Report Name: Microsoft Patch Tuesday, June 2024
Generated: 2024-06-13 02:14:57

Product Name	Prevalence	U	C	H	M	L	A	Comment
Windows Container Manager Service	0.9			1			1	Windows component
Windows Kernel	0.9			4			4	Windows Kernel
Windows Win32k	0.9			3			3	The Win32k.sys driver is the kernel side of some core parts of the Windows subsystem. Its main functionality is the GUI of Windows; it's responsible for window management.
Chromium	0.8		2		14		16	Chromium is a free and open-source web browser project, mainly developed and maintained by Google
Microsoft Edge	0.8			1			1	Web browser
Microsoft Office	0.8			3			3	Microsoft Office is a suite of applications designed to help with productivity and completing common tasks on a computer
Windows Cloud Files Mini Filter Driver	0.8			1			1	Windows component
Windows Cryptographic Services	0.8				1		1	Windows component
Windows Distributed File System (DFS)	0.8			1			1	Windows component
Windows Installer	0.8				1		1	Windows component
Windows Kernel-Mode Driver	0.8				2		2	Windows component
Windows Link Layer Topology Discovery Protocol	0.8			2			2	Windows component
Windows OLE	0.8			1			1	Windows component
Windows Perception Service	0.8				1		1	Windows component
Windows Remote Access Connection Manager	0.8				1		1	Windows component
Windows Routing and Remote Access Service (RRAS)	0.8			2			2	Windows component
Windows Standards-Based Storage Management Service	0.8			1	1		2	Windows component
Windows Storage	0.8				1		1	Windows component
Windows Themes	0.8				1		1	Windows component
Windows Wi-Fi Driver	0.8			1			1	Windows component
Windows Win32 Kernel Subsystem	0.8				1		1	Windows component
Microsoft Outlook	0.6			1			1	Microsoft Outlook is a personal information manager software system from Microsoft, available as a part of the Microsoft 365 software suites
Azure Identity Libraries and Microsoft Authentication Library	0.5				1		1	Azure Identity Libraries and Microsoft Authentication Library
Azure Monitor Agent	0.5				2		2	Azure Monitor Agent
Azure Science Virtual Machine (DSVM)	0.5			1			1	Azure Science Virtual Machine (DSVM)
Azure Storage Movement Client Library	0.5				1		1	Azure Storage Movement Client Library
DHCP Server Service	0.5			1			1	DHCP Server Service
DNSSEC	0.5				1		1	The Domain Name System Security Extensions (DNSSEC) is a feature of the Domain Name System (DNS) that authenticates responses to domain name lookups
Microsoft Azure File Sync	0.5			1			1	Microsoft Azure File Sync
Microsoft Dynamics 365 (On-Premises)	0.5				1		1	Microsoft Dynamics 365 (On-Premises)
Microsoft Dynamics 365 Business Central	0.5				2		2	Microsoft Dynamics 365 Business Central
Microsoft Event Trace Log File Parsing	0.5				1		1	Microsoft Event Trace Log File Parsing
Microsoft Message Queuing (MSMQ)	0.5			1			1	Microsoft Message Queuing (MSMQ)
Microsoft SharePoint Server	0.5				1		1	Microsoft SharePoint Server
Microsoft Speech Application Programming Interface (SAPI)	0.5			1			1	Microsoft Speech Application Programming Interface (SAPI)
Microsoft Streaming Service	0.5				2		2	Microsoft Streaming Service
Winlogon	0.5				2		2	Winlogon
Visual Studio	0.3				2		2	Integrated development environment

Vulnerability Type	Criticality	U	C	H	M	L	A
Remote Code Execution	1.0		2	14	7		23
Elevation of Privilege	0.85			11	15		26
Information Disclosure	0.83			1	3		4
Denial of Service	0.7			1	4		5
Memory Corruption	0.5				10		10
Spoofing	0.4				1		1

Source	U	C	H	M	L	A
MS PT Extended		2	1	15		18
Qualys			8	5		13
Tenable			9	3		12
Rapid7			3	2		5
ZDI			3			3

Urgent (0)

Critical (2)

1. Remote Code Execution - Chromium (CVE-2024-5274) - Critical [716]

Description: Type Confusion in V8 in Google Chrome prior to 125.0.6422.112 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

MS PT Extended: CVE-2024-5274 was published before June 2024 Patch Tuesday from 2024-05-15 to 2024-06-10

2. Remote Code Execution - Chromium (CVE-2024-4947) - Critical [704]

Description: Type Confusion in V8 in Google Chrome prior to 125.0.6422.60 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

MS PT Extended: CVE-2024-4947 was published before June 2024 Patch Tuesday from 2024-05-15 to 2024-06-10

High (27)

3. Remote Code Execution - Windows Link Layer Topology Discovery Protocol (CVE-2024-30074) - High [511]

Description: Windows Link Layer Topology Discovery Protocol Remote Code Execution Vulnerability

4. Remote Code Execution - Windows Standards-Based Storage Management Service (CVE-2024-30062) - High [511]

Description: Windows Standards-Based Storage Management Service Remote Code Execution Vulnerability

5. Elevation of Privilege - Windows Win32k (CVE-2024-30091) - High [489]

Description: Win32k Elevation of Privilege Vulnerability

Qualys: Other Microsoft Vulnerability Highlights CVE-2024-30082 is an elevation of privilege vulnerability in Win32k. An attacker who successfully exploits the vulnerability may gain SYSTEM privileges. CVE-2024-35250 is an elevation of privilege vulnerability in the Windows Kernel-Mode Driver. On successful exploitation, an attacker may gain SYSTEM privileges. CVE-2024-30084 is an elevation of privilege vulnerability in the Windows Kernel-Mode Driver. To exploit the vulnerability, an attacker must win a race condition. On successful exploitation, an attacker may gain SYSTEM privileges. CVE-2024-30085 is an elevation of privilege vulnerability in the Windows Cloud Files Mini Filter Driver. An attacker who successfully exploits the vulnerability may gain SYSTEM privileges. CVE-2024-30086 is an elevation of privilege vulnerability in the Windows Win32 Kernel Subsystem. On successful exploitation, an attacker may gain SYSTEM privileges. CVE-2024-30087 is an elevation of privilege vulnerability in the Win32k. An attacker would gain the rights of the user running the affected application. CVE-2024-30089 is an elevation of privilege vulnerability in the Microsoft Streaming Service. On successful exploitation, an attacker may gain SYSTEM privileges. CVE-2024-30091 is an elevation of privilege vulnerability in Win32k. The attacker would gain the rights of the user running the affected application. CVE-2024-30088 and CVE-2024-30099 are elevation of privilege vulnerabilities in the Windows Kernel. To exploit them, an attacker must win a race condition. On successful exploitation, an attacker may gain SYSTEM privileges.

Tenable: CVE-2024-30082, CVE-2024-30087 and CVE-2024-30091 | Win32k Elevation of Privilege Vulnerability

Tenable: CVE-2024-30082, CVE-2024-30087 and CVE-2024-30091 are EoP vulnerabilities in Microsoft’s Win32k, a core kernel-side driver used in Windows. All three of these vulnerabilities were assigned a CVSSv3 score of 7.8 and rated as “Exploitation More Likely.”

6. Elevation of Privilege - Windows Kernel (CVE-2024-30088) - High [477]

Description: Windows Kernel Elevation of Privilege Vulnerability

Qualys: Other Microsoft Vulnerability Highlights CVE-2024-30082 is an elevation of privilege vulnerability in Win32k. An attacker who successfully exploits the vulnerability may gain SYSTEM privileges. CVE-2024-35250 is an elevation of privilege vulnerability in the Windows Kernel-Mode Driver. On successful exploitation, an attacker may gain SYSTEM privileges. CVE-2024-30084 is an elevation of privilege vulnerability in the Windows Kernel-Mode Driver. To exploit the vulnerability, an attacker must win a race condition. On successful exploitation, an attacker may gain SYSTEM privileges. CVE-2024-30085 is an elevation of privilege vulnerability in the Windows Cloud Files Mini Filter Driver. An attacker who successfully exploits the vulnerability may gain SYSTEM privileges. CVE-2024-30086 is an elevation of privilege vulnerability in the Windows Win32 Kernel Subsystem. On successful exploitation, an attacker may gain SYSTEM privileges. CVE-2024-30087 is an elevation of privilege vulnerability in the Win32k. An attacker would gain the rights of the user running the affected application. CVE-2024-30089 is an elevation of privilege vulnerability in the Microsoft Streaming Service. On successful exploitation, an attacker may gain SYSTEM privileges. CVE-2024-30091 is an elevation of privilege vulnerability in Win32k. The attacker would gain the rights of the user running the affected application. CVE-2024-30088 and CVE-2024-30099 are elevation of privilege vulnerabilities in the Windows Kernel. To exploit them, an attacker must win a race condition. On successful exploitation, an attacker may gain SYSTEM privileges.

