Microsoft Releases June 2024 Patch Tuesday Updates

Published: Jun 11, 2024

Windows 11 approved hero 1

SHARE ARTICLE

Key Takeaways:

  • Microsoft has patched a critical flaw in Microsoft Message Queuing (MSMQ) that allows an attacker to take over a vulnerable system.
  • Microsoft also fixed a vulnerability in Microsoft Outlook that could be exploited via the email preview pane.
  • The KB5039212 update for Windows 11 versions 22H2 and 23H2 introduced improvements to the Windows Share menu.

Microsoft released yesterday the June 2024 Patch Tuesday updates for Windows 11 and Windows 10 devices. This month, the company has released security patches to address 49 vulnerabilities in Windows, Office, and other components.

On the quality and experiences update front, Microsoft has released a couple of improvements for the Windows Share menu in Windows 11 versions 22H2 and 23H2. The company has also introduced a new Snipping tool feature on Windows 10.

49 vulnerabilities fixed with the June 2024 Patch Tuesday updates

As pointed out by the Zero Day Initiative, Microsoft has addressed 49 vulnerabilities, including a critical flaw in Microsoft Message Queuing (MSMQ) technology. Here’s a list of the most important vulnerabilities Microsoft fixed this month.

  • CVE-2024-30080: This is a critical remote code execution (RCE) vulnerability in Microsoft Message Queuing (MSMQ) with a CVSS score of 9.8. MSMQ is a synchronous messaging feature used to deliver and read messages from queues in Windows. This flaw could allow an unauthenticated hacker to completely take over a vulnerable Windows system by sending a specially crafted malicious MSMQ packet. It affects all versions of Windows, including Windows 10 and Windows Server 2008.
  • CVE-2023-50868: This is a denial-of-service (DoS) vulnerability in Windows Server with a CVSS rating of 7.5. It could allow hackers to exhaust CPU resources and disrupt the DNS resolution process on a vulnerable system, preventing users from accessing websites and online services.
  • CVE-2024-30070: This Dynamic Host Configuration Protocol (DHCP) Server denial-of-service vulnerability affects Windows machines. Cybercriminals could exploit it to automatically assign IP addresses to network devices.
  • CVE-2024-30103: This remote code execution vulnerability in Microsoft Outlook has a CVSS score of 8.8. An attacker can trigger it via the email Preview Pane, bypassing Outlook registry block lists and creating malicious DLL files to target the victim.
  • CVE-2024-30099: This elevation-of-privilege (EoP) vulnerability in the Windows Kernel Driver could allow hackers to hijack an affected system.
  • CVE-2024-30089: This vulnerability in Microsoft Streaming Services lets threat actors gain system-level privileges. However, Microsoft noted that this security flaw is harder to exploit.

You can find the full list of security patches Microsoft released this month below:

