Microsoft addresses 51 CVEs in its June 2024 Patch Tuesday release with one rated as critical and no zero-day or publicly disclosed vulnerabilities. This includes CVE-2023-50868 that’s been issued by MITRE and CVE-2024-29187 that’s been issued by GitHub.
Those 51 fixed vulnerabilities are divided within below categories
- 25 Elevation of Privilege Vulnerabilities
- 18 Remote Code Execution Vulnerabilities
- 3 Information Disclosure Vulnerabilities
- 5 Denial of Service Vulnerabilities
Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability
The vulnerability tracked as CVE-2024-30080 with a CVSSv3 score of 9.8 is a RCE vulnerability in the Microsoft Message Queuing (MSMQ) component of Windows operating systems. An unauthenticated, remote attacker could exploit this vulnerability by sending a specially crafted packet to a vulnerable target. Microsoft rates this vulnerability as Exploitation More Likely .
MSMQ service must be added and enabled so that the system will be made vulnerable. According to Microsoft, if the service is enabled on a Windows installation, a service named “Message Queueing” will be running on TCP port 1801. CVE-2024-30080 is the fourth RCE affecting MSMQ patched in 2024, with two addressed in the April Patch Tuesday (CVE-2024-26232, CVE-2024-26208) and one in February Patch Tuesday (CVE-2024-21363).
Win32k Elevation of Privilege Vulnerability
The vulnerabilities tracked as CVE-2024-30082, CVE-2024-30087 and CVE-2024-30091 are EoP vulnerabilities in Microsoft’s Win32k, a core kernel-side driver used in Windows. All three bugs has a CVSSv3 score of 7.8 and rated as Exploitation More Likely.
In last few years, we have seen multiple Win32k EoP zero days exploited in the wild. In the May 2023 Patch Tuesday release, Microsoft patched CVE-2023-29336. In the January 2022 Patch Tuesday release, Microsoft patched CVE-2022-21882. CVE-2022-21882 was reportedly a patch bypass for CVE-2021-1732, another Win32k EoP zero-day vulnerability from February 2021. In October 2021, Microsoft patched CVE-2021-40449, another Win32k EoP zero day linked to a remote access trojan known as MysterySnail and was reportedly a patch bypass for CVE-2016-3309.
Windows Kernel Elevation of Privilege Vulnerability
The vulnerabilities tracked as CVE-2024-30064, CVE-2024-30068, both with a CVSSv3 score of 7.0 and CVE-2024-30088, CVE-2024-30099, both with a CVSSv3 score of 8.8 are EoP vulnerabilities affecting the Windows Kernel. The former two rated as exploitation less likely and latter two rated as exploitation more likely. Successful exploitation of these vulnerabilities could lead to an attacker gaining elevated privileges and Microsoft’s advisories for CVE-2024-30068, CVE-2024-30088 and CVE-2024-30099 make mention that an attacker could gain SYSTEM privileges.
Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
The vulnerability tracked as CVE-2024-30085, with a CVSSv3 score of 7.8 is an EoP vulnerability in the Microsoft Windows Cloud Files Mini Filter Driver (cldflt.sys). It is rated as Exploitation More Likely. An attacker could exploit this vulnerability as part of post-compromise activity to elevate privileges to SYSTEM. This is the second EoP affecting Windows Cloud Files Mini Filter Driver patched in 2024. The first was CVE-2024-21310 which was patched as part of the January 2024 Patch Tuesday release.
Microsoft Streaming Service Elevation of Privilege Vulnerability
The vulnerability tracked as CVE-2024-30089 with a CVSSv3 score of 7.8 is an EoP vulnerability in the Microsoft Streaming Service. An attacker could exploit this vulnerability as part of post-compromise activity to elevate privileges to SYSTEM.
MITRE: CVE-2023-50868
CVE-2023-50868 is a vulnerability in DNSSEC validation where an attacker could exploit standard DNSSEC protocols intended for DNS integrity by using excessive resources on a resolver, causing a denial of service for legitimate users. MITRE created this CVE on their behalf.
This flaw was previously disclosed in February and patched in numerous DNS implementations, including BIND, PowerDNS, Unbound, Knot Resolver, and Dnsmasq. This is a publicly disclosed zero-day vulnerability and it’s a previously disclosed ‘Keytrap’ attack in the DNS protocol that Microsoft has now fixed as part of today’s updates.
Windows 10 21H2 End of Life
Microsoft announced that Windows 10 21H2 has reached its end of life for Enterprise, Education, IoT Enterprise, and Enterprise multi-session editions. This means that users of these versions of Windows 10 21H2 will no longer receive security updates and should upgrade as soon as possible.