Tenable: CVE-2024-30064, CVE-2024-30068, CVE-2024-30088 and CVE-2024-30099 | Windows Kernel Elevation of Privilege Vulnerability

Tenable: CVE-2024-30064, CVE-2024-30068, CVE-2024-30088, CVE-2024-30099 are EoP vulnerabilities affecting the Windows Kernel. These vulnerabilities are all rated as important, and two of the four were assigned a CVSSv3 score of 7.0 while CVE-2024-30064 and CVE-2024-30068 were assigned a CVSSv3 score of 8.8. Despite the higher CVSS scores, CVE-2024-30064 and CVE-2024-30068 were both rated as “Exploitation Less Likely,” while the other two flaws were rated as “Exploitation More Likely.” Successful exploitation of these vulnerabilities could lead to an attacker gaining elevated privileges and Microsoft’s advisories for CVE-2024-30068, CVE-2024-30088 and CVE-2024-30099 make mention that an attacker could gain SYSTEM privileges.

7. Elevation of Privilege - Windows Kernel (CVE-2024-30099) - High [477]

Description: Windows Kernel Elevation of Privilege Vulnerability

Qualys: Other Microsoft Vulnerability Highlights CVE-2024-30082 is an elevation of privilege vulnerability in Win32k. An attacker who successfully exploits the vulnerability may gain SYSTEM privileges. CVE-2024-35250 is an elevation of privilege vulnerability in the Windows Kernel-Mode Driver. On successful exploitation, an attacker may gain SYSTEM privileges. CVE-2024-30084 is an elevation of privilege vulnerability in the Windows Kernel-Mode Driver. To exploit the vulnerability, an attacker must win a race condition. On successful exploitation, an attacker may gain SYSTEM privileges. CVE-2024-30085 is an elevation of privilege vulnerability in the Windows Cloud Files Mini Filter Driver. An attacker who successfully exploits the vulnerability may gain SYSTEM privileges. CVE-2024-30086 is an elevation of privilege vulnerability in the Windows Win32 Kernel Subsystem. On successful exploitation, an attacker may gain SYSTEM privileges. CVE-2024-30087 is an elevation of privilege vulnerability in the Win32k. An attacker would gain the rights of the user running the affected application. CVE-2024-30089 is an elevation of privilege vulnerability in the Microsoft Streaming Service. On successful exploitation, an attacker may gain SYSTEM privileges. CVE-2024-30091 is an elevation of privilege vulnerability in Win32k. The attacker would gain the rights of the user running the affected application. CVE-2024-30088 and CVE-2024-30099 are elevation of privilege vulnerabilities in the Windows Kernel. To exploit them, an attacker must win a race condition. On successful exploitation, an attacker may gain SYSTEM privileges.

Tenable: CVE-2024-30064, CVE-2024-30068, CVE-2024-30088 and CVE-2024-30099 | Windows Kernel Elevation of Privilege Vulnerability

Tenable: CVE-2024-30064, CVE-2024-30068, CVE-2024-30088, CVE-2024-30099 are EoP vulnerabilities affecting the Windows Kernel. These vulnerabilities are all rated as important, and two of the four were assigned a CVSSv3 score of 7.0 while CVE-2024-30064 and CVE-2024-30068 were assigned a CVSSv3 score of 8.8. Despite the higher CVSS scores, CVE-2024-30064 and CVE-2024-30068 were both rated as “Exploitation Less Likely,” while the other two flaws were rated as “Exploitation More Likely.” Successful exploitation of these vulnerabilities could lead to an attacker gaining elevated privileges and Microsoft’s advisories for CVE-2024-30068, CVE-2024-30088 and CVE-2024-30099 make mention that an attacker could gain SYSTEM privileges.

8. Elevation of Privilege - Windows Cloud Files Mini Filter Driver (CVE-2024-30085) - High [473]

Description: Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability

Qualys: Other Microsoft Vulnerability Highlights CVE-2024-30082 is an elevation of privilege vulnerability in Win32k. An attacker who successfully exploits the vulnerability may gain SYSTEM privileges. CVE-2024-35250 is an elevation of privilege vulnerability in the Windows Kernel-Mode Driver. On successful exploitation, an attacker may gain SYSTEM privileges. CVE-2024-30084 is an elevation of privilege vulnerability in the Windows Kernel-Mode Driver. To exploit the vulnerability, an attacker must win a race condition. On successful exploitation, an attacker may gain SYSTEM privileges. CVE-2024-30085 is an elevation of privilege vulnerability in the Windows Cloud Files Mini Filter Driver. An attacker who successfully exploits the vulnerability may gain SYSTEM privileges. CVE-2024-30086 is an elevation of privilege vulnerability in the Windows Win32 Kernel Subsystem. On successful exploitation, an attacker may gain SYSTEM privileges. CVE-2024-30087 is an elevation of privilege vulnerability in the Win32k. An attacker would gain the rights of the user running the affected application. CVE-2024-30089 is an elevation of privilege vulnerability in the Microsoft Streaming Service. On successful exploitation, an attacker may gain SYSTEM privileges. CVE-2024-30091 is an elevation of privilege vulnerability in Win32k. The attacker would gain the rights of the user running the affected application. CVE-2024-30088 and CVE-2024-30099 are elevation of privilege vulnerabilities in the Windows Kernel. To exploit them, an attacker must win a race condition. On successful exploitation, an attacker may gain SYSTEM privileges.

Tenable: CVE-2024-30085 | Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability

Tenable: CVE-2024-30085 is an EoP vulnerability in the Microsoft Windows Cloud Files Mini Filter Driver (cldflt.sys). It was assigned a CVSSv3 score of 7.8 and is rated as important. Additionally, Microsoft rates this flaw as “Exploitation More Likely.” An attacker could exploit this vulnerability as part of post-compromise activity to elevate privileges to SYSTEM. This is the second EoP affecting Windows Cloud Files Mini Filter Driver patched in 2024. The first was CVE-2024-21310 which was patched as part of the January 2024 Patch Tuesday release.

9. Elevation of Privilege - Azure Science Virtual Machine (DSVM) (CVE-2024-37325) - High [458]

Description: Azure Science Virtual Machine (DSVM) Elevation of Privilege Vulnerability

10. Elevation of Privilege - Microsoft Azure File Sync (CVE-2024-35253) - High [456]

Description: Microsoft Azure File Sync Elevation of Privilege Vulnerability

11. Remote Code Execution - Microsoft Office (CVE-2024-30101) - High [454]

Description: Microsoft Office Remote Code Execution Vulnerability

Rapid7: Microsoft Office receives patches for a pair of RCE-via-malicious-file vulnerabilities. CVE-2024-30101 is a vulnerability in Outlook; although the Preview Pane is a vector, the user must subsequently perform unspecified specific actions to trigger the vulnerability and the attacker must win a race condition. On the other hand, CVE-2024-30104 does not have the Preview Pane as a vector, but nevertheless ends up with a slightly higher CVSS base score of 7.8, since exploitation relies solely on the user opening a malicious file.

12. Remote Code Execution - Windows Wi-Fi Driver (CVE-2024-30078) - High [442]

Description: Windows Wi-Fi Driver Remote Code Execution Vulnerability

ZDI: CVE-2024-30078 – Windows Wi-Fi Driver Remote Code Execution Vulnerability. This vulnerability allows an unauthenticated attacker to execute code on an affected system by sending the target a specially crafted network packet. Obviously, the target would need to be in Wi-Fi range of the attacker and using a Wi-Fi adapter, but that’s the only restriction. Microsoft rates this as “exploitation less likely” but considering it hits every supported version of Windows, it will likely draw a lot of attention from attackers and red teams alike.

13. Remote Code Execution - Microsoft Office (CVE-2024-30104) - High [430]

Description: Microsoft Office Remote Code Execution Vulnerability

Rapid7: Microsoft Office receives patches for a pair of RCE-via-malicious-file vulnerabilities. CVE-2024-30101 is a vulnerability in Outlook; although the Preview Pane is a vector, the user must subsequently perform unspecified specific actions to trigger the vulnerability and the attacker must win a race condition. On the other hand, CVE-2024-30104 does not have the Preview Pane as a vector, but nevertheless ends up with a slightly higher CVSS base score of 7.8, since exploitation relies solely on the user opening a malicious file.