ProductImpactMax SeverityArticleDownloadDetails
Microsoft Dynamics 365 Business Central 2023 Release Wave 1Elevation of PrivilegeImportant5038529Security UpdateCVE-2024-35248
Microsoft Office 2016 (64-bit edition)Remote Code ExecutionImportant5002591Security UpdateCVE-2024-30104
Microsoft Office 2016 (64-bit edition)Remote Code ExecutionImportant5002575Security UpdateCVE-2024-30104
Microsoft Office 2016 (32-bit edition)Remote Code ExecutionImportant5002591Security UpdateCVE-2024-30104
Microsoft Office 2016 (32-bit edition)Remote Code ExecutionImportant5002575Security UpdateCVE-2024-30104
Microsoft Office LTSC 2021 for 32-bit editionsRemote Code ExecutionImportantClick to RunSecurity UpdateCVE-2024-30104
Microsoft Office LTSC 2021 for 64-bit editionsRemote Code ExecutionImportantClick to RunSecurity UpdateCVE-2024-30104
Microsoft 365 Apps for Enterprise for 64-bit SystemsRemote Code ExecutionImportantClick to RunSecurity UpdateCVE-2024-30104
Microsoft 365 Apps for Enterprise for 32-bit SystemsRemote Code ExecutionImportantClick to RunSecurity UpdateCVE-2024-30104
Microsoft Office 2019 for 64-bit editionsRemote Code ExecutionImportantClick to RunSecurity UpdateCVE-2024-30104
Microsoft Office 2019 for 32-bit editionsRemote Code ExecutionImportantClick to RunSecurity UpdateCVE-2024-30104
Microsoft Outlook 2016 (64-bit edition)Remote Code ExecutionImportant5002600Security UpdateCVE-2024-30103
Microsoft Outlook 2016 (32-bit edition)Remote Code ExecutionImportant5002600Security UpdateCVE-2024-30103
Microsoft SharePoint Server Subscription EditionRemote Code ExecutionImportant5002603Security UpdateCVE-2024-30100
Microsoft SharePoint Server 2019Remote Code ExecutionImportant5002602Security UpdateCVE-2024-30100
Microsoft SharePoint Enterprise Server 2016Remote Code ExecutionImportant5002604Security UpdateCVE-2024-30100
Windows Server 2016 (Server Core installation)Elevation of PrivilegeImportant5039214Security UpdateCVE-2024-30099
Windows Server 2016Elevation of PrivilegeImportant5039214Security UpdateCVE-2024-30099
Windows 10 Version 1607 for x64-based SystemsElevation of PrivilegeImportant5039214Security UpdateCVE-2024-30099
Windows 10 Version 1607 for 32-bit SystemsElevation of PrivilegeImportant5039214Security UpdateCVE-2024-30099
Windows 10 for x64-based SystemsElevation of PrivilegeImportant5039225Security UpdateCVE-2024-30099
Windows 10 for 32-bit SystemsElevation of PrivilegeImportant5039225Security UpdateCVE-2024-30099
Windows Server 2022, 23H2 Edition (Server Core installation)Elevation of PrivilegeImportant5039236Security UpdateCVE-2024-30099
Windows 11 Version 23H2 for x64-based SystemsElevation of PrivilegeImportant5039212Security UpdateCVE-2024-30099
Windows 11 Version 23H2 for ARM64-based SystemsElevation of PrivilegeImportant5039212Security UpdateCVE-2024-30099
Windows 10 Version 22H2 for 32-bit SystemsElevation of PrivilegeImportant5039211Security UpdateCVE-2024-30099
Windows 10 Version 22H2 for ARM64-based SystemsElevation of PrivilegeImportant5039211Security UpdateCVE-2024-30099
Windows 10 Version 22H2 for x64-based SystemsElevation of PrivilegeImportant5039211Security UpdateCVE-2024-30099
Windows 11 Version 22H2 for x64-based SystemsElevation of PrivilegeImportant5039212Security UpdateCVE-2024-30099
Windows 11 Version 22H2 for ARM64-based SystemsElevation of PrivilegeImportant5039212Security UpdateCVE-2024-30099
Windows 10 Version 21H2 for x64-based SystemsElevation of PrivilegeImportant5039211Security UpdateCVE-2024-30099
Windows 10 Version 21H2 for ARM64-based SystemsElevation of PrivilegeImportant5039211Security UpdateCVE-2024-30099
Windows 10 Version 21H2 for 32-bit SystemsElevation of PrivilegeImportant5039211Security UpdateCVE-2024-30099
Windows 11 version 21H2 for ARM64-based SystemsElevation of PrivilegeImportant5039213Security UpdateCVE-2024-30099
Windows 11 version 21H2 for x64-based SystemsElevation of PrivilegeImportant5039213Security UpdateCVE-2024-30099
Windows Server 2022 (Server Core installation)Elevation of PrivilegeImportant5039227Security UpdateCVE-2024-30099
Windows Server 2022 (Server Core installation)Elevation of PrivilegeImportant5039330Security Hotpatch UpdateCVE-2024-30099
Windows Server 2022Elevation of PrivilegeImportant5039227Security UpdateCVE-2024-30099
Windows Server 2022Elevation of PrivilegeImportant5039330Security Hotpatch UpdateCVE-2024-30099
Windows Server 2019 (Server Core installation)Elevation of PrivilegeImportant5039217Security UpdateCVE-2024-30099
Windows Server 2019Elevation of PrivilegeImportant5039217Security UpdateCVE-2024-30099
Windows 10 Version 1809 for ARM64-based SystemsElevation of PrivilegeImportant5039217Security UpdateCVE-2024-30099
Windows 10 Version 1809 for x64-based SystemsElevation of PrivilegeImportant5039217Security UpdateCVE-2024-30099
Windows 10 Version 1809 for 32-bit SystemsElevation of PrivilegeImportant5039217Security UpdateCVE-2024-30099
Microsoft Visual Studio 2022 version 17.10Remote Code ExecutionImportantRelease NotesSecurity UpdateCVE-2024-30052
Microsoft Visual Studio 2022 version 17.8Remote Code ExecutionImportantRelease NotesSecurity UpdateCVE-2024-30052
Microsoft Visual Studio 2022 version 17.6Remote Code ExecutionImportantRelease NotesSecurity UpdateCVE-2024-30052
Microsoft Visual Studio 2022 version 17.4Remote Code ExecutionImportantRelease NotesSecurity UpdateCVE-2024-30052
Microsoft Visual Studio 2019 version 16.11 (includes 16.0 – 16.10)Remote Code ExecutionImportantRelease NotesSecurity UpdateCVE-2024-30052
Microsoft Visual Studio 2017 version 15.9 (includes 15.0 – 15.8)Remote Code ExecutionImportantRelease NotesSecurity UpdateCVE-2024-30052
Azure Data Science Virtual Machines for LinuxElevation of PrivilegeImportantRelease NotesSecurity UpdateCVE-2024-37325
Microsoft Dynamics 365 (on-premises) version 9.1Information DisclosureImportant5039459Security UpdateCVE-2024-35263
Azure Monitor AgentElevation of PrivilegeImportantRelease NotesSecurity UpdateCVE-2024-35254
Azure File Sync v17.0Elevation of PrivilegeImportant5039814Security UpdateCVE-2024-35253
Azure File Sync v18.0Elevation of PrivilegeImportant5023058Security UpdateCVE-2024-35253
Azure File Sync v16.0Elevation of PrivilegeImportant5039814Security UpdateCVE-2024-35253
Azure Storage Movement Client Library for .NETDenial of ServiceImportantRelease NotesSecurity UpdateCVE-2024-35252
Microsoft Dynamics 365 Business Central 2023 Release Wave 2Remote Code ExecutionImportant5038530Security UpdateCVE-2024-35249
Microsoft Dynamics 365 Business Central 2024 Release Wave 1Remote Code ExecutionImportant5038531Security UpdateCVE-2024-35249
Windows Server 2012 R2 (Server Core installation)Remote Code ExecutionImportant5039294Monthly RollupCVE-2024-30095
Windows Server 2012 R2Remote Code ExecutionImportant5039294Monthly RollupCVE-2024-30095
Windows Server 2012 (Server Core installation)Remote Code ExecutionImportant5039260Monthly RollupCVE-2024-30095
Windows Server 2012Remote Code ExecutionImportant5039260Monthly RollupCVE-2024-30095
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)Remote Code ExecutionImportant5039289Monthly RollupCVE-2024-30095
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)Remote Code ExecutionImportant5039274Security OnlyCVE-2024-30095
Windows Server 2008 R2 for x64-based Systems Service Pack 1Remote Code ExecutionImportant5039289Monthly RollupCVE-2024-30095
Windows Server 2008 R2 for x64-based Systems Service Pack 1Remote Code ExecutionImportant5039274Security OnlyCVE-2024-30095
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)Remote Code ExecutionImportant5039245Monthly RollupCVE-2024-30095
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)Remote Code ExecutionImportant5039266Security OnlyCVE-2024-30095
Windows Server 2008 for x64-based Systems Service Pack 2                                                   Remote Code ExecutionImportant5039245Monthly RollupCVE-2024-30095
Windows Server 2008 for x64-based Systems Service Pack 2Remote Code ExecutionImportant5039266Security OnlyCVE-2024-30095
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)Remote Code ExecutionImportant5039245Monthly RollupCVE-2024-30095
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)Remote Code ExecutionImportant5039266Security OnlyCVE-2024-30095
Windows Server 2008 for 32-bit Systems Service Pack 2Remote Code ExecutionImportant5039245Monthly RollupCVE-2024-30095
Windows Server 2008 for 32-bit Systems Service Pack 2Remote Code ExecutionImportant5039266Security OnlyCVE-2024-30095
Azure Identity Library for PythonElevation of PrivilegeImportantRelease NotesSecurity UpdateCVE-2024-35255
Azure Identity Library for C++Elevation of PrivilegeImportantRelease NotesSecurity UpdateCVE-2024-35255
Azure Identity Library for JavaScriptElevation of PrivilegeImportantRelease NotesSecurity UpdateCVE-2024-35255
Azure Identity Library for JavaElevation of PrivilegeImportantRelease NotesSecurity UpdateCVE-2024-35255
Microsoft Authentication Library (MSAL) for Node.jsElevation of PrivilegeImportantRelease NotesSecurity UpdateCVE-2024-35255
Microsoft Authentication Library (MSAL) for .NETElevation of PrivilegeImportantRelease NotesSecurity UpdateCVE-2024-35255
Azure Identity Library for GoElevation of PrivilegeImportantRelease NotesSecurity UpdateCVE-2024-35255
Microsoft Authentication Library (MSAL) for JavaElevation of PrivilegeImportantRelease NotesSecurity UpdateCVE-2024-35255
Azure Identity Library for .NETElevation of PrivilegeImportantRelease NotesSecurity UpdateCVE-2024-35255

