Patch Tuesday June 2024 - Zero zero days!

***If you are receiving this email, it is because you subscribed to it. If you have not subscribed and want to unsubscribe, click here. Please do not mark as spam instead. We've had some problems lately with email blacklisting. We'd appreciate if you unsubscribe if you don't want mailings from us.***

Welcome to my June Patch Tuesday newsletter. I was pleasantly surprised this month while researching the updates. There isn't much to bring attention to for June's Patch Tuesday. Our biggest concerns are two publicly disclosed but not exploited (yet) updates. Let's look at CVE-2023-50868 first. Rated as "Exploitation Less Likely" this update could allow an attacker to exploit standard DNSSEC protocols intended for DNS integrity by using excessive resources causing a denial of service for legitimate users. It would good to test and update when you can. CVE-2024-30060 is our next update that is also publicly disclosed. This CVE has a CVSS score a little bit higher at 7.8/6.8. This is also rated "Exploitation Less Likely". This vulnerability could allow an attacker to delete targeted files on a system which could result in a privilege escalation gaining SYSTEM privileges. Browse the chart below and make sure that any products in your environment don't get missed this month.

Besides these there is not much to talk about this month. It's a fairly light month with the usual being released. I recently had a webinar showing how my Supercharger product can help you collect the events you need from your domain controllers to detect malicious activity. Unfortunately, our webinar service provider had a few audio issues. We still managed to do the live event but if you missed it or were there and want to see a recording of it you can register for it here.

Happy patching!

So, without further ado, here’s the chart of MS patches that affect Windows platforms in the past month.

Patch data provided by:
Technology	Products Affected	Severity	Reference	Workaround/ Exploited / Publicly Disclosed	Vulnerability Info
Windows	Windows 10, 11 Server 2008 SP2, 2008 R2 SP1, 2012, 2012 R2, 2016, 2019, 2022 including Server Core Installations	Critical	CVE-2023-50868 CVE-2024-30062 CVE-2024-30063 CVE-2024-30064 CVE-2024-30065 CVE-2024-30066 CVE-2024-30067 CVE-2024-30068 CVE-2024-30069 CVE-2024-30070 CVE-2024-30072 CVE-2024-30074 CVE-2024-30075 CVE-2024-30076 CVE-2024-30077 CVE-2024-30078 CVE-2024-30080 CVE-2024-30082 CVE-2024-30083 CVE-2024-30084 CVE-2024-30085 CVE-2024-30086 CVE-2024-30087 CVE-2024-30088 CVE-2024-30089 CVE-2024-30090 CVE-2024-30091 CVE-2024-30093 CVE-2024-30094 CVE-2024-30095 CVE-2024-30096 CVE-2024-30097 CVE-2024-30099 CVE-2024-35250 CVE-2024-35265	Workaround: No Exploited: No Public: Yes	Denial of Service Elevation of Privilege Information Disclosure Remote Code Execution
Edge	Chromium-based	Important	CVE-2024-30056 CVE-2024-4947 CVE-2024-4948 CVE-2024-4949 CVE-2024-4950 CVE-2024-5157 CVE-2024-5158 CVE-2024-5159 CVE-2024-5160 CVE-2024-5274 CVE-2024-5493 CVE-2024-5494 CVE-2024-5495 CVE-2024-5496 CVE-2024-5497 CVE-2024-5498 CVE-2024-5499	Workaround: No Exploited: No Public: No	Information Disclosure
Office and SharePoint	365 Apps for Enterprise Office 2016, 2019, LTSC 2021 Outlook 2016 SharePoint Enterprise Server 2016 SharePoint Server 2019 SharePoint Server Subscription Edition	Important	CVE-2024-30100 CVE-2024-30101 CVE-2024-30102 CVE-2024-30103 CVE-2024-30104	Workaround: No Exploited: No Public: No	Remote Code Execution
Dynamics	365 On-Prem version 9.1 365 Business Central 2023 Release Wave 1 & 2 365 Business Central 2024 Release Wave 1	Important	CVE-2024-35248 CVE-2024-35249 CVE-2024-35263	Workaround: No Exploited: No Public: No	Elevation of Privilege Information Disclosure Remote Code Execution
Visual Studio	2017 15.9 - 15.0 2019 16.11 - 16.0 2022 17.4, 17.6, 17.8, 17.10	Important	CVE-2024-29060 CVE-2024-29187 CVE-2024-30052	Workaround: No Exploited: No Public: No	Elevation of Privilege Remote Code Execution
Azure	Data Science Virtual Machines for Linux File Sync v16 - v18 Identity Library for .NET, C++, Go, Java, JavaScript, Python Monitor Agent Storage Movement Client Library for .NET MSAL for .NET, Java, Node.js	Important	CVE-2024-30060 CVE-2024-35252 CVE-2024-35253 CVE-2024-35254 CVE-2024-35255 CVE-2024-37325	Workaround: No Exploited: No Public: Yes	Denial of Service Elevation of Privilege

Thanks as always for reading and best wishes on security,

Randy Franklin Smith

Click here to unsubscribe

Ultimate Windows Security is a division of Monterey Technology Group, Inc. ©2006-2024 Monterey Technology Group, All rights reserved. You may forward this email in its entirety but all other rights reserved.

9450 SW Gemini Drive #53822, Beaverton, OR 97008

Note: We do our best to provide quality information and expert commentary but use all information at your own risk.