14. Remote Code Execution - Windows Link Layer Topology Discovery Protocol (CVE-2024-30075) - High [430]

Description: Windows Link Layer Topology Discovery Protocol Remote Code Execution Vulnerability

15. Remote Code Execution - Windows OLE (CVE-2024-30077) - High [430]

Description: Windows OLE Remote Code Execution Vulnerability

16. Remote Code Execution - Windows Routing and Remote Access Service (RRAS) (CVE-2024-30094) - High [430]

Description: Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability

17. Remote Code Execution - Windows Routing and Remote Access Service (RRAS) (CVE-2024-30095) - High [430]

Description: Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability

18. Remote Code Execution - Microsoft Message Queuing (MSMQ) (CVE-2024-30080) - High [428]

Description: Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability

Qualys: CVE-2024-30080: Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability Message Queuing (MSMQ) is a protocol developed by Microsoft to ensure reliable communication between Windows computers across different networks, even when a host is temporarily not connected (by maintaining a message queue of undelivered messages). To exploit this vulnerability, an attacker must send a malicious MSMQ packet to an MSMQ server. On successful exploitation, an attacker may perform remote code execution on the server side.

Qualys: CVE-2024-30080: Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability CVSS:3.1 9.8 / 8.5 Policy Compliance Control IDs (CIDs): 14297 Status of the open network connections and listening ports (Qualys Agent only) 14916 Status of Windows Services 4030 Status of the Windows Message Queuing Service The following QQL will return a posture assessment for the CIDs for this Patch Tuesday: control.id: [14297, 14916, 4030]

Tenable: CVE-2024-30080 | Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability

Tenable: CVE-2024-30080 is a RCE vulnerability in the Microsoft Message Queuing (MSMQ) component of Windows operating systems that was assigned a CVSSv3 score of 9.8 and rated critical. An unauthenticated, remote attacker could exploit this vulnerability by sending a specially crafted packet to a vulnerable target. Microsoft rates this vulnerability as “Exploitation More Likely” according to the Microsoft Exploitability Index.

Tenable: CVE-2024-30080 is the fourth RCE affecting MSMQ patched in 2024, with two addressed in the April Patch Tuesday (CVE-2024-26232, CVE-2024-26208) release and one in Februrary’s Patch Tuesday (CVE-2024-21363) release.

Rapid7: The sole critical RCE patched today is CVE-2024-30080 for all current versions of Windows. Exploitation requires that an attacker send a specially crafted malicious packet to an MSMQ server, which Patch Tuesday watchers will know as a perennial source of vulnerabilities. As usual, Microsoft points out that the Windows message queuing service is not enabled by default; as usual, Rapid7 notes that a number of applications – including Microsoft Exchange – quietly introduce MSMQ as part of their own installation routine. As is typical of MSMQ RCE vulnerabilities, CVE-2024-30080 receives a high CVSSv3 base score due to the network attack vector, low attack complexity, and lack of required privileges. Code execution is presumably in a SYSTEM context, although the advisory does not specify.

ZDI: CVE-2024-30080 – Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability. This update receives a CVSS rating of 9.8 and would allow remote, unauthenticated attackers to execute arbitrary code with elevated privileges of systems where MSMQ is enabled. That makes this wormable between those servers, but not to systems where MSMQ is disabled. This is similar to the “QueueJumper” vulnerability from last year, but it’s not clear how many affected systems are exposed to the internet. While it is likely a low number, now would be a good time to audit your networks to ensure TCP port 1801 is not reachable.

19. Elevation of Privilege - Windows Kernel (CVE-2024-30064) - High [420]

Description: Windows Kernel Elevation of Privilege Vulnerability

Tenable: CVE-2024-30064, CVE-2024-30068, CVE-2024-30088 and CVE-2024-30099 | Windows Kernel Elevation of Privilege Vulnerability

Tenable: CVE-2024-30064, CVE-2024-30068, CVE-2024-30088, CVE-2024-30099 are EoP vulnerabilities affecting the Windows Kernel. These vulnerabilities are all rated as important, and two of the four were assigned a CVSSv3 score of 7.0 while CVE-2024-30064 and CVE-2024-30068 were assigned a CVSSv3 score of 8.8. Despite the higher CVSS scores, CVE-2024-30064 and CVE-2024-30068 were both rated as “Exploitation Less Likely,” while the other two flaws were rated as “Exploitation More Likely.” Successful exploitation of these vulnerabilities could lead to an attacker gaining elevated privileges and Microsoft’s advisories for CVE-2024-30068, CVE-2024-30088 and CVE-2024-30099 make mention that an attacker could gain SYSTEM privileges.

20. Elevation of Privilege - Windows Kernel (CVE-2024-30068) - High [420]

Description: Windows Kernel Elevation of Privilege Vulnerability

Tenable: CVE-2024-30064, CVE-2024-30068, CVE-2024-30088 and CVE-2024-30099 | Windows Kernel Elevation of Privilege Vulnerability

Tenable: CVE-2024-30064, CVE-2024-30068, CVE-2024-30088, CVE-2024-30099 are EoP vulnerabilities affecting the Windows Kernel. These vulnerabilities are all rated as important, and two of the four were assigned a CVSSv3 score of 7.0 while CVE-2024-30064 and CVE-2024-30068 were assigned a CVSSv3 score of 8.8. Despite the higher CVSS scores, CVE-2024-30064 and CVE-2024-30068 were both rated as “Exploitation Less Likely,” while the other two flaws were rated as “Exploitation More Likely.” Successful exploitation of these vulnerabilities could lead to an attacker gaining elevated privileges and Microsoft’s advisories for CVE-2024-30068, CVE-2024-30088 and CVE-2024-30099 make mention that an attacker could gain SYSTEM privileges.

21. Remote Code Execution - Microsoft Speech Application Programming Interface (SAPI) (CVE-2024-30097) - High [416]

Description: Microsoft Speech Application Programming Interface (SAPI) Remote Code Execution Vulnerability

22. Information Disclosure - Microsoft Edge (CVE-2024-30056) - High [412]

Description: Microsoft Edge (Chromium-based) Information Disclosure Vulnerability

MS PT Extended: CVE-2024-30056 was published before June 2024 Patch Tuesday from 2024-05-15 to 2024-06-10

23. Remote Code Execution - Microsoft Outlook (CVE-2024-30103) - High [409]

Description: Microsoft Outlook Remote Code Execution Vulnerability

ZDI: CVE-2024-30103 – Microsoft Outlook Remote Code Execution Vulnerability. This patch corrects a bug that allows attackers to bypass Outlook registry block lists and enable the creation of malicious DLL files. While not explicitly stated, attackers would likely then use the malicious DLL files to perform some form of DLL hijacking for further compromise. The good news here is that the attacker would need valid Exchange credentials to perform this attack. The bad news is that the exploit can occur in the Preview Pane. Considering how often credentials end up being sold in underground forums, I would not ignore this fix.

24. Denial of Service - DHCP Server Service (CVE-2024-30070) - High [408]

Description: DHCP Server Service Denial of Service Vulnerability

Qualys: CVE-2024-30070: DHCP Server Service Denial of Service Vulnerability CVSS:3.1 7.5 / 6.7 Policy Compliance Control IDs (CIDs): 26238 Status of the DHCP Failover Configuration (Qualys Agent Only) The following QQL will return a posture assessment for the CIDs for this Patch Tuesday: control.id: [26238] The next Patch Tuesday falls on July 9, and we’ll be back with details and patch analysis. Until next Patch Tuesday, stay safe and secure. Be sure to subscribe to the ‘This Month in Vulnerabilities and Patch’s webinar.’

