Published: Jun 11, 2024
Key Takeaways:
- Microsoft has patched a critical flaw in Microsoft Message Queuing (MSMQ) that allows an attacker to take over a vulnerable system.
- Microsoft also fixed a vulnerability in Microsoft Outlook that could be exploited via the email preview pane.
- The KB5039212 update for Windows 11 versions 22H2 and 23H2 introduced improvements to the Windows Share menu.
Microsoft released yesterday the June 2024 Patch Tuesday updates for Windows 11 and Windows 10 devices. This month, the company has released security patches to address 49 vulnerabilities in Windows, Office, and other components.
On the quality and experiences update front, Microsoft has released a couple of improvements for the Windows Share menu in Windows 11 versions 22H2 and 23H2. The company has also introduced a new Snipping tool feature on Windows 10.
As pointed out by the Zero Day Initiative, Microsoft has addressed 49 vulnerabilities, including a critical flaw in Microsoft Message Queuing (MSMQ) technology. Here’s a list of the most important vulnerabilities Microsoft fixed this month.
You can find the full list of security patches Microsoft released this month below:
Product | Impact | Max Severity | Article | Download | Details |
Microsoft Dynamics 365 Business Central 2023 Release Wave 1 | Elevation of Privilege | Important | 5038529 | Security Update | CVE-2024-35248 |
Microsoft Office 2016 (64-bit edition) | Remote Code Execution | Important | 5002591 | Security Update | CVE-2024-30104 |
Microsoft Office 2016 (64-bit edition) | Remote Code Execution | Important | 5002575 | Security Update | CVE-2024-30104 |
Microsoft Office 2016 (32-bit edition) | Remote Code Execution | Important | 5002591 | Security Update | CVE-2024-30104 |
Microsoft Office 2016 (32-bit edition) | Remote Code Execution | Important | 5002575 | Security Update | CVE-2024-30104 |
Microsoft Office LTSC 2021 for 32-bit editions | Remote Code Execution | Important | Click to Run | Security Update | CVE-2024-30104 |
Microsoft Office LTSC 2021 for 64-bit editions | Remote Code Execution | Important | Click to Run | Security Update | CVE-2024-30104 |
Microsoft 365 Apps for Enterprise for 64-bit Systems | Remote Code Execution | Important | Click to Run | Security Update | CVE-2024-30104 |
Microsoft 365 Apps for Enterprise for 32-bit Systems | Remote Code Execution | Important | Click to Run | Security Update | CVE-2024-30104 |
Microsoft Office 2019 for 64-bit editions | Remote Code Execution | Important | Click to Run | Security Update | CVE-2024-30104 |
Microsoft Office 2019 for 32-bit editions | Remote Code Execution | Important | Click to Run | Security Update | CVE-2024-30104 |
Microsoft Outlook 2016 (64-bit edition) | Remote Code Execution | Important | 5002600 | Security Update | CVE-2024-30103 |
Microsoft Outlook 2016 (32-bit edition) | Remote Code Execution | Important | 5002600 | Security Update | CVE-2024-30103 |
Microsoft SharePoint Server Subscription Edition | Remote Code Execution | Important | 5002603 | Security Update | CVE-2024-30100 |
Microsoft SharePoint Server 2019 | Remote Code Execution | Important | 5002602 | Security Update | CVE-2024-30100 |
Microsoft SharePoint Enterprise Server 2016 | Remote Code Execution | Important | 5002604 | Security Update | CVE-2024-30100 |
Windows Server 2016 (Server Core installation) | Elevation of Privilege | Important | 5039214 | Security Update | CVE-2024-30099 |
Windows Server 2016 | Elevation of Privilege | Important | 5039214 | Security Update | CVE-2024-30099 |
Windows 10 Version 1607 for x64-based Systems | Elevation of Privilege | Important | 5039214 | Security Update | CVE-2024-30099 |
Windows 10 Version 1607 for 32-bit Systems | Elevation of Privilege | Important | 5039214 | Security Update | CVE-2024-30099 |
Windows 10 for x64-based Systems | Elevation of Privilege | Important | 5039225 | Security Update | CVE-2024-30099 |
Windows 10 for 32-bit Systems | Elevation of Privilege | Important | 5039225 | Security Update | CVE-2024-30099 |
Windows Server 2022, 23H2 Edition (Server Core installation) | Elevation of Privilege | Important | 5039236 | Security Update | CVE-2024-30099 |
Windows 11 Version 23H2 for x64-based Systems | Elevation of Privilege | Important | 5039212 | Security Update | CVE-2024-30099 |
Windows 11 Version 23H2 for ARM64-based Systems | Elevation of Privilege | Important | 5039212 | Security Update | CVE-2024-30099 |
Windows 10 Version 22H2 for 32-bit Systems | Elevation of Privilege | Important | 5039211 | Security Update | CVE-2024-30099 |
