June 2024 Patch Tuesday: 9 Critical Vulnerabilities Amid 55 CVEs

Published on Jun 11, 2024 • Last updated on Nov 15, 2024

Total vulnerabilities
55
Critical vulnerabilities
9
Exploited vulnerabilities
4

June 2024 Risk Analysis

Most impacted products
Microsoft Edge (Chromium-based)
7%
Windows Win32K - GRFX
6%
Visual Studio
4%
Windows Server Service
4%
Windows Kernel
4%
Attribution of Malware Families
Ngrok
50%
OilRig (PowerShell)
50%
Attribution of Threat Actors
OilRig
100%

Critical Vulnerabilities

CVE-2024-30064

Windows Kernel Elevation of Privilege Vulnerability

CVSS 8.8CWE-190

A Windows Kernel vulnerability allows local attackers with low privileges to exploit an integer overflow condition, enabling escape from AppContainer isolation and privilege escalation without user interaction. Upon successful exploitation, an attacker could gain unauthorized system resource access and execute arbitrary code with elevated privileges, potentially leading to complete system compromise and unauthorized network actions. The vulnerability's ability to change scope from a contained environment makes it particularly dangerous as it bypasses critical security boundaries designed to limit process privileges.

CVE-2024-30097

Microsoft Speech Application Programming Interface (SAPI) Remote Code Execution Vulnerability

CVSS 8.8CWE-415

A double free vulnerability in Microsoft's Speech Application Programming Interface (SAPI) allows unauthenticated network attackers to achieve remote code execution when a user clicks a malicious link. The flaw enables attackers to execute arbitrary code with the current user's privileges, potentially leading to complete system compromise with the ability to view, modify, or delete data and create accounts with full user rights. This critical weakness affects multiple Windows versions and requires immediate attention due to its high impact on system integrity, confidentiality, and availability.

CVE-2024-35249

Microsoft Dynamics 365 Business Central Remote Code Execution Vulnerability

CVSS 8.8CWE-502

A remote code execution vulnerability in Microsoft Dynamics 365 Business Central enables authenticated attackers to execute arbitrary code through untrusted data deserialization without requiring user interaction or elevated privileges. The vulnerability can be exploited over the network with low attack complexity, potentially allowing attackers to gain full control of affected systems with the ability to view, modify, or delete data, install malicious programs, and create new accounts with full user rights. Given the high impact on confidentiality, integrity, and availability, combined with the relatively low barrier to exploitation, this vulnerability represents a significant risk to business operations.

CVE-2024-37325

Azure Science Virtual Machine (DSVM) Elevation of Privilege Vulnerability

CVSS 8.1CWE-200

A critical vulnerability in Linux/Ubuntu Data Science Virtual Machines (DSVM) allows unauthenticated attackers to intercept user credentials through specially crafted network requests, despite requiring complex environmental reconnaissance for successful exploitation. The flaw enables attackers to fully impersonate compromised users and execute any operations within their permission scope, potentially leading to unauthorized data access, system manipulation, and privilege escalation. Given the high impact across confidentiality, integrity, and availability combined with the absence of required user interaction, this vulnerability poses a significant risk to DSVM deployments, particularly in environments where network access cannot be adequately restricted.

CVE-2024-30080

Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability

CVSS 9.8CWE-416

A critical remote code execution vulnerability in Microsoft Message Queuing (MSMQ) allows unauthenticated attackers to execute arbitrary code with SYSTEM privileges by sending specially crafted MSMQ packets over HTTP to affected servers. The flaw, which has been identified as a Use-After-Free vulnerability, poses a severe risk as it requires no user interaction and could enable attackers to gain complete control of the target system, including the ability to install programs, modify data, and create privileged accounts. This vulnerability is particularly concerning because MSMQ HTTP-Support is a commonly deployed Windows component in enterprise environments, making it an attractive target for threat actors seeking to compromise network infrastructure.

CVE-2024-35260

An authenticated attacker can exploit an Untrusted Search Path vulnerability in Microsoft Dataverse to execute code over a network.

CVSS 8CWE-426

A high-severity untrusted search path vulnerability in Microsoft Dataverse allows authenticated attackers to execute arbitrary code remotely over a network, requiring no user interaction but high privileges. The vulnerability's changed scope means it can impact resources beyond the vulnerable component, potentially compromising confidentiality, integrity, and availability of systems across different parts of the network. While Microsoft has already fully mitigated this issue through a server-side fix with no action required from users, the severity of potential exploitation warrants attention due to the possibility of unauthorized access to sensitive information and system-wide disruption.

CVE-2024-30103

Microsoft Outlook Remote Code Execution Vulnerability

CVSS 8.8CWE-184

A remote code execution vulnerability in Microsoft Outlook enables authenticated attackers to bypass registry block lists and create malicious DLL files without requiring user interaction, exploitable through both direct access and preview pane vectors. The vulnerability allows attackers to execute arbitrary code with logged-on user privileges, potentially leading to system compromise, data theft, and lateral movement within the network. Given the low attack complexity, network-based attack vector, and high impact on system confidentiality, integrity, and availability, this represents a significant threat to organizational security.