25. Elevation of Privilege - Windows Container Manager Service (CVE-2024-30076) - High [408]

Description: Windows Container Manager Service Elevation of Privilege Vulnerability

26. Elevation of Privilege - Windows Win32k (CVE-2024-30082) - High [408]

Description: Win32k Elevation of Privilege Vulnerability

Qualys: Other Microsoft Vulnerability Highlights CVE-2024-30082 is an elevation of privilege vulnerability in Win32k. An attacker who successfully exploits the vulnerability may gain SYSTEM privileges. CVE-2024-35250 is an elevation of privilege vulnerability in the Windows Kernel-Mode Driver. On successful exploitation, an attacker may gain SYSTEM privileges. CVE-2024-30084 is an elevation of privilege vulnerability in the Windows Kernel-Mode Driver. To exploit the vulnerability, an attacker must win a race condition. On successful exploitation, an attacker may gain SYSTEM privileges. CVE-2024-30085 is an elevation of privilege vulnerability in the Windows Cloud Files Mini Filter Driver. An attacker who successfully exploits the vulnerability may gain SYSTEM privileges. CVE-2024-30086 is an elevation of privilege vulnerability in the Windows Win32 Kernel Subsystem. On successful exploitation, an attacker may gain SYSTEM privileges. CVE-2024-30087 is an elevation of privilege vulnerability in the Win32k. An attacker would gain the rights of the user running the affected application. CVE-2024-30089 is an elevation of privilege vulnerability in the Microsoft Streaming Service. On successful exploitation, an attacker may gain SYSTEM privileges. CVE-2024-30091 is an elevation of privilege vulnerability in Win32k. The attacker would gain the rights of the user running the affected application. CVE-2024-30088 and CVE-2024-30099 are elevation of privilege vulnerabilities in the Windows Kernel. To exploit them, an attacker must win a race condition. On successful exploitation, an attacker may gain SYSTEM privileges.

Tenable: CVE-2024-30082, CVE-2024-30087 and CVE-2024-30091 | Win32k Elevation of Privilege Vulnerability

Tenable: CVE-2024-30082, CVE-2024-30087 and CVE-2024-30091 are EoP vulnerabilities in Microsoft’s Win32k, a core kernel-side driver used in Windows. All three of these vulnerabilities were assigned a CVSSv3 score of 7.8 and rated as “Exploitation More Likely.”

27. Elevation of Privilege - Windows Win32k (CVE-2024-30087) - High [408]

Description: Win32k Elevation of Privilege Vulnerability

Qualys: Other Microsoft Vulnerability Highlights CVE-2024-30082 is an elevation of privilege vulnerability in Win32k. An attacker who successfully exploits the vulnerability may gain SYSTEM privileges. CVE-2024-35250 is an elevation of privilege vulnerability in the Windows Kernel-Mode Driver. On successful exploitation, an attacker may gain SYSTEM privileges. CVE-2024-30084 is an elevation of privilege vulnerability in the Windows Kernel-Mode Driver. To exploit the vulnerability, an attacker must win a race condition. On successful exploitation, an attacker may gain SYSTEM privileges. CVE-2024-30085 is an elevation of privilege vulnerability in the Windows Cloud Files Mini Filter Driver. An attacker who successfully exploits the vulnerability may gain SYSTEM privileges. CVE-2024-30086 is an elevation of privilege vulnerability in the Windows Win32 Kernel Subsystem. On successful exploitation, an attacker may gain SYSTEM privileges. CVE-2024-30087 is an elevation of privilege vulnerability in the Win32k. An attacker would gain the rights of the user running the affected application. CVE-2024-30089 is an elevation of privilege vulnerability in the Microsoft Streaming Service. On successful exploitation, an attacker may gain SYSTEM privileges. CVE-2024-30091 is an elevation of privilege vulnerability in Win32k. The attacker would gain the rights of the user running the affected application. CVE-2024-30088 and CVE-2024-30099 are elevation of privilege vulnerabilities in the Windows Kernel. To exploit them, an attacker must win a race condition. On successful exploitation, an attacker may gain SYSTEM privileges.

Tenable: CVE-2024-30082, CVE-2024-30087 and CVE-2024-30091 | Win32k Elevation of Privilege Vulnerability

Tenable: CVE-2024-30082, CVE-2024-30087 and CVE-2024-30091 are EoP vulnerabilities in Microsoft’s Win32k, a core kernel-side driver used in Windows. All three of these vulnerabilities were assigned a CVSSv3 score of 7.8 and rated as “Exploitation More Likely.”

28. Remote Code Execution - Microsoft Office (CVE-2024-30102) - High [407]

Description: Microsoft Office Remote Code Execution Vulnerability

29. Remote Code Execution - Windows Distributed File System (DFS) (CVE-2024-30063) - High [407]

Description: Windows Distributed File System (DFS) Remote Code Execution Vulnerability

Medium (40)

30. Elevation of Privilege - Windows Installer (CVE-2024-29187) - Medium [392]

Description: WiX toolset lets developers create installers for Windows Installer, the Windows installation engine. When a bundle runs as SYSTEM user, Burn uses GetTempPathW which points to an insecure directory C:\Windows\Temp to drop and load multiple binaries. Standard users can hijack the binary before it's loaded in the application resulting in elevation of privileges. This vulnerability is fixed in 3.14.1 and 4.0.5.

Tenable: Microsoft addresses 49 CVEs in its June 2024 Patch Tuesday release with one rated as critical and no zero-day or publicly disclosed vulnerabilities. Our counts omitted two CVEs that were not issued by Microsoft, which include CVE-2023-50868 (issued by MITRE) and CVE-2024-29187 (issued by GitHub).

31. Elevation of Privilege - Windows Kernel-Mode Driver (CVE-2024-35250) - Medium [392]

Description: Windows Kernel-Mode Driver Elevation of Privilege Vulnerability

Qualys: Other Microsoft Vulnerability Highlights CVE-2024-30082 is an elevation of privilege vulnerability in Win32k. An attacker who successfully exploits the vulnerability may gain SYSTEM privileges. CVE-2024-35250 is an elevation of privilege vulnerability in the Windows Kernel-Mode Driver. On successful exploitation, an attacker may gain SYSTEM privileges. CVE-2024-30084 is an elevation of privilege vulnerability in the Windows Kernel-Mode Driver. To exploit the vulnerability, an attacker must win a race condition. On successful exploitation, an attacker may gain SYSTEM privileges. CVE-2024-30085 is an elevation of privilege vulnerability in the Windows Cloud Files Mini Filter Driver. An attacker who successfully exploits the vulnerability may gain SYSTEM privileges. CVE-2024-30086 is an elevation of privilege vulnerability in the Windows Win32 Kernel Subsystem. On successful exploitation, an attacker may gain SYSTEM privileges. CVE-2024-30087 is an elevation of privilege vulnerability in the Win32k. An attacker would gain the rights of the user running the affected application. CVE-2024-30089 is an elevation of privilege vulnerability in the Microsoft Streaming Service. On successful exploitation, an attacker may gain SYSTEM privileges. CVE-2024-30091 is an elevation of privilege vulnerability in Win32k. The attacker would gain the rights of the user running the affected application. CVE-2024-30088 and CVE-2024-30099 are elevation of privilege vulnerabilities in the Windows Kernel. To exploit them, an attacker must win a race condition. On successful exploitation, an attacker may gain SYSTEM privileges.

32. Elevation of Privilege - Windows Win32 Kernel Subsystem (CVE-2024-30086) - Medium [392]

Description: Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability

Qualys: Other Microsoft Vulnerability Highlights CVE-2024-30082 is an elevation of privilege vulnerability in Win32k. An attacker who successfully exploits the vulnerability may gain SYSTEM privileges. CVE-2024-35250 is an elevation of privilege vulnerability in the Windows Kernel-Mode Driver. On successful exploitation, an attacker may gain SYSTEM privileges. CVE-2024-30084 is an elevation of privilege vulnerability in the Windows Kernel-Mode Driver. To exploit the vulnerability, an attacker must win a race condition. On successful exploitation, an attacker may gain SYSTEM privileges. CVE-2024-30085 is an elevation of privilege vulnerability in the Windows Cloud Files Mini Filter Driver. An attacker who successfully exploits the vulnerability may gain SYSTEM privileges. CVE-2024-30086 is an elevation of privilege vulnerability in the Windows Win32 Kernel Subsystem. On successful exploitation, an attacker may gain SYSTEM privileges. CVE-2024-30087 is an elevation of privilege vulnerability in the Win32k. An attacker would gain the rights of the user running the affected application. CVE-2024-30089 is an elevation of privilege vulnerability in the Microsoft Streaming Service. On successful exploitation, an attacker may gain SYSTEM privileges. CVE-2024-30091 is an elevation of privilege vulnerability in Win32k. The attacker would gain the rights of the user running the affected application. CVE-2024-30088 and CVE-2024-30099 are elevation of privilege vulnerabilities in the Windows Kernel. To exploit them, an attacker must win a race condition. On successful exploitation, an attacker may gain SYSTEM privileges.