Windows 10 Version 22H2 for ARM64-based Systems | Elevation of Privilege | Important | 5039211 | Security Update | CVE-2024-30099 |
Windows 10 Version 22H2 for x64-based Systems | Elevation of Privilege | Important | 5039211 | Security Update | CVE-2024-30099 |
Windows 11 Version 22H2 for x64-based Systems | Elevation of Privilege | Important | 5039212 | Security Update | CVE-2024-30099 |
Windows 11 Version 22H2 for ARM64-based Systems | Elevation of Privilege | Important | 5039212 | Security Update | CVE-2024-30099 |
Windows 10 Version 21H2 for x64-based Systems | Elevation of Privilege | Important | 5039211 | Security Update | CVE-2024-30099 |
Windows 10 Version 21H2 for ARM64-based Systems | Elevation of Privilege | Important | 5039211 | Security Update | CVE-2024-30099 |
Windows 10 Version 21H2 for 32-bit Systems | Elevation of Privilege | Important | 5039211 | Security Update | CVE-2024-30099 |
Windows 11 version 21H2 for ARM64-based Systems | Elevation of Privilege | Important | 5039213 | Security Update | CVE-2024-30099 |
Windows 11 version 21H2 for x64-based Systems | Elevation of Privilege | Important | 5039213 | Security Update | CVE-2024-30099 |
Windows Server 2022 (Server Core installation) | Elevation of Privilege | Important | 5039227 | Security Update | CVE-2024-30099 |
Windows Server 2022 (Server Core installation) | Elevation of Privilege | Important | 5039330 | Security Hotpatch Update | CVE-2024-30099 |
Windows Server 2022 | Elevation of Privilege | Important | 5039227 | Security Update | CVE-2024-30099 |
Windows Server 2022 | Elevation of Privilege | Important | 5039330 | Security Hotpatch Update | CVE-2024-30099 |
Windows Server 2019 (Server Core installation) | Elevation of Privilege | Important | 5039217 | Security Update | CVE-2024-30099 |
Windows Server 2019 | Elevation of Privilege | Important | 5039217 | Security Update | CVE-2024-30099 |
Windows 10 Version 1809 for ARM64-based Systems | Elevation of Privilege | Important | 5039217 | Security Update | CVE-2024-30099 |
Windows 10 Version 1809 for x64-based Systems | Elevation of Privilege | Important | 5039217 | Security Update | CVE-2024-30099 |
Windows 10 Version 1809 for 32-bit Systems | Elevation of Privilege | Important | 5039217 | Security Update | CVE-2024-30099 |
Microsoft Visual Studio 2022 version 17.10 | Remote Code Execution | Important | Release Notes | Security Update | CVE-2024-30052 |
Microsoft Visual Studio 2022 version 17.8 | Remote Code Execution | Important | Release Notes | Security Update | CVE-2024-30052 |
Microsoft Visual Studio 2022 version 17.6 | Remote Code Execution | Important | Release Notes | Security Update | CVE-2024-30052 |
Microsoft Visual Studio 2022 version 17.4 | Remote Code Execution | Important | Release Notes | Security Update | CVE-2024-30052 |
Microsoft Visual Studio 2019 version 16.11 (includes 16.0 – 16.10) | Remote Code Execution | Important | Release Notes | Security Update | CVE-2024-30052 |
Microsoft Visual Studio 2017 version 15.9 (includes 15.0 – 15.8) | Remote Code Execution | Important | Release Notes | Security Update | CVE-2024-30052 |
Azure Data Science Virtual Machines for Linux | Elevation of Privilege | Important | Release Notes | Security Update | CVE-2024-37325 |
Microsoft Dynamics 365 (on-premises) version 9.1 | Information Disclosure | Important | 5039459 | Security Update | CVE-2024-35263 |
Azure Monitor Agent | Elevation of Privilege | Important | Release Notes | Security Update | CVE-2024-35254 |
Azure File Sync v17.0 | Elevation of Privilege | Important | 5039814 | Security Update | CVE-2024-35253 |
Azure File Sync v18.0 | Elevation of Privilege | Important | 5023058 | Security Update | CVE-2024-35253 |
Azure File Sync v16.0 | Elevation of Privilege | Important | 5039814 | Security Update | CVE-2024-35253 |
Azure Storage Movement Client Library for .NET | Denial of Service | Important | Release Notes | Security Update | CVE-2024-35252 |
Microsoft Dynamics 365 Business Central 2023 Release Wave 2 | Remote Code Execution | Important | 5038530 | Security Update | CVE-2024-35249 |
Microsoft Dynamics 365 Business Central 2024 Release Wave 1 | Remote Code Execution | Important | 5038531 | Security Update | CVE-2024-35249 |
Windows Server 2012 R2 (Server Core installation) | Remote Code Execution | Important | 5039294 | Monthly Rollup | CVE-2024-30095 |
Windows Server 2012 R2 | Remote Code Execution | Important | 5039294 | Monthly Rollup | CVE-2024-30095 |
Windows Server 2012 (Server Core installation) | Remote Code Execution | Important | 5039260 | Monthly Rollup | CVE-2024-30095 |
Windows Server 2012 | Remote Code Execution | Important | 5039260 | Monthly Rollup | CVE-2024-30095 |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | Remote Code Execution | Important | 5039289 | Monthly Rollup | CVE-2024-30095 |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | Remote Code Execution | Important | 5039274 | Security Only | CVE-2024-30095 |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | Remote Code Execution | Important | 5039289 | Monthly Rollup | CVE-2024-30095 |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | Remote Code Execution | Important | 5039274 | Security Only | CVE-2024-30095 |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | Remote Code Execution | Important | 5039245 | Monthly Rollup | CVE-2024-30095 |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | Remote Code Execution | Important | 5039266 | Security Only | CVE-2024-30095 |
Windows Server 2008 for x64-based Systems Service Pack 2 | Remote Code Execution | Important | 5039245 | Monthly Rollup | CVE-2024-30095 |
Windows Server 2008 for x64-based Systems Service Pack 2 | Remote Code Execution | Important | 5039266 | Security Only | CVE-2024-30095 |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | Remote Code Execution | Important | 5039245 | Monthly Rollup | CVE-2024-30095 |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | Remote Code Execution | Important | 5039266 | Security Only | CVE-2024-30095 |
Windows Server 2008 for 32-bit Systems Service Pack 2 | Remote Code Execution | Important | 5039245 | Monthly Rollup | CVE-2024-30095 |
Windows Server 2008 for 32-bit Systems Service Pack 2 | Remote Code Execution | Important | 5039266 | Security Only | CVE-2024-30095 |
Azure Identity Library for Python | Elevation of Privilege | Important | Release Notes | Security Update | CVE-2024-35255 |
Azure Identity Library for C++ | Elevation of Privilege | Important | Release Notes | Security Update | CVE-2024-35255 |
Azure Identity Library for JavaScript | Elevation of Privilege | Important | Release Notes | Security Update | CVE-2024-35255 |
Azure Identity Library for Java | Elevation of Privilege | Important | Release Notes | Security Update | CVE-2024-35255 |
Microsoft Authentication Library (MSAL) for Node.js | Elevation of Privilege | Important | Release Notes | Security Update | CVE-2024-35255 |
Microsoft Authentication Library (MSAL) for .NET | Elevation of Privilege | Important | Release Notes | Security Update | CVE-2024-35255 |
Azure Identity Library for Go | Elevation of Privilege | Important | Release Notes | Security Update | CVE-2024-35255 |
Microsoft Authentication Library (MSAL) for Java | Elevation of Privilege | Important | Release Notes | Security Update | CVE-2024-35255 |
Azure Identity Library for .NET | Elevation of Privilege | Important | Release Notes | Security Update | CVE-2024-35255 |
Microsoft has released the KB5039212 update for users running Windows 11 versions 23H2 and 22H2. The Windows Share menu now lets users create QR codes for sharing web pages and cloud files in Microsoft Edge. Moreover, users can sign in with their Microsoft account in the Windows Backup app to back up files, settings, themes, Wi-Fi information, and installed apps.
Additionally, the KB5039213 brings a couple of bug fixes for Windows 11 version 21H2. This release also enables the SMB over QUIC client certificate authentication feature that lets IT admins restrict which client devices can access SMB over QUIC servers.
For Windows 10 version 22H2, Microsoft has started rolling out a new Snipping tool feature that allows users to edit the picture taken on their Android phones on Windows devices.
Organizations looking to deploy this month’s patches should conduct thorough testing before deploying them widely on production systems. That said, applying the patches widely shouldn’t be delayed longer than necessary as hackers start to work out how to weaponize newly reported vulnerabilities.
A best practice is to make sure you have backed up systems before applying updates. Every month, users experience issues with Windows updates that lead to systems not booting, application and hardware compatibility issues, or even data loss in extreme cases.
There are backup tools built into Windows and Windows Server that you can use to restore systems in the event a patch causes a problem. The backup features in Windows can be used to restore an entire system, or files and folders on a granular basis.