Security News Microsoft June 2024 Patch Tuesday fixes 51 flaws, 18 RCEs

[Gandalf_The_Grey]

Content source

https://www.bleepingcomputer.com/news/microsoft/microsoft-june-2024-patch-tuesday-fixes-51-flaws-18-rces/

Today is Microsoft's June 2024 Patch Tuesday, which includes security updates for 51 flaws, eighteen remote code execution flaws, and one publicly disclosed zero-day vulnerability.

This Patch Tuesday fixed 18 RCE flaws but only one critical vulnerability, a remote code execution vulnerability in Microsoft Message Queuing (MSMQ).

The number of bugs in each vulnerability category is listed below:

• 25 Elevation of Privilege Vulnerabilities
• 18 Remote Code Execution Vulnerabilities
• 3 Information Disclosure Vulnerabilities
• 5 Denial of Service Vulnerabilities

The total count of 51 flaws does not include 7 Microsoft Edge flaws fixed on June 3rd.

To learn more about the non-security updates released today, you can review our dedicated articles on the new Windows 11 KB5039212 update and the Windows 10 KB5039211 update.

Microsoft June 2024 Patch Tuesday fixes 51 flaws, 18 RCEs

Today is Microsoft's June 2024 Patch Tuesday, which includes security updates for 51 flaws, eighteen remote code execution flaws, and one publicly disclosed zero-day vulnerability.

www.bleepingcomputer.com

 

[Gandalf_The_Grey]

ZDI: The June 2024 Security Update Review

Somehow, we’ve made it to the sixth patch Tuesday of 2024, and Microsoft and Adobe have released their regularly scheduled updates. Take a break from your regular activities and join us as we review the details of their latest security alerts. If you’d rather watch the full video recap covering the entire release, you can check out the Patch Report webcast on our YouTube channel. It should be posted within a couple of hours after the release.

Adobe Patches for June 2024

For June, Adobe released 10 patches addressing 165(!) CVEs in Adobe Cold Fusion, Photoshop, Experience Manager, Audition, Media Encoder, FrameMaker Publishing Server, Adobe Commerce, Substance 3D Stager, Creative Cloud Desktop, and Acrobat Android. The fix for Experience Manager is by far the largest with a whopping 143 CVEs addressed. However, all but one of these bugs are simply cross-site scripting (XSS) vulnerabilities. The patch for Cold Fusion fixes two bugs, but neither are code execution bugs. That’s the same case for the patch addressing bugs in Audition. The fix for Media Encoder has a single OOB Read memory leak fixed. The update for Photoshop also has just one bug – a Critical-rated code execution issue. That’s also the story for the Substance 3D Stager patch.

The patch for FrameMaker Publishing Server has only two bugs, but one is a CVSS 10 and the other is a 9.8. If you’re using this product, this should be the first patch you test and deploy. The patch for Commerce should also be high on your test-and-deploy list as it corrects 10 bugs, including some Critical-rated code execution vulns. The patch for Creative Cloud Desktop fixes a single code execution bug. Finally, the patch for Acrobat Android corrects two security feature bypasses.

None of the bugs fixed by Adobe this month are listed as publicly known or under active attack at the time of release. Adobe categorizes these updates as a deployment priority rating of 3.

Microsoft Patches for April 2024

This month, Microsoft released 49 CVEs in Windows and Windows Components; Office and Office Components; Azure; Dynamics Business Central; and Visual Studio. If you include the third-party CVEs being documented this month, the CVE count comes to 58. A total of eight of these bugs came through the ZDI program, and that does include some of the cases reported during the Pwn2Own Vancouver contest in March.

Of the new patches released today, only one is rated Critical, and 48 are rated Important in severity. This release is another small release when compared to the monster that was April.

Only one of the CVEs listed today is listed as publicly known, but that’s actually just a third-party update that’s now being integrated into Microsoft products. Nothing is listed as being under active attack.

Looking Ahead

The next Patch Tuesday of 2024 will be on July 9, and I’ll return with details and patch analysis then. Until then, stay safe, happy patching, and may all your reboots be smooth and clean!

Zero Day Initiative — The June 2024 Security Update Review

Somehow, we’ve made it to the sixth patch Tuesday of 2024, and Microsoft and Adobe have released their regularly scheduled updates. Take a break from your regular activities and join us as we review the details of their latest security alerts. If you’d rather watch the full video recap covering the

www.zerodayinitiative.com

 

[Gandalf_The_Grey]

Ghacks: The Windows Security Updates of June 2024 are now available

The June 2024 security updates for Windows are now available. Microsoft released security updates for other company products as well on the June 2024 Patch Tuesday.

Our overview provides system administrators and home users with actionable information. It lists known issues for each operating system, links to support pages and other resources, and lists the main changes of each of the updates.