33. Remote Code Execution - Microsoft Dynamics 365 Business Central (CVE-2024-35249) - Medium [392]

Description: Microsoft Dynamics 365 Business Central Remote Code Execution Vulnerability

34. Elevation of Privilege - Windows Kernel-Mode Driver (CVE-2024-30084) - Medium [380]

Description: Windows Kernel-Mode Driver Elevation of Privilege Vulnerability

Qualys: Other Microsoft Vulnerability Highlights CVE-2024-30082 is an elevation of privilege vulnerability in Win32k. An attacker who successfully exploits the vulnerability may gain SYSTEM privileges. CVE-2024-35250 is an elevation of privilege vulnerability in the Windows Kernel-Mode Driver. On successful exploitation, an attacker may gain SYSTEM privileges. CVE-2024-30084 is an elevation of privilege vulnerability in the Windows Kernel-Mode Driver. To exploit the vulnerability, an attacker must win a race condition. On successful exploitation, an attacker may gain SYSTEM privileges. CVE-2024-30085 is an elevation of privilege vulnerability in the Windows Cloud Files Mini Filter Driver. An attacker who successfully exploits the vulnerability may gain SYSTEM privileges. CVE-2024-30086 is an elevation of privilege vulnerability in the Windows Win32 Kernel Subsystem. On successful exploitation, an attacker may gain SYSTEM privileges. CVE-2024-30087 is an elevation of privilege vulnerability in the Win32k. An attacker would gain the rights of the user running the affected application. CVE-2024-30089 is an elevation of privilege vulnerability in the Microsoft Streaming Service. On successful exploitation, an attacker may gain SYSTEM privileges. CVE-2024-30091 is an elevation of privilege vulnerability in Win32k. The attacker would gain the rights of the user running the affected application. CVE-2024-30088 and CVE-2024-30099 are elevation of privilege vulnerabilities in the Windows Kernel. To exploit them, an attacker must win a race condition. On successful exploitation, an attacker may gain SYSTEM privileges.

35. Elevation of Privilege - Windows Perception Service (CVE-2024-35265) - Medium [380]

Description: Windows Perception Service Elevation of Privilege Vulnerability

36. Elevation of Privilege - Windows Storage (CVE-2024-30093) - Medium [380]

Description: Windows Storage Elevation of Privilege Vulnerability

37. Remote Code Execution - Microsoft Event Trace Log File Parsing (CVE-2024-30072) - Medium [380]

Description: Microsoft Event Trace Log File Parsing Remote Code Execution Vulnerability

38. Remote Code Execution - Microsoft SharePoint Server (CVE-2024-30100) - Medium [380]

Description: Microsoft SharePoint Server Remote Code Execution Vulnerability

Rapid7: This month also brings a patch for SharePoint RCE CVE-2024-30100. The advisory is sparing on details, and the context of code exploitation is not clear. The weakness is described as CWE-426: Untrusted Search Path; many (but not all) vulnerabilities associated with CWE-426 lead to elevation of privilege.

39. Denial of Service - Windows Standards-Based Storage Management Service (CVE-2024-30083) - Medium [377]

Description: Windows Standards-Based Storage Management Service Denial of Service Vulnerability

40. Information Disclosure - Windows Cryptographic Services (CVE-2024-30096) - Medium [364]

Description: Windows Cryptographic Services Information Disclosure Vulnerability

41. Information Disclosure - Windows Remote Access Connection Manager (CVE-2024-30069) - Medium [352]

Description: Windows Remote Access Connection Manager Information Disclosure Vulnerability

42. Elevation of Privilege - Azure Monitor Agent (CVE-2024-30060) - Medium [342]

Description: Azure Monitor Agent Elevation of Privilege Vulnerability

MS PT Extended: CVE-2024-30060 was published before June 2024 Patch Tuesday from 2024-05-15 to 2024-06-10

43. Elevation of Privilege - Microsoft Dynamics 365 Business Central (CVE-2024-35248) - Medium [342]

Description: Microsoft Dynamics 365 Business Central Elevation of Privilege Vulnerability

44. Elevation of Privilege - Microsoft Streaming Service (CVE-2024-30089) - Medium [342]

Description: Microsoft Streaming Service Elevation of Privilege Vulnerability

Qualys: Other Microsoft Vulnerability Highlights CVE-2024-30082 is an elevation of privilege vulnerability in Win32k. An attacker who successfully exploits the vulnerability may gain SYSTEM privileges. CVE-2024-35250 is an elevation of privilege vulnerability in the Windows Kernel-Mode Driver. On successful exploitation, an attacker may gain SYSTEM privileges. CVE-2024-30084 is an elevation of privilege vulnerability in the Windows Kernel-Mode Driver. To exploit the vulnerability, an attacker must win a race condition. On successful exploitation, an attacker may gain SYSTEM privileges. CVE-2024-30085 is an elevation of privilege vulnerability in the Windows Cloud Files Mini Filter Driver. An attacker who successfully exploits the vulnerability may gain SYSTEM privileges. CVE-2024-30086 is an elevation of privilege vulnerability in the Windows Win32 Kernel Subsystem. On successful exploitation, an attacker may gain SYSTEM privileges. CVE-2024-30087 is an elevation of privilege vulnerability in the Win32k. An attacker would gain the rights of the user running the affected application. CVE-2024-30089 is an elevation of privilege vulnerability in the Microsoft Streaming Service. On successful exploitation, an attacker may gain SYSTEM privileges. CVE-2024-30091 is an elevation of privilege vulnerability in Win32k. The attacker would gain the rights of the user running the affected application. CVE-2024-30088 and CVE-2024-30099 are elevation of privilege vulnerabilities in the Windows Kernel. To exploit them, an attacker must win a race condition. On successful exploitation, an attacker may gain SYSTEM privileges.

Tenable: CVE-2024-30089 | Microsoft Streaming Service Elevation of Privilege Vulnerability

Tenable: CVE-2024-30089 is an EoP vulnerability in the Microsoft Streaming Service. It was assigned a CVSSv3 score of 7.8 and is rated as important. An attacker could exploit this vulnerability as part of post-compromise activity to elevate privileges to SYSTEM.

45. Denial of Service - Windows Themes (CVE-2024-30065) - Medium [341]

Description: Windows Themes Denial of Service Vulnerability

46. Remote Code Execution - Chromium (CVE-2024-5157) - Medium [335]

Description: Use after free in Scheduling in Google Chrome prior to 125.0.6422.76 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

MS PT Extended: CVE-2024-5157 was published before June 2024 Patch Tuesday from 2024-05-15 to 2024-06-10

47. Remote Code Execution - Chromium (CVE-2024-5496) - Medium [335]

Description: Use after free in Media Session in Google Chrome prior to 125.0.6422.141 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

MS PT Extended: CVE-2024-5496 was published before June 2024 Patch Tuesday from 2024-05-15 to 2024-06-10

48. Remote Code Execution - Chromium (CVE-2024-5499) - Medium [335]

Description: Chromium: CVE-2024-5499 Out of bounds write in Streams API. This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

MS PT Extended: CVE-2024-5499 was published before June 2024 Patch Tuesday from 2024-05-15 to 2024-06-10

49. Elevation of Privilege - Azure Monitor Agent (CVE-2024-35254) - Medium [330]

Description: Azure Monitor Agent Elevation of Privilege Vulnerability

50. Elevation of Privilege - Microsoft Streaming Service (CVE-2024-30090) - Medium [330]

Description: Microsoft Streaming Service Elevation of Privilege Vulnerability

51. Denial of Service - Azure Storage Movement Client Library (CVE-2024-35252) - Medium [327]

Description: Azure Storage Movement Client Library Denial of Service Vulnerability

52. Denial of Service - DNSSEC (CVE-2023-50868) - Medium [327]

Description: The Closest Encloser Proof aspect of the DNS protocol (in RFC 5155 when RFC 9276 guidance is skipped) allows remote attackers to cause a denial of service (CPU consumption for SHA-1 computations) via DNSSEC responses in a random subdomain attack, aka the "NSEC3" issue. The RFC 5155 specification implies that an algorithm must perform thousands of iterations of a hash function in certain situations.

Qualys: CVE-2023-50868: MITRE: CVE-2023-50868 NSEC3 closest encloser proof can exhaust CPU The vulnerability exists in DNSSEC validation that may allow an attacker to exploit standard DNSSEC protocols intended for DNS integrity by using excessive resources on a resolver, causing a denial of service for legitimate users. This vulnerability was disclosed in February and patched in numerous DNS implementations.