CVE-2024-30068

Windows Kernel Elevation of Privilege Vulnerability

CVSS 8.8CWE-125

A Windows kernel privilege escalation vulnerability allows local attackers to execute arbitrary code by running a specially crafted application from within an AppContainer environment, enabling elevation from low privileges to SYSTEM level access. The vulnerability's changed scope characteristic means attackers can break out of the AppContainer isolation, while the ability to achieve kernel-mode code execution represents a critical security boundary failure that could lead to complete system compromise, data theft, and malware persistence.

CVE-2024-30078

Windows Wi-Fi Driver Remote Code Execution Vulnerability

CVSS 8.8CWE-20

Exploit

A critical remote code execution vulnerability in the Windows Wi-Fi Driver allows an unauthenticated attacker within radio proximity to execute arbitrary code with SYSTEM privileges by sending specially crafted network packets to a target system's Wi-Fi adapter. The adjacency requirement provides some natural mitigation, but the lack of required user interaction and low attack complexity, combined with the potential for complete system compromise, makes this vulnerability particularly dangerous for environments where attackers could gain physical proximity to target systems.

All vulnerabilities

CVE ID
CVSS Score
ProductTrend
Exploit
CVE-2024-38093Microsoft Edge (Chromium-based) Spoofing Vulnerability
CVSS 4.3

edge

-
CVE-2024-38083Microsoft Edge (Chromium-based) Spoofing Vulnerability
CVSS 4.3-
CVE-2024-38082Microsoft Edge (Chromium-based) Spoofing Vulnerability
CVSS 4.7

edge

-
CVE-2024-37325Azure Science Virtual Machine (DSVM) Elevation of Privilege Vulnerability
CVSS 8.1

azure_data_science_virtual_machine

+1 more

-
CVE-2024-35265Windows Perception Service Elevation of Privilege Vulnerability
CVSS 7

windows_10_1809

+11 more

-
CVE-2024-35263Microsoft Dynamics 365 (On-Premises) Information Disclosure Vulnerability
CVSS 5.7

dynamics_365

-
CVE-2024-35260An authenticated attacker can exploit an Untrusted Search Path vulnerability in Microsoft Dataverse to execute code over a network.
CVSS 8--
CVE-2024-35255Azure Identity Libraries and Microsoft Authentication Library Elevation of Privilege Vulnerability
CVSS 5.5

Microsoft Authentication Library

+12 more

-
CVE-2024-35254Azure Monitor Agent Elevation of Privilege Vulnerability
CVSS 7.1

azure_monitor_agent

-
CVE-2024-35253Microsoft Azure File Sync Elevation of Privilege Vulnerability
CVSS 4.4

azure_file_sync

-
CVE-2024-35252Azure Storage Movement Client Library Denial of Service Vulnerability
CVSS 7.5

azure_storage_data_movement_library

+1 more

-
CVE-2024-35250This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.<br/>The specific flaw exists within the UnserializePropertySet function. The issue results from improper handling of privilege context transitions. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM.<br/> Microsoft has issued an update to correct this vulnerability. More details can be found at: <br/><a href="https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-35250">https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-35250</a> <br/></td>
CVSS 7.8

windows

+23 more

-
CVE-2024-35249Microsoft Dynamics 365 Business Central Remote Code Execution Vulnerability
CVSS 8.8

dynamics_365_business_central

-
CVE-2024-35248Microsoft Dynamics 365 Business Central Elevation of Privilege Vulnerability
CVSS 7.3

dynamics_365_business_central

-
CVE-2024-30104Microsoft Office Remote Code Execution Vulnerability
CVSS 7.8

365_apps

+2 more

-
CVE-2024-30103Microsoft Outlook Remote Code Execution Vulnerability
CVSS 8.8

365_apps

+3 more

-
CVE-2024-30102Microsoft Office Remote Code Execution Vulnerability
CVSS 7.3

365_apps

+1 more

-
CVE-2024-30101Microsoft Office Remote Code Execution Vulnerability
CVSS 7.5

365_apps

+2 more

-
CVE-2024-30100Microsoft SharePoint Server Remote Code Execution Vulnerability
CVSS 7.8

sharepoint_server

-
CVE-2024-30099Windows Kernel Elevation of Privilege Vulnerability
CVSS 7

windows

+18 more

-
CVE-2024-30097Microsoft Speech Application Programming Interface (SAPI) Remote Code Execution Vulnerability
CVSS 8.8

remote

+18 more

-
CVE-2024-30096Windows Cryptographic Services Information Disclosure Vulnerability
CVSS 5.5

