Microsoft Patch Tuesday for June 2024 Fixes 49 Vulnerabilities

Microsoft's June 2024 Updates Fix 49 Vulnerabilities, Including One Critical and One Zero-Day.

Microsoft regularly releases an anticipated batch of security patches and updates for various products and services on every second Tuesday of the month. And keep this tradition today Microsoft addresses 49 security bugs in its June 2024 Patch Tuesday update. Only one vulnerability fixed today was classified as Critical as they enable attackers to achieve remote code execution, privilege elevation, or spoofing, and 48 are rated Important or moderate in severity.  Microsoft also addressed One zero-day vulnerabilities known to be exploited in the wild.

Here’s a list of the most important vulnerabilities Microsoft fixed this month.

  • CVE-2024-30080: This is a critical remote code execution (RCE) vulnerability in Microsoft Message Queuing (MSMQ) with a CVSS score of 9.8. MSMQ is a synchronous messaging feature used to deliver and read messages from queues in Windows. This flaw could allow an unauthenticated hacker to completely take over a vulnerable Windows system by sending a specially crafted malicious MSMQ packet. It affects all versions of Windows, including Windows 10 and Windows Server 2008.
  • CVE-2023-50868: This is a denial-of-service (DoS) vulnerability in Windows Server with a CVSS rating of 7.5. It could allow hackers to exhaust CPU resources and disrupt the DNS resolution process on a vulnerable system, preventing users from accessing websites and online services.
  • CVE-2024-30070: This Dynamic Host Configuration Protocol (DHCP) Server denial-of-service vulnerability affects Windows machines. Cybercriminals could exploit it to automatically assign IP addresses to network devices.
  • CVE-2024-30103: This remote code execution vulnerability in Microsoft Outlook has a CVSS score of 8.8. An attacker can trigger it via the email Preview Pane, bypassing Outlook registry block lists and creating malicious DLL files to target the victim.
  • CVE-2024-30099: This elevation-of-privilege (EoP) vulnerability in the Windows Kernel Driver could allow hackers to hijack an affected system.
  • CVE-2024-30089: This vulnerability in Microsoft Streaming Services lets threat actors gain system-level privileges. However, Microsoft noted that this security flaw is harder to exploit.

 Microsoft addresses 49 CVEs in its June 2024 Patch Tuesday update Including One Critical and One Zero-Day

Microsoft Patch Tuesday for June 2024

June 2024 Microsoft Patch Tuesday, various products and components received updates to address vulnerabilities. These include Microsoft Office, .NET frameworks, Azure services, and more. The updates address issues like Denial of Service, Elevation of Privilege, Remote Code Execution, and more, contributing to a more secure software environment.

- Advertisement -
  • 25 Elevation of privilege (EoP) bugs, (Important 25)
  • 18 Remote code execution (RCE) vulnerabilities, (Important 17 Critical 1)
  • 3 Information disclosure bugs, (important 3)
  • 5 denial of service bugs, (Important 5)

Windows security updates

In addition to the security fixes, Microsoft has also published an update for the Windows Update service to improve its reliability and performance.

  • KB5039212 for Windows 11 version 23H2 (OS build 22631.3737) and 22H2 (OS Build 22621.3737)
  • KB5039213 for Windows 11 version 21H1 (OS Build 22000.3019)
  • KB5039211 for windows 10 version 22H2 (OS build 19045.4529)
  • KB5039217 for Windows 10 version 1809 (OS Build 17763.5936)
  • KB5039214 for Windows 10 version 1607 (OS Build 14393.7070)

Windows 11 KB5039212 and Windows 10 KB5039211 address the following vulnerabilities.

The Windows 10 update KB5039211 introduces several enhancements and fixes. It addresses an issue that affects lsass.exe. It stops responding. This occurs after you install the April 2024 security updates on Windows servers.

- Advertisement -

This update addresses an issue that affects lsass.exe. It leaks memory. This occurs during a Local Security Authority (Domain Policy) Remote Protocol (LSARPC) call. It also includes all changes of the May 24 Preview update.

The Windows 11 update KB5039212 includes several key improvements and fixes. It adds drag-and-drop support in the File Explorer address bar. You’ll also notice a new Microsoft account menu in the Start menu. This update addresses a known issue that affects the taskbar. It might briefly glitch or not respond. It might also disappear and reappear. This update addresses an issue that might stop your system from resuming from hibernate. This occurs after you turn on BitLocker. It also includes all changes of the June 2024 Preview update.

Windows 7 and Windows 8.1 reached the End of support from Microsoft, which means the company no longer provides frequent updates or security patches for these operating systems. For more information please visit the Microsoft lifecycle page at https://learn.microsoft.com/en-us/lifecycle/end-of-support/end-of-support-2023

Download the Windows 10 update

All these security updates are automatically downloaded and installed via Windows update. Or you can force Windows update from settings, update & security check for updates to install June 2024 patch updates immediately on your device.

Download Windows 10 KB5039211 update

Windows update offline installers:

Windows 10 KB5039217 (for version 1809) Offline Download links

If you are Looking for Windows 10 22H2 Update ISO image click here Or check How to Upgrade to Windows 10 version 22H2 Using the media creation tool.

If you face any difficulty while installing these updates, Check the Windows 10 Update troubleshooting guide to fix the Windows 10 Cumulative update stuck downloading, failed to install with different errors, etc.

What time do Patch Tuesday patches come out?

  • Microsoft schedules the release of security updates on “Patch Tuesday,” the second Tuesday of each month at 10:00 AM PST.

Is Patch Tuesday weekly or monthly?

  • Patch Tuesday falls on the second Tuesday of each month. The upcoming Patch Tuesday is on June 11, 2024.

Why did the second Tuesday of every month called Patch Tuesday?

  • The second Tuesday of the month is referred to as “Patch Tuesday” because Microsoft attempts to combine the largest updates into this maintenance window.

What is the latest update for Windows 11 June 2024?

  • The latest Windows 11 KB5039212 for version 22H2 and 23H2 and KB5039211 for Windows 10 version 22H/21H2.

What is the zero-day patch?

  • The term “Zero-Day” is used when security teams are unaware of their software vulnerability, and they’ve had “0” days to work on a security patch or an update to fix the issue.

Also read:

More from this stream

Recomended