Tenable: Microsoft addresses 49 CVEs in its June 2024 Patch Tuesday release with one rated as critical and no zero-day or publicly disclosed vulnerabilities. Our counts omitted two CVEs that were not issued by Microsoft, which include CVE-2023-50868 (issued by MITRE) and CVE-2024-29187 (issued by GitHub).

Rapid7: And now for something completely different: CVE-2023-50868, which describes a denial of service vulnerability in DNSSEC. This vulnerability is present in the DNSSEC spec itself, and the CVE was assigned by MITRE on behalf of DNSSEC. Microsoft’s implementation of DNSSEC is thus subject to the same attack as other implementations. An attacker can exhaust CPU resources on a DNSSEC-validating DNS resolver by demanding responses from a DNSSEC-signed zone, if the resolver uses NSEC3 to respond to the request. NSEC3 is designed to provide a safe way for a DNSSEC-validating DNS resolver to indicate that a requested resource does not exist. Under certain circumstances, the DNS resolver must perform thousands of iterations of a hash function to calculate an NSEC3 response, and this is the foundation on which this DoS exploit rests. All current versions of Windows Server receive a patch today.

Rapid7: Typically, when Microsoft publishes a security advisory and describes the vulnerability as publicly disclosed, that public disclosure will have been recent. However, in the case of CVE-2023-50868, the flaw in DNSSEC was first publicly disclosed on 2024-02-13. The advisory acknowledges four academics from the German National Research Centre for Applied Cybersecurity (ATHENE), which is perhaps of interest since these same researchers are authors on a March 2024 academic paper that downplays the DoS potential of CVE-2023-50868. Those same researchers published another DNSSEC flaw CVE-2023-50387 (also known as KeyTrap) in January 2024, which they describe as having potentially serious implications; Microsoft patched that one at the next scheduled opportunity in February. The CVE-2023-50868 advisory published today does not provide further insight as to why this vulnerability wasn’t patched sooner; a reasonable assumption might be that Microsoft assesses CVE-2023-50868 as less urgent/critical than CVE-2023-50387, although both receive a rating of Important on Microsoft’s proprietary severity ranking scale. It’s also possible that Microsoft does not wish to be the only major server OS vendor without a patch.

Rapid7: 2024-06-12: Corrected a typo in a reference to CVE-2023-50868.

53. Information Disclosure - Microsoft Dynamics 365 (On-Premises) (CVE-2024-35263) - Medium [326]

Description: Microsoft Dynamics 365 (On-Premises) Information Disclosure Vulnerability

54. Elevation of Privilege - Azure Identity Libraries and Microsoft Authentication Library (CVE-2024-35255) - Medium [318]

Description: Azure Identity Libraries and Microsoft Authentication Library Elevation of Privilege Vulnerability

55. Elevation of Privilege - Winlogon (CVE-2024-30066) - Medium [318]

Description: Winlogon Elevation of Privilege Vulnerability

56. Elevation of Privilege - Winlogon (CVE-2024-30067) - Medium [318]

Description: Winlogon Elevation of Privilege Vulnerability

57. Remote Code Execution - Visual Studio (CVE-2024-30052) - Medium [311]

Description: Visual Studio Remote Code Execution Vulnerability

58. Elevation of Privilege - Visual Studio (CVE-2024-29060) - Medium [308]

Description: Visual Studio Elevation of Privilege Vulnerability

59. Memory Corruption - Chromium (CVE-2024-4948) - Medium [246]

Description: Chromium: CVE-2024-4948 Use after free in Dawn. This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

MS PT Extended: CVE-2024-4948 was published before June 2024 Patch Tuesday from 2024-05-15 to 2024-06-10

60. Memory Corruption - Chromium (CVE-2024-4949) - Medium [246]

Description: Chromium: CVE-2024-4949 Use after free in V8. This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

MS PT Extended: CVE-2024-4949 was published before June 2024 Patch Tuesday from 2024-05-15 to 2024-06-10

61. Memory Corruption - Chromium (CVE-2024-5158) - Medium [246]

Description: Chromium: CVE-2024-5158 Type Confusion in V8. This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

MS PT Extended: CVE-2024-5158 was published before June 2024 Patch Tuesday from 2024-05-15 to 2024-06-10

62. Memory Corruption - Chromium (CVE-2024-5159) - Medium [246]

Description: Chromium: CVE-2024-5159 Heap buffer overflow in ANGLE. This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

MS PT Extended: CVE-2024-5159 was published before June 2024 Patch Tuesday from 2024-05-15 to 2024-06-10

63. Memory Corruption - Chromium (CVE-2024-5160) - Medium [246]

Description: Chromium: CVE-2024-5160 Heap buffer overflow in Dawn. This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

MS PT Extended: CVE-2024-5160 was published before June 2024 Patch Tuesday from 2024-05-15 to 2024-06-10

64. Memory Corruption - Chromium (CVE-2024-5493) - Medium [246]

Description: Chromium: CVE-2024-5493 Heap buffer overflow in WebRTC. This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

MS PT Extended: CVE-2024-5493 was published before June 2024 Patch Tuesday from 2024-05-15 to 2024-06-10

65. Memory Corruption - Chromium (CVE-2024-5494) - Medium [246]

Description: Chromium: CVE-2024-5494 Use after free in Dawn. This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

MS PT Extended: CVE-2024-5494 was published before June 2024 Patch Tuesday from 2024-05-15 to 2024-06-10

66. Memory Corruption - Chromium (CVE-2024-5495) - Medium [246]

Description: Chromium: CVE-2024-5495 Use after free in Dawn. This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

MS PT Extended: CVE-2024-5495 was published before June 2024 Patch Tuesday from 2024-05-15 to 2024-06-10

67. Memory Corruption - Chromium (CVE-2024-5497) - Medium [246]

Description: Chromium: CVE-2024-5497 Out of bounds memory access in Keyboard Inputs. This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

MS PT Extended: CVE-2024-5497 was published before June 2024 Patch Tuesday from 2024-05-15 to 2024-06-10

68. Memory Corruption - Chromium (CVE-2024-5498) - Medium [246]

Description: Chromium: CVE-2024-5498 Use after free in Presentation API. This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

MS PT Extended: CVE-2024-5498 was published before June 2024 Patch Tuesday from 2024-05-15 to 2024-06-10

69. Spoofing - Chromium (CVE-2024-4950) - Medium [228]

Description: Inappropriate implementation in Downloads in Google Chrome prior to 125.0.6422.60 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)

MS PT Extended: CVE-2024-4950 was published before June 2024 Patch Tuesday from 2024-05-15 to 2024-06-10

Low (0)

Exploitation in the wild detected (2)

Remote Code Execution (2)

• Chromium (CVE-2024-4947, CVE-2024-5274)

MS PT Extended: CVE-2024-4947 was published before June 2024 Patch Tuesday from 2024-05-15 to 2024-06-10

MS PT Extended: CVE-2024-5274 was published before June 2024 Patch Tuesday from 2024-05-15 to 2024-06-10

Public exploit exists, but exploitation in the wild is NOT detected (0)

Other Vulnerabilities (67)

Remote Code Execution (21)

• Windows Link Layer Topology Discovery Protocol (CVE-2024-30074, CVE-2024-30075)
• Windows Standards-Based Storage Management Service (CVE-2024-30062)
• Microsoft Office (CVE-2024-30101, CVE-2024-30102, CVE-2024-30104)

Rapid7: Microsoft Office receives patches for a pair of RCE-via-malicious-file vulnerabilities. CVE-2024-30101 is a vulnerability in Outlook; although the Preview Pane is a vector, the user must subsequently perform unspecified specific actions to trigger the vulnerability and the attacker must win a race condition. On the other hand, CVE-2024-30104 does not have the Preview Pane as a vector, but nevertheless ends up with a slightly higher CVSS base score of 7.8, since exploitation relies solely on the user opening a malicious file.

• Windows Wi-Fi Driver (CVE-2024-30078)

ZDI: CVE-2024-30078 – Windows Wi-Fi Driver Remote Code Execution Vulnerability. This vulnerability allows an unauthenticated attacker to execute code on an affected system by sending the target a specially crafted network packet. Obviously, the target would need to be in Wi-Fi range of the attacker and using a Wi-Fi adapter, but that’s the only restriction. Microsoft rates this as “exploitation less likely” but considering it hits every supported version of Windows, it will likely draw a lot of attention from attackers and red teams alike.

