Description:
Microsoft has released security updates addressing multiple vulnerabilities which affect several Microsoft products or components. The list of security updates can be found at:
https://msrc.microsoft.com/update-guide/releaseNote/2024-Jun
Reports indicated that the technical details of the denial of service vulnerability (CVE-2023-50868) in Microsoft Windows Server was publicly disclosed, and multiple vulnerabilities (CVE-2024-30080 and CVE-2024-30103) are also at a high risk of exploitation. System administrators and users are advised to take immediate action to patch your affected systems to mitigate the elevated risk of cyber attacks.
Affected Systems:
- Microsoft Windows 10, 11
- Microsoft Windows Server 2008, 2008 R2, 2012, 2012 R2, 2016, 2019, 2022, 2022, 23H2 Edition
- Microsoft Office 2016, 2019, LTSC 2021
- Microsoft 365 Apps for Enterprise
- Microsoft Outlook 2016
- Microsoft SharePoint Enterprise Server 2016
- Microsoft SharePoint Server 2019, Subscription Edition
- Microsoft Visual Studio 2017, 2019, 2022
- Microsoft Dynamics 365 (on-premises) version 9.1
- Microsoft Dynamics 365 Business Central 2023 Release Wave 1, 2023 Release Wave 2, 2024 Release Wave 1
- Microsoft Authentication Library (MSAL) for .NET, for Java, for Node.js
- Azure Data Science Virtual Machines for Linux
- Azure File Sync v16.0, v17.0, v18.0
- Azure Identity Library for .NET, for C++, for Go, for Java, for JavaScript, for Python
- Azure Monitor Agent
- Azure Storage Movement Client Library for .NET
Impact:
Successful exploitation of the vulnerabilities could lead to remote code execution, denial of service, elevation of privilege or information disclosure on an affected system.
Recommendation:
Patches for affected systems are available from the Windows Update / Microsoft Update Catalog. System administrators and users of affected systems should follow the recommendations provided by the vendor and take immediate actions to mitigate the risk.
More Information:
- https://msrc.microsoft.com/update-guide/releaseNote/2024-Jun
- https://www.hkcert.org/security-bulletin/microsoft-monthly-security-update-june-2024
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50868
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-29060
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-29187
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-30052
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-30062 (to CVE-2024-30070)
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-30072
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-30074 (to CVE-2024-30078)
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-30080
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-30082 (to CVE-2024-30091)
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-30093 (to CVE-2024-30097)
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-30099 (to CVE-2024-30104)
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35248 (to CVE-2024-35250)
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35252 (to CVE-2024-35255)
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35263
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35265
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37325