You may download the following Excel spreadsheet to get a list of released updates. Click on the following link to download the archive to the local device: Windows Security Updates June 2024 Excel

Executive Summary

• Microsoft released security patches for 49 unique vulnerabilities and republished 9 non-Microsoft CVEs.
• Windows clients with issues are: Windows 10 version 21H2 and 22H2, Windows 11 version 21H2
• Windows Server clients with issues: Windows Server 2008 and Windows Server 2022

The Windows Security Updates of June 2024 are now available - gHacks Tech News

Microsoft has released security updates for Windows on the June 2024 Patch Day. Here is all the information you need to get started.

www.ghacks.net

 

[Gandalf_The_Grey]

Thurrott: Microsoft Releases June 2024 Patch Tuesday Updates

Microsoft has just released the June Patch Tuesday updates for Windows 11 and Windows 10 today. For users running Windows 11 versions 23H2 and 22H2, the same KB5039212 patch is available in Windows Update, and it includes the following changes:

• From Microsoft Edge, the Windows Share menu now displays the option to create QR codes for sharing webpages and cloud file
• Windows Share has a new option to send an email to yourself using the email address that is in your Microsoft account.
• Clicking outside of the Windows Share window will no longer close it. Users will now need to click the close button at the upper-right corner of the window to close it.
• You can now drag files between breadcrumbs in the File Explorer address bar to easily move a file to another location in the same file path.
• The Settings > Accounts page has a new “Linked devices” page where users logged in with a Microsoft account can manage their PCs and Xbox consoles.
• The Windows Backup app now lets users sign in with a Microsoft account to back up files, themes, settings, installed apps, and Wi-Fi information to the cloud.
• Microsoft fixed an issue causing the taskbar to briefly glitch or not respond.
• This update also addresses an issue that might stop your system from resuming from hibernate after you turn on BitLocker.

For Windows 11 users still running the original version of the OS (21H2), today’s KB5039213 patch includes several bug fixes but no new features. For IT admins, this update also turns on the SMB over QUIC client certificate authentication feature, which can be used to restrict which clients can access SMB over QUIC servers.

If you’re wondering if there’s a Patch Tuesday update for Windows 11 version 24H2 today, that’s not the case as of this writing. Microsoft previously made Windows 11 version 24H2 available for “seekers” on the Release Preview Channel, but the rollout has been temporarily paused last week. However, as Paul previously explained, anyone can already install Windows 11 version 24H2 using the public ISO. However, Paul told me that he’s not seeing any updates on PCs where he clean installed Windows 11 version 24H2. That’s unusual, as even though Windows 11 version 24H2 isn’t publicly available right now, it will ship on the first Qualcomm-powered Copilot+ PCs coming next week.

Anyway, let’s move on to the last update for Windows 10 version 22H2. Today’s KB5039211 patch introduces a new Snipping Tool feature for Android users. After taking a photo or screenshot on their phone, users will see prompts to edit the picture in Snipping Tool. This feature should roll out gradually to Windows 10 users.

Microsoft Releases June 2024 Patch Tuesday Updates

Microsoft released the June Patch Tuesday updates for Windows 11 today with improvements to Windows Share, the Windows Backup app, and File Explorer.

www.thurrott.com

 

[Sammo]

Got mine a few days ago

 

[Gandalf_The_Grey]

Thurrott: Microsoft Releases June 2024 Patch Tuesday Updates

Microsoft Releases June 2024 Patch Tuesday Updates

Microsoft released the June Patch Tuesday updates for Windows 11 today with improvements to Windows Share, the Windows Backup app, and File Explorer.

www.thurrott.com

In the comments:

There was no Patch Tuesday update for 24H2, no doubt because of the Recall changes. You can expect that to arrive next Tuesday, a week later than usual, on June 18. The day the Copilot+ PCs arrive in the market.

 

[Gandalf_The_Grey]

In the comments:

KB5039239 released for 24H2:

Highlights

• This update addresses an issue that affects the audio for a Bluetooth device. When you connect it, the volume is set to maximum.
• This update addresses an issue that might stop games that have BattlEye anti-cheat from working. This issue applies to Arm64 devices.
• We are advancing the Copilot experience on Windows. It is now pinned to the taskbar and will behave like an app. This gives you the benefits of a typical app experience. For example, you can do things like resize, move, and snap the window.

Improvements
This security update includes improvements. When you install this KB:

• This update affects the Windows Management Instrumentation Command line (WMIC). The default state of Feature on Demand (FoD) for new installations is “Disabled.” If you upgrade to Windows 11, version 24H2, the default state of FoD is “Enabled.”

June 15, 2024—KB5039239 (OS Build 26100.863) - Microsoft Support

support.microsoft.com