Fortra VM will include the Microsoft Patch Tuesday checks in the NIRV 4.44.0 and FVM Agent 2.8 releases.
- Microsoft addressed 51 vulnerabilities in this release, including 1 rated as Critical and 18 Remote Code Execution vulnerabilities.
CVE/Advisory | Title | Tag | Microsoft Severity Rating | Base Score | Microsoft Impact | Exploited | Publicly Disclosed |
CVE-2024-30069 | Windows Remote Access Connection Manager Information Disclosure Vulnerability | Windows Remote Access Connection Manager | Important | 4.7 | Information Disclosure | No | No |
CVE-2024-30070 | DHCP Server Service Denial of Service Vulnerability | Windows DHCP Server | Important | 7.5 | Denial of Service | No | No |
CVE-2024-30072 | Microsoft Event Trace Log File Parsing Remote Code Execution Vulnerability | Windows Event Logging Service | Important | 7.8 | Remote Code Execution | No | No |
CVE-2024-30074 | Windows Link Layer Topology Discovery Protocol Remote Code Execution Vulnerability | Windows Link Layer Topology Discovery Protocol | Important | 8 | Remote Code Execution | No | No |
CVE-2024-30075 | Windows Link Layer Topology Discovery Protocol Remote Code Execution Vulnerability | Windows Link Layer Topology Discovery Protocol | Important | 8 | Remote Code Execution | No | No |
CVE-2024-30076 | Windows Container Manager Service Elevation of Privilege Vulnerability | Windows Container Manager Service | Important | 6.8 | Elevation of Privilege | No | No |
CVE-2024-30077 | Windows OLE Remote Code Execution Vulnerability | Microsoft WDAC OLE DB provider for SQL | Important | 8 | Remote Code Execution | No | No |
CVE-2024-30078 | Windows Wi-Fi Driver Remote Code Execution Vulnerability | Windows Wi-Fi Driver | Important | 8.8 | Remote Code Execution | No | No |
CVE-2024-30080 | Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability | Windows Server Service | Critical | 9.8 | Remote Code Execution | No | No |
CVE-2024-30082 | Win32k Elevation of Privilege Vulnerability | Windows Win32K – GRFX | Important | 7.8 | Elevation of Privilege | No | No |
CVE-2024-35250 | Windows Kernel-Mode Driver Elevation of Privilege Vulnerability | Windows Kernel-Mode Drivers | Important | 7.8 | Elevation of Privilege | No | No |
CVE-2024-35255 | Azure Identity Libraries and Microsoft Authentication Library Elevation of Privilege Vulnerability | Azure SDK | Important | 5.5 | Elevation of Privilege | No | No |
CVE-2023-50868 | MITRE: CVE-2023-50868 NSEC3 closest encloser proof can exhaust CPU | Microsoft Windows | Important | 7.5 | Denial of Service | No | Yes |
CVE-2024-29187 | GitHub: CVE-2024-29187 WiX Burn-based bundles are vulnerable to binary hijack when run as SYSTEM | Visual Studio | Important | 7.3 | Elevation of Privilege | No | No |
CVE-2024-29060 | Visual Studio Elevation of Privilege Vulnerability | Visual Studio | Important | 6.7 | Elevation of Privilege | No | No |
CVE-2024-30062 | Windows Standards-Based Storage Management Service Remote Code Execution Vulnerability | Windows Server Service | Important | 7.8 | Remote Code Execution | No | No |
CVE-2024-30063 | Windows Distributed File System (DFS) Remote Code Execution Vulnerability | Windows Distributed File System (DFS) | Important | 6.7 | Remote Code Execution | No | No |
CVE-2024-30064 | Windows Kernel Elevation of Privilege Vulnerability | Windows Kernel | Important | 8.8 | Elevation of Privilege | No | No |
CVE-2024-30065 | Windows Themes Denial of Service Vulnerability | Windows Themes | Important | 5.5 | Denial of Service | No | No |
CVE-2024-30066 | Winlogon Elevation of Privilege Vulnerability | Winlogon | Important | 5.5 | Elevation of Privilege | No | No |
CVE-2024-30067 | Winlogon Elevation of Privilege Vulnerability | Winlogon | Important | 5.5 | Elevation of Privilege | No | No |
CVE-2024-30068 | Windows Kernel Elevation of Privilege Vulnerability | Windows Kernel | Important | 8.8 | Elevation of Privilege | No | No |
CVE-2024-30083 | Windows Standards-Based Storage Management Service Denial of Service Vulnerability | Windows Standards-Based Storage Management Service | Important | 7.5 | Denial of Service | No | No |
CVE-2024-30084 | Windows Kernel-Mode Driver Elevation of Privilege Vulnerability | Windows Kernel-Mode Drivers | Important | 7 | Elevation of Privilege | No | No |
CVE-2024-30085 | Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability | Windows Cloud Files Mini Filter Driver | Important | 7.8 | Elevation of Privilege | No | No |
