Breaking Down the Latest June 2024 Patch Tuesday Report

Microsoft has released its June 2024 Patch Tuesday security updates, addressing 58 vulnerabilities across various products. This month's release includes patches for one critical vulnerability, 50 important vulnerabilities, and one actively exploited zero-day vulnerability.

The June 2024 Patch Tuesday covers a range of Microsoft products and services, including Windows, Office, Exchange Server, Azure, Dynamics 365, .NET Framework, and Microsoft Edge. Of particular note is a critical remote code execution vulnerability in Microsoft Message Queuing (MSMQ) and an actively exploited zero-day vulnerability in the DNS protocol.

This month's leading vulnerability categories are elevation of privilege (25 vulnerabilities), remote code execution (18 vulnerabilities), and denial of service (5 vulnerabilities). Microsoft Windows received the most patches this month with 33 vulnerabilities addressed.

In this article, we'll break down the key highlights of the June 2024 Patch Tuesday report, focusing on the most critical vulnerabilities and their potential impact on users and administrators. We'll also provide guidance on prioritizing these patches to help maintain the security of your systems.

Key Highlights - Patch Tuesday June 2024

Microsoft's June 2024 Patch Tuesday addressed 58 vulnerabilities, including one actively exploited zero-day vulnerability. This update included patches for a variety of vulnerability types such as elevation of privilege, remote code execution, denial of service, and information disclosure across Microsoft's product range.

Key highlights are:

This June's Patch Tuesday highlights Microsoft's ongoing commitment to addressing security vulnerabilities across its wide range of products. Administrators and users are advised to apply these security updates promptly to protect their systems from potential exploits.

Zero-day Vulnerability Patched in June 2024

In June 2024, Microsoft addressed one zero-day vulnerability that was being actively exploited in the wild:

CVE-2023-50868: MITRE: CVE-2023-50868 NSEC3 closest encloser proof can exhaust CPU

This vulnerability exists in DNSSEC validation and could allow an attacker to exploit standard DNSSEC protocols intended for DNS integrity. By using excessive resources on a resolver, the attacker can cause a denial of service for legitimate users.

The vulnerability is present in the DNSSEC specification itself, and Microsoft's implementation of DNSSEC is subject to the same attack as other implementations. An attacker can exhaust CPU resources on a DNSSEC-validating DNS resolver by demanding responses from a DNSSEC-signed zone, if the resolver uses NSEC3 to respond to the request.

NSEC3 is designed to provide a safe way for a DNSSEC-validating DNS resolver to indicate that a requested resource does not exist. Under certain circumstances, the DNS resolver must perform thousands of iterations of a hash function to calculate an NSEC3 response, which forms the foundation of this DoS exploit.

Interestingly, this vulnerability on February 13, 2024, by researchers from the German National Research Centre for Applied Cybersecurity (ATHENE). Microsoft's advisory doesn't provide insight into why this vulnerability wasn't patched sooner, but it's possible that Microsoft assessed it as less urgent than other vulnerabilities.

All current versions of Windows Server receive a patch for this vulnerability. Administrators should prioritize applying this update, especially for systems running DNSSEC-validating DNS resolvers.

Critical Vulnerability Patched in June 2024

Microsoft addressed one critical vulnerability in the June 2024 Patch Tuesday release:

CVE-2024-30080: Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability

This critical remote code execution vulnerability affects the Microsoft Message Queuing (MSMQ) service. MSMQ is a protocol developed by Microsoft to ensure reliable communication between Windows computers across different networks, even when a host is temporarily not connected (by maintaining a message queue of undelivered messages).

To exploit this vulnerability, an attacker must send a specially crafted malicious packet to an MSMQ server. The Windows message queuing service needs to be enabled, and network traffic allowed on TCP port 1801, for an attacker to successfully exploit this vulnerability on a target system.

Key points about this vulnerability:

Microsoft urges customers to check whether they are potentially vulnerable by looking to see if the service named Message Queuing is enabled and TCP port 1801 is listening on the machine.

As is typical of MSMQ RCE vulnerabilities, CVE-2024-30080 receives a high CVSSv3 base score due to the network attack vector, low attack complexity, and lack of required privileges.

It's important to note that while the Windows message queuing service is not enabled by default, a number of applications – including Microsoft Exchange – may quietly introduce MSMQ as part of their own installation routine.

Given the critical nature of this vulnerability and its high CVSS score, administrators should prioritize patching systems with MSMQ enabled or disable the service if it's not required.

Vulnerabilities by Category

In total, 58 vulnerabilities were addressed in June's Patch Tuesday. Elevation of privilege vulnerabilities lead the count this month, followed closely by remote code execution flaws. Here is the breakdown of the categories patched this month:

Elevation of privilege vulnerabilities continue to be prevalent, representing 43% of the June updates. These vulnerabilities, if exploited, could allow attackers to gain higher levels of access on compromised systems.

Remote code execution vulnerabilities are the second most common, accounting for 31% of this month's fixes. Successful exploitation of these could enable attackers to run arbitrary code on targeted systems.

While less frequent, denial of service, information disclosure, security feature bypass, and spoofing flaws should also be addressed promptly as they can be leveraged in attack chains or to facilitate further compromise.

Here is a table with the vulnerability categories and associated CVE IDs from Microsoft's June 2024 Patch Tuesday:

List of Products Patched in June 2024 Patch Tuesday Report

Microsoft's June 2024 Patch Tuesday includes updates for a wide range of its products, applications, and services. Here are the key products and components that received patches:

Complete List of Vulnerabilities Patched in July 2024 Patch Tuesday

Download the complete list of vulnerabilities by products patched in July 2024 Patch Tuesday here. 

Azure vulnerabilities

Browser vulnerabilities

Developer Tools vulnerabilities

ESU vulnerabilities

Microsoft Dynamics vulnerabilities

Microsoft Office vulnerabilities

Windows vulnerabilities

Windows ESU vulnerabilities

Bottom Line

Microsoft's June 2024 Patch Tuesday addressed a total of 58 vulnerabilities, including one critical vulnerability and one actively exploited zero-day. This release underscores Microsoft's ongoing commitment to securing its wide range of products against evolving cybersecurity threats.

Key points from this month's updates include:

Here's a summary table of the June 2024 Patch Tuesday updates:

This Patch Tuesday emphasizes the importance of prompt patching, especially for the critical MSMQ vulnerability and the actively exploited zero-day. Organizations should prioritize these updates based on their specific risk profiles and the criticality of affected systems.

As always, it's recommended to test these patches in a controlled environment before deploying them across production systems. Continuous monitoring and a robust vulnerability management program remain crucial for maintaining a strong security posture against emerging threats.

We aim to keep readers informed each month in our Patch Tuesday reports. Please follow our website thesecmaster.com or subscribe to our social media pages on Facebook, LinkedIn, Twitter, Telegram, Tumblr, Medium & Instagram to receive similar updates.

You may also like these articles: