attention. Review MSRC advisory ADV240001 for complete details.
Comments
Please log in or register to join the discussion