Windows

+15 more

-
CVE-2024-30095Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
CVSS 7.8

windows

+23 more

-
CVE-2024-30094Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
CVSS 7.8

windows

+23 more

-
CVE-2024-30093Windows Storage Elevation of Privilege Vulnerability
CVSS 7.3

windows_10_1507

+22 more

-
CVE-2024-30091Win32k Elevation of Privilege Vulnerability
CVSS 7.8

Windows

+23 more

-
CVE-2024-30090Microsoft Streaming Service Elevation of Privilege Vulnerability
CVSS 7

windows_10_1507

+22 more

Oct 17, 2024
CVE-2024-30089This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.<br/>The specific flaw exists within the Microsoft Kernel Streaming Server driver. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. <br/> Microsoft has issued an update to correct this vulnerability. More details can be found at: <br/><a href="https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30089">https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30089</a> <br/></td>
CVSS 7.8

windows_10_1809

+14 more

-
CVE-2024-30088This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.<br/>The specific flaw exists within the implementation of NtQueryInformationToken. The issue results from the lack of proper locking when performing operations on an object. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM.<br/> Microsoft has issued an update to correct this vulnerability. More details can be found at: <br/><a href="https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30088">https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30088</a> <br/></td>
CVSS 7

windows

+18 more

Jun 26, 2024
CVE-2024-30087This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.<br/>The specific flaw exists within the win32kfull driver. The issue results from the lack of proper input validation. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM.<br/> Microsoft has issued an update to correct this vulnerability. More details can be found at: <br/><a href="https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30087">https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30087</a> <br/></td>
CVSS 7.8

Windows

+23 more

-
CVE-2024-30086This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.<br/>The specific flaw exists within DirectComposition. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM.<br/> Microsoft has issued an update to correct this vulnerability. More details can be found at: <br/><a href="https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30086">https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30086</a> <br/></td>
CVSS 7.8

Windows

+20 more

-
CVE-2024-30085This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.<br/>The specific flaw exists within the cldflt kernel driver. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM.<br/> Microsoft has issued an update to correct this vulnerability. More details can be found at: <br/><a href="https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30085">https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30085</a> <br/></td>
CVSS 7.8

windows

+15 more

-
CVE-2024-30084This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.<br/>The specific flaw exists within the UnserializePropertySet function in the ks.sys driver. The issue results from the lack of proper locking when performing operations on an object. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM.<br/> Microsoft has issued an update to correct this vulnerability. More details can be found at: <br/><a href="https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30084">https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30084</a> <br/></td>
CVSS 7

windows

+23 more

-
CVE-2024-30083Windows Standards-Based Storage Management Service Denial of Service Vulnerability
CVSS 7.5

Windows

+5 more

-
CVE-2024-30082This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.<br/>The specific flaw exists within the win32kfull driver. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM.<br/> Microsoft has issued an update to correct this vulnerability. More details can be found at: <br/><a href="https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30082">https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30082</a> <br/></td>
CVSS 7.8

Windows

+23 more

-
CVE-2024-30080Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability
CVSS 9.8

message_queuing

+22 more

-
CVE-2024-30078Windows Wi-Fi Driver Remote Code Execution Vulnerability
CVSS 8.8

windows_10_1507

+22 more

Jun 17, 2024
CVE-2024-30077Windows OLE Remote Code Execution Vulnerability
CVSS 8

windows

+23 more

-
CVE-2024-30076Windows Container Manager Service Elevation of Privilege Vulnerability
CVSS 6.8

windows

+17 more

-
CVE-2024-30075Windows Link Layer Topology Discovery Protocol Remote Code Execution Vulnerability
CVSS 8

Windows

+3 more

-
CVE-2024-30074Windows Link Layer Topology Discovery Protocol Remote Code Execution Vulnerability
CVSS 8

Windows

+3 more

-
CVE-2024-30072Microsoft Event Trace Log File Parsing Remote Code Execution Vulnerability
CVSS 7.8

remote

+6 more

-
CVE-2024-30070DHCP Server Service Denial of Service Vulnerability
CVSS 7.5-
CVE-2024-30069Windows Remote Access Connection Manager Information Disclosure Vulnerability
CVSS 4.7

Windows

+18 more

-
CVE-2024-30068Windows Kernel Elevation of Privilege Vulnerability
CVSS 8.8

windows

+18 more

-
CVE-2024-30067Winlogon Elevation of Privilege Vulnerability
CVSS 5.5

windows_10_1507

+19 more

-
CVE-2024-30066Winlogon Elevation of Privilege Vulnerability
CVSS 5.5

windows_10_1507

+19 more

-
CVE-2024-30065Windows Themes Denial of Service Vulnerability
CVSS 5.5

windows

+20 more

-
CVE-2024-30064Windows Kernel Elevation of Privilege Vulnerability
CVSS 8.8

windows

+3 more

-
CVE-2024-30063Windows Distributed File System (DFS) Remote Code Execution Vulnerability
CVSS 6.7

windows

+23 more

-
CVE-2024-30062Windows Standards-Based Storage Management Service Remote Code Execution Vulnerability
CVSS 7.8

Windows

+4 more

-
CVE-2024-30058Microsoft Edge (Chromium-based) Spoofing Vulnerability
CVSS 5.4

edge

-
CVE-2024-30057Microsoft Edge for iOS Spoofing Vulnerability
CVSS 5.4

edge

-
CVE-2024-30052Visual Studio Remote Code Execution Vulnerability
CVSS 4.7

visual_studio

+3 more

Oct 4, 2024
CVE-2024-29060Visual Studio Elevation of Privilege Vulnerability
CVSS 6.7

visual_studio

+3 more

-