CVE-2024-30086 | Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability | Windows Win32 Kernel Subsystem | Important | 7.8 | Elevation of Privilege | No | No |
CVE-2024-30087 | Win32k Elevation of Privilege Vulnerability | Windows Win32K – GRFX | Important | 7.8 | Elevation of Privilege | No | No |
CVE-2024-30088 | Windows Kernel Elevation of Privilege Vulnerability | Windows NT OS Kernel | Important | 7 | Elevation of Privilege | No | No |
CVE-2024-30089 | Microsoft Streaming Service Elevation of Privilege Vulnerability | Microsoft Streaming Service | Important | 7.8 | Elevation of Privilege | No | No |
CVE-2024-30090 | Microsoft Streaming Service Elevation of Privilege Vulnerability | Microsoft Streaming Service | Important | 7 | Elevation of Privilege | No | No |
CVE-2024-30091 | Win32k Elevation of Privilege Vulnerability | Windows Win32K – GRFX | Important | 7.8 | Elevation of Privilege | No | No |
CVE-2024-30093 | Windows Storage Elevation of Privilege Vulnerability | Windows Storage | Important | 7.3 | Elevation of Privilege | No | No |
CVE-2024-30094 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | Windows Routing and Remote Access Service (RRAS) | Important | 7.8 | Remote Code Execution | No | No |
CVE-2024-30095 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | Windows Routing and Remote Access Service (RRAS) | Important | 7.8 | Remote Code Execution | No | No |
CVE-2024-30096 | Windows Cryptographic Services Information Disclosure Vulnerability | Windows Cryptographic Services | Important | 5.5 | Information Disclosure | No | No |
CVE-2024-30097 | Microsoft Speech Application Programming Interface (SAPI) Remote Code Execution Vulnerability | Microsoft Windows Speech | Important | 8.8 | Remote Code Execution | No | No |
CVE-2024-30099 | Windows Kernel Elevation of Privilege Vulnerability | Windows NT OS Kernel | Important | 7 | Elevation of Privilege | No | No |
CVE-2024-30100 | Microsoft SharePoint Server Remote Code Execution Vulnerability | Microsoft Office SharePoint | Important | 7.8 | Remote Code Execution | No | No |
CVE-2024-30101 | Microsoft Office Remote Code Execution Vulnerability | Microsoft Office | Important | 7.5 | Remote Code Execution | No | No |
CVE-2024-30102 | Microsoft Office Remote Code Execution Vulnerability | Microsoft Office Word | Important | 7.3 | Remote Code Execution | No | No |
CVE-2024-30103 | Microsoft Outlook Remote Code Execution Vulnerability | Microsoft Office Outlook | Important | 8.8 | Remote Code Execution | No | No |
CVE-2024-30104 | Microsoft Office Remote Code Execution Vulnerability | Microsoft Office | Important | 7.8 | Remote Code Execution | No | No |
CVE-2024-35248 | Microsoft Dynamics 365 Business Central Elevation of Privilege Vulnerability | Dynamics Business Central | Important | 7.3 | Elevation of Privilege | No | No |
CVE-2024-35249 | Microsoft Dynamics 365 Business Central Remote Code Execution Vulnerability | Dynamics Business Central | Important | 8.8 | Remote Code Execution | No | No |
CVE-2024-35252 | Azure Storage Movement Client Library Denial of Service Vulnerability | Azure Storage Library | Important | 7.5 | Denial of Service | No | No |
CVE-2024-35253 | Microsoft Azure File Sync Elevation of Privilege Vulnerability | Azure File Sync | Important | 4.4 | Elevation of Privilege | No | No |
CVE-2024-35254 | Azure Monitor Agent Elevation of Privilege Vulnerability | Azure Monitor | Important | 7.1 | Elevation of Privilege | No | No |
CVE-2024-35263 | Microsoft Dynamics 365 (On-Premises) Information Disclosure Vulnerability | Microsoft Dynamics | Important | 5.7 | Information Disclosure | No | No |
CVE-2024-35265 | Windows Perception Service Elevation of Privilege Vulnerability | Windows Perception Service | Important | 7 | Elevation of Privilege | No | No |
CVE-2024-37325 | Azure Science Virtual Machine (DSVM) Elevation of Privilege Vulnerability | Azure Data Science Virtual Machines | Important | 8.1 | Elevation of Privilege | No | No |
CVE-2024-30052 | Visual Studio Remote Code Execution Vulnerability | Visual Studio | Important | 4.7 | Remote Code Execution | No | No |
Quickly Find and Fix Your Most At-Risk Weaknesses
Watch this demo to see how Fortra VM can help.
The post Patch Tuesday Update – June 2024 appeared first on Digital Defense.
*** This is a Security Bloggers Network syndicated blog from Digital Defense authored by Digital Defense by Fortra. Read the original post at: https://www.digitaldefense.com/vulnerability-research/patch-tuesday-update-june-2024/