Release summary
| CVE/Advisory | Title | Severity Rating | Exploited | Publicly Disclosed |
| CVE-2024-30080 | Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability | Critical | No | No |
| CVE-2024-30069 | Windows Remote Access Connection Manager Information Disclosure Vulnerability | Important | No | No |
| CVE-2024-30070 | DHCP Server Service Denial of Service Vulnerability | Important | No | No |
| CVE-2024-30072 | Microsoft Event Trace Log File Parsing Remote Code Execution Vulnerability | Important | No | No |
| CVE-2024-30074 | Windows Link Layer Topology Discovery Protocol Remote Code Execution Vulnerability | Important | No | No |
| CVE-2024-30075 | Windows Link Layer Topology Discovery Protocol Remote Code Execution Vulnerability | Important | No | No |
| CVE-2024-30076 | Windows Container Manager Service Elevation of Privilege Vulnerability | Important | No | No |
| CVE-2024-30077 | Windows OLE Remote Code Execution Vulnerability | Important | No | No |
| CVE-2024-30078 | Windows Wi-Fi Driver Remote Code Execution Vulnerability | Important | No | No |
| CVE-2024-30082 | Win32k Elevation of Privilege Vulnerability | Important | No | No |
| CVE-2024-35250 | Windows Kernel-Mode Driver Elevation of Privilege Vulnerability | Important | No | No |
| CVE-2024-35255 | Azure Identity Libraries and Microsoft Authentication Library Elevation of Privilege Vulnerability | Important | No | No |
| CVE-2023-50868 | MITRE: CVE-2023-50868 NSEC3 closest encloser proof can exhaust CPU | Important | No | Yes |
| CVE-2024-29187 | GitHub: CVE-2024-29187 WiX Burn-based bundles are vulnerable to binary hijack when run as SYSTEM | Important | No | No |
| CVE-2024-29060 | Visual Studio Elevation of Privilege Vulnerability | Important | No | No |
| CVE-2024-30062 | Windows Standards-Based Storage Management Service Remote Code Execution Vulnerability | Important | No | No |
| CVE-2024-30063 | Windows Distributed File System (DFS) Remote Code Execution Vulnerability | Important | No | No |
| CVE-2024-30064 | Windows Kernel Elevation of Privilege Vulnerability | Important | No | No |
| CVE-2024-30065 | Windows Themes Denial of Service Vulnerability | Important | No | No |
| CVE-2024-30066 | Winlogon Elevation of Privilege Vulnerability | Important | No | No |
| CVE-2024-30067 | Winlogon Elevation of Privilege Vulnerability | Important | No | No |
| CVE-2024-30068 | Windows Kernel Elevation of Privilege Vulnerability | Important | No | No |
| CVE-2024-30083 | Windows Standards-Based Storage Management Service Denial of Service Vulnerability | Important | No | No |
| CVE-2024-30084 | Windows Kernel-Mode Driver Elevation of Privilege Vulnerability | Important | No | No |
| CVE-2024-30085 | Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability | Important | No | No |
| CVE-2024-30086 | Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability | Important | No | No |
| CVE-2024-30087 | Win32k Elevation of Privilege Vulnerability | Important | No | No |
| CVE-2024-30088 | Windows Kernel Elevation of Privilege Vulnerability | Important | No | No |
| CVE-2024-30089 | Microsoft Streaming Service Elevation of Privilege Vulnerability | Important | No | No |
| CVE-2024-30090 | Microsoft Streaming Service Elevation of Privilege Vulnerability | Important | No | No |
| CVE-2024-30091 | Win32k Elevation of Privilege Vulnerability | Important | No | No |
| CVE-2024-30093 | Windows Storage Elevation of Privilege Vulnerability | Important | No | No |
| CVE-2024-30094 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | Important | No | No |
| CVE-2024-30095 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | Important | No | No |
| CVE-2024-30096 | Windows Cryptographic Services Information Disclosure Vulnerability | Important | No | No |
| CVE-2024-30097 | Microsoft Speech Application Programming Interface (SAPI) Remote Code Execution Vulnerability | Important | No | No |
| CVE-2024-30099 | Windows Kernel Elevation of Privilege Vulnerability | Important | No | No |
| CVE-2024-30100 | Microsoft SharePoint Server Remote Code Execution Vulnerability | Important | No | No |
| CVE-2024-30101 | Microsoft Office Remote Code Execution Vulnerability | Important | No | No |
| CVE-2024-30102 | Microsoft Office Remote Code Execution Vulnerability | Important | No | No |
| CVE-2024-30103 | Microsoft Outlook Remote Code Execution Vulnerability | Important | No | No |
| CVE-2024-30104 | Microsoft Office Remote Code Execution Vulnerability | Important | No | No |
| CVE-2024-35248 | Microsoft Dynamics 365 Business Central Elevation of Privilege Vulnerability | Important | No | No |
| CVE-2024-35249 | Microsoft Dynamics 365 Business Central Remote Code Execution Vulnerability | Important | No | No |
| CVE-2024-35252 | Azure Storage Movement Client Library Denial of Service Vulnerability | Important | No | No |
| CVE-2024-35253 | Microsoft Azure File Sync Elevation of Privilege Vulnerability | Important | No | No |
| CVE-2024-35254 | Azure Monitor Agent Elevation of Privilege Vulnerability | Important | No | No |
| CVE-2024-35263 | Microsoft Dynamics 365 (On-Premises) Information Disclosure Vulnerability | Important | No | No |
| CVE-2024-35265 | Windows Perception Service Elevation of Privilege Vulnerability | Important | No | No |
| CVE-2024-37325 | Azure Science Virtual Machine (DSVM) Elevation of Privilege Vulnerability | Important | No | No |
| CVE-2024-30052 | Visual Studio Remote Code Execution Vulnerability | Important | No | No |