• Windows OLE (CVE-2024-30077)
• Windows Routing and Remote Access Service (RRAS) (CVE-2024-30094, CVE-2024-30095)
• Microsoft Message Queuing (MSMQ) (CVE-2024-30080)

Qualys: CVE-2024-30080: Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability Message Queuing (MSMQ) is a protocol developed by Microsoft to ensure reliable communication between Windows computers across different networks, even when a host is temporarily not connected (by maintaining a message queue of undelivered messages). To exploit this vulnerability, an attacker must send a malicious MSMQ packet to an MSMQ server. On successful exploitation, an attacker may perform remote code execution on the server side.

Qualys: CVE-2024-30080: Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability CVSS:3.1 9.8 / 8.5 Policy Compliance Control IDs (CIDs): 14297 Status of the open network connections and listening ports (Qualys Agent only) 14916 Status of Windows Services 4030 Status of the Windows Message Queuing Service The following QQL will return a posture assessment for the CIDs for this Patch Tuesday: control.id: [14297, 14916, 4030]

Tenable: CVE-2024-30080 | Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability

Tenable: CVE-2024-30080 is a RCE vulnerability in the Microsoft Message Queuing (MSMQ) component of Windows operating systems that was assigned a CVSSv3 score of 9.8 and rated critical. An unauthenticated, remote attacker could exploit this vulnerability by sending a specially crafted packet to a vulnerable target. Microsoft rates this vulnerability as “Exploitation More Likely” according to the Microsoft Exploitability Index.

Tenable: CVE-2024-30080 is the fourth RCE affecting MSMQ patched in 2024, with two addressed in the April Patch Tuesday (CVE-2024-26232, CVE-2024-26208) release and one in Februrary’s Patch Tuesday (CVE-2024-21363) release.

Rapid7: The sole critical RCE patched today is CVE-2024-30080 for all current versions of Windows. Exploitation requires that an attacker send a specially crafted malicious packet to an MSMQ server, which Patch Tuesday watchers will know as a perennial source of vulnerabilities. As usual, Microsoft points out that the Windows message queuing service is not enabled by default; as usual, Rapid7 notes that a number of applications – including Microsoft Exchange – quietly introduce MSMQ as part of their own installation routine. As is typical of MSMQ RCE vulnerabilities, CVE-2024-30080 receives a high CVSSv3 base score due to the network attack vector, low attack complexity, and lack of required privileges. Code execution is presumably in a SYSTEM context, although the advisory does not specify.

ZDI: CVE-2024-30080 – Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability. This update receives a CVSS rating of 9.8 and would allow remote, unauthenticated attackers to execute arbitrary code with elevated privileges of systems where MSMQ is enabled. That makes this wormable between those servers, but not to systems where MSMQ is disabled. This is similar to the “QueueJumper” vulnerability from last year, but it’s not clear how many affected systems are exposed to the internet. While it is likely a low number, now would be a good time to audit your networks to ensure TCP port 1801 is not reachable.

• Microsoft Speech Application Programming Interface (SAPI) (CVE-2024-30097)
• Microsoft Outlook (CVE-2024-30103)

ZDI: CVE-2024-30103 – Microsoft Outlook Remote Code Execution Vulnerability. This patch corrects a bug that allows attackers to bypass Outlook registry block lists and enable the creation of malicious DLL files. While not explicitly stated, attackers would likely then use the malicious DLL files to perform some form of DLL hijacking for further compromise. The good news here is that the attacker would need valid Exchange credentials to perform this attack. The bad news is that the exploit can occur in the Preview Pane. Considering how often credentials end up being sold in underground forums, I would not ignore this fix.

• Windows Distributed File System (DFS) (CVE-2024-30063)
• Microsoft Dynamics 365 Business Central (CVE-2024-35249)
• Microsoft Event Trace Log File Parsing (CVE-2024-30072)
• Microsoft SharePoint Server (CVE-2024-30100)

Rapid7: This month also brings a patch for SharePoint RCE CVE-2024-30100. The advisory is sparing on details, and the context of code exploitation is not clear. The weakness is described as CWE-426: Untrusted Search Path; many (but not all) vulnerabilities associated with CWE-426 lead to elevation of privilege.

• Chromium (CVE-2024-5157, CVE-2024-5496, CVE-2024-5499)

MS PT Extended: CVE-2024-5499 was published before June 2024 Patch Tuesday from 2024-05-15 to 2024-06-10

MS PT Extended: CVE-2024-5157 was published before June 2024 Patch Tuesday from 2024-05-15 to 2024-06-10

MS PT Extended: CVE-2024-5496 was published before June 2024 Patch Tuesday from 2024-05-15 to 2024-06-10

• Visual Studio (CVE-2024-30052)

Elevation of Privilege (26)

• Windows Win32k (CVE-2024-30082, CVE-2024-30087, CVE-2024-30091)

Qualys: Other Microsoft Vulnerability Highlights CVE-2024-30082 is an elevation of privilege vulnerability in Win32k. An attacker who successfully exploits the vulnerability may gain SYSTEM privileges. CVE-2024-35250 is an elevation of privilege vulnerability in the Windows Kernel-Mode Driver. On successful exploitation, an attacker may gain SYSTEM privileges. CVE-2024-30084 is an elevation of privilege vulnerability in the Windows Kernel-Mode Driver. To exploit the vulnerability, an attacker must win a race condition. On successful exploitation, an attacker may gain SYSTEM privileges. CVE-2024-30085 is an elevation of privilege vulnerability in the Windows Cloud Files Mini Filter Driver. An attacker who successfully exploits the vulnerability may gain SYSTEM privileges. CVE-2024-30086 is an elevation of privilege vulnerability in the Windows Win32 Kernel Subsystem. On successful exploitation, an attacker may gain SYSTEM privileges. CVE-2024-30087 is an elevation of privilege vulnerability in the Win32k. An attacker would gain the rights of the user running the affected application. CVE-2024-30089 is an elevation of privilege vulnerability in the Microsoft Streaming Service. On successful exploitation, an attacker may gain SYSTEM privileges. CVE-2024-30091 is an elevation of privilege vulnerability in Win32k. The attacker would gain the rights of the user running the affected application. CVE-2024-30088 and CVE-2024-30099 are elevation of privilege vulnerabilities in the Windows Kernel. To exploit them, an attacker must win a race condition. On successful exploitation, an attacker may gain SYSTEM privileges.

Tenable: CVE-2024-30082, CVE-2024-30087 and CVE-2024-30091 | Win32k Elevation of Privilege Vulnerability

Tenable: CVE-2024-30082, CVE-2024-30087 and CVE-2024-30091 are EoP vulnerabilities in Microsoft’s Win32k, a core kernel-side driver used in Windows. All three of these vulnerabilities were assigned a CVSSv3 score of 7.8 and rated as “Exploitation More Likely.”

• Windows Kernel (CVE-2024-30064, CVE-2024-30068, CVE-2024-30088, CVE-2024-30099)

Qualys: Other Microsoft Vulnerability Highlights CVE-2024-30082 is an elevation of privilege vulnerability in Win32k. An attacker who successfully exploits the vulnerability may gain SYSTEM privileges. CVE-2024-35250 is an elevation of privilege vulnerability in the Windows Kernel-Mode Driver. On successful exploitation, an attacker may gain SYSTEM privileges. CVE-2024-30084 is an elevation of privilege vulnerability in the Windows Kernel-Mode Driver. To exploit the vulnerability, an attacker must win a race condition. On successful exploitation, an attacker may gain SYSTEM privileges. CVE-2024-30085 is an elevation of privilege vulnerability in the Windows Cloud Files Mini Filter Driver. An attacker who successfully exploits the vulnerability may gain SYSTEM privileges. CVE-2024-30086 is an elevation of privilege vulnerability in the Windows Win32 Kernel Subsystem. On successful exploitation, an attacker may gain SYSTEM privileges. CVE-2024-30087 is an elevation of privilege vulnerability in the Win32k. An attacker would gain the rights of the user running the affected application. CVE-2024-30089 is an elevation of privilege vulnerability in the Microsoft Streaming Service. On successful exploitation, an attacker may gain SYSTEM privileges. CVE-2024-30091 is an elevation of privilege vulnerability in Win32k. The attacker would gain the rights of the user running the affected application. CVE-2024-30088 and CVE-2024-30099 are elevation of privilege vulnerabilities in the Windows Kernel. To exploit them, an attacker must win a race condition. On successful exploitation, an attacker may gain SYSTEM privileges.