Quality and experience updates

Microsoft has released the KB5039212 update for users running Windows 11 versions 23H2 and 22H2. The Windows Share menu now lets users create QR codes for sharing web pages and cloud files in Microsoft Edge. Moreover, users can sign in with their Microsoft account in the Windows Backup app to back up files, settings, themes, Wi-Fi information, and installed apps.

Additionally, the KB5039213 brings a couple of bug fixes for Windows 11 version 21H2. This release also enables the SMB over QUIC client certificate authentication feature that lets IT admins restrict which client devices can access SMB over QUIC servers.

For Windows 10 version 22H2, Microsoft has started rolling out a new Snipping tool feature that allows users to edit the picture taken on their Android phones on Windows devices.

Windows Update testing and best practices

Organizations looking to deploy this month’s patches should conduct thorough testing before deploying them widely on production systems. That said, applying the patches widely shouldn’t be delayed longer than necessary as hackers start to work out how to weaponize newly reported vulnerabilities.

A best practice is to make sure you have backed up systems before applying updates. Every month, users experience issues with Windows updates that lead to systems not booting, application and hardware compatibility issues, or even data loss in extreme cases.

There are backup tools built into Windows and Windows Server that you can use to restore systems in the event a patch causes a problem. The backup features in Windows can be used to restore an entire system, or files and folders on a granular basis.

SHARE ARTICLE