Tenable: CVE-2024-30064, CVE-2024-30068, CVE-2024-30088 and CVE-2024-30099 | Windows Kernel Elevation of Privilege Vulnerability

Tenable: CVE-2024-30064, CVE-2024-30068, CVE-2024-30088, CVE-2024-30099 are EoP vulnerabilities affecting the Windows Kernel. These vulnerabilities are all rated as important, and two of the four were assigned a CVSSv3 score of 7.0 while CVE-2024-30064 and CVE-2024-30068 were assigned a CVSSv3 score of 8.8. Despite the higher CVSS scores, CVE-2024-30064 and CVE-2024-30068 were both rated as “Exploitation Less Likely,” while the other two flaws were rated as “Exploitation More Likely.” Successful exploitation of these vulnerabilities could lead to an attacker gaining elevated privileges and Microsoft’s advisories for CVE-2024-30068, CVE-2024-30088 and CVE-2024-30099 make mention that an attacker could gain SYSTEM privileges.

• Windows Cloud Files Mini Filter Driver (CVE-2024-30085)

Qualys: Other Microsoft Vulnerability Highlights CVE-2024-30082 is an elevation of privilege vulnerability in Win32k. An attacker who successfully exploits the vulnerability may gain SYSTEM privileges. CVE-2024-35250 is an elevation of privilege vulnerability in the Windows Kernel-Mode Driver. On successful exploitation, an attacker may gain SYSTEM privileges. CVE-2024-30084 is an elevation of privilege vulnerability in the Windows Kernel-Mode Driver. To exploit the vulnerability, an attacker must win a race condition. On successful exploitation, an attacker may gain SYSTEM privileges. CVE-2024-30085 is an elevation of privilege vulnerability in the Windows Cloud Files Mini Filter Driver. An attacker who successfully exploits the vulnerability may gain SYSTEM privileges. CVE-2024-30086 is an elevation of privilege vulnerability in the Windows Win32 Kernel Subsystem. On successful exploitation, an attacker may gain SYSTEM privileges. CVE-2024-30087 is an elevation of privilege vulnerability in the Win32k. An attacker would gain the rights of the user running the affected application. CVE-2024-30089 is an elevation of privilege vulnerability in the Microsoft Streaming Service. On successful exploitation, an attacker may gain SYSTEM privileges. CVE-2024-30091 is an elevation of privilege vulnerability in Win32k. The attacker would gain the rights of the user running the affected application. CVE-2024-30088 and CVE-2024-30099 are elevation of privilege vulnerabilities in the Windows Kernel. To exploit them, an attacker must win a race condition. On successful exploitation, an attacker may gain SYSTEM privileges.

Tenable: CVE-2024-30085 | Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability

Tenable: CVE-2024-30085 is an EoP vulnerability in the Microsoft Windows Cloud Files Mini Filter Driver (cldflt.sys). It was assigned a CVSSv3 score of 7.8 and is rated as important. Additionally, Microsoft rates this flaw as “Exploitation More Likely.” An attacker could exploit this vulnerability as part of post-compromise activity to elevate privileges to SYSTEM. This is the second EoP affecting Windows Cloud Files Mini Filter Driver patched in 2024. The first was CVE-2024-21310 which was patched as part of the January 2024 Patch Tuesday release.

• Azure Science Virtual Machine (DSVM) (CVE-2024-37325)
• Microsoft Azure File Sync (CVE-2024-35253)
• Windows Container Manager Service (CVE-2024-30076)
• Windows Installer (CVE-2024-29187)

Tenable: Microsoft addresses 49 CVEs in its June 2024 Patch Tuesday release with one rated as critical and no zero-day or publicly disclosed vulnerabilities. Our counts omitted two CVEs that were not issued by Microsoft, which include CVE-2023-50868 (issued by MITRE) and CVE-2024-29187 (issued by GitHub).

• Windows Kernel-Mode Driver (CVE-2024-30084, CVE-2024-35250)

Qualys: Other Microsoft Vulnerability Highlights CVE-2024-30082 is an elevation of privilege vulnerability in Win32k. An attacker who successfully exploits the vulnerability may gain SYSTEM privileges. CVE-2024-35250 is an elevation of privilege vulnerability in the Windows Kernel-Mode Driver. On successful exploitation, an attacker may gain SYSTEM privileges. CVE-2024-30084 is an elevation of privilege vulnerability in the Windows Kernel-Mode Driver. To exploit the vulnerability, an attacker must win a race condition. On successful exploitation, an attacker may gain SYSTEM privileges. CVE-2024-30085 is an elevation of privilege vulnerability in the Windows Cloud Files Mini Filter Driver. An attacker who successfully exploits the vulnerability may gain SYSTEM privileges. CVE-2024-30086 is an elevation of privilege vulnerability in the Windows Win32 Kernel Subsystem. On successful exploitation, an attacker may gain SYSTEM privileges. CVE-2024-30087 is an elevation of privilege vulnerability in the Win32k. An attacker would gain the rights of the user running the affected application. CVE-2024-30089 is an elevation of privilege vulnerability in the Microsoft Streaming Service. On successful exploitation, an attacker may gain SYSTEM privileges. CVE-2024-30091 is an elevation of privilege vulnerability in Win32k. The attacker would gain the rights of the user running the affected application. CVE-2024-30088 and CVE-2024-30099 are elevation of privilege vulnerabilities in the Windows Kernel. To exploit them, an attacker must win a race condition. On successful exploitation, an attacker may gain SYSTEM privileges.

• Windows Win32 Kernel Subsystem (CVE-2024-30086)

Qualys: Other Microsoft Vulnerability Highlights CVE-2024-30082 is an elevation of privilege vulnerability in Win32k. An attacker who successfully exploits the vulnerability may gain SYSTEM privileges. CVE-2024-35250 is an elevation of privilege vulnerability in the Windows Kernel-Mode Driver. On successful exploitation, an attacker may gain SYSTEM privileges. CVE-2024-30084 is an elevation of privilege vulnerability in the Windows Kernel-Mode Driver. To exploit the vulnerability, an attacker must win a race condition. On successful exploitation, an attacker may gain SYSTEM privileges. CVE-2024-30085 is an elevation of privilege vulnerability in the Windows Cloud Files Mini Filter Driver. An attacker who successfully exploits the vulnerability may gain SYSTEM privileges. CVE-2024-30086 is an elevation of privilege vulnerability in the Windows Win32 Kernel Subsystem. On successful exploitation, an attacker may gain SYSTEM privileges. CVE-2024-30087 is an elevation of privilege vulnerability in the Win32k. An attacker would gain the rights of the user running the affected application. CVE-2024-30089 is an elevation of privilege vulnerability in the Microsoft Streaming Service. On successful exploitation, an attacker may gain SYSTEM privileges. CVE-2024-30091 is an elevation of privilege vulnerability in Win32k. The attacker would gain the rights of the user running the affected application. CVE-2024-30088 and CVE-2024-30099 are elevation of privilege vulnerabilities in the Windows Kernel. To exploit them, an attacker must win a race condition. On successful exploitation, an attacker may gain SYSTEM privileges.

• Windows Perception Service (CVE-2024-35265)
• Windows Storage (CVE-2024-30093)
• Azure Monitor Agent (CVE-2024-30060, CVE-2024-35254)

MS PT Extended: CVE-2024-30060 was published before June 2024 Patch Tuesday from 2024-05-15 to 2024-06-10

• Microsoft Dynamics 365 Business Central (CVE-2024-35248)
• Microsoft Streaming Service (CVE-2024-30089, CVE-2024-30090)

Qualys: Other Microsoft Vulnerability Highlights CVE-2024-30082 is an elevation of privilege vulnerability in Win32k. An attacker who successfully exploits the vulnerability may gain SYSTEM privileges. CVE-2024-35250 is an elevation of privilege vulnerability in the Windows Kernel-Mode Driver. On successful exploitation, an attacker may gain SYSTEM privileges. CVE-2024-30084 is an elevation of privilege vulnerability in the Windows Kernel-Mode Driver. To exploit the vulnerability, an attacker must win a race condition. On successful exploitation, an attacker may gain SYSTEM privileges. CVE-2024-30085 is an elevation of privilege vulnerability in the Windows Cloud Files Mini Filter Driver. An attacker who successfully exploits the vulnerability may gain SYSTEM privileges. CVE-2024-30086 is an elevation of privilege vulnerability in the Windows Win32 Kernel Subsystem. On successful exploitation, an attacker may gain SYSTEM privileges. CVE-2024-30087 is an elevation of privilege vulnerability in the Win32k. An attacker would gain the rights of the user running the affected application. CVE-2024-30089 is an elevation of privilege vulnerability in the Microsoft Streaming Service. On successful exploitation, an attacker may gain SYSTEM privileges. CVE-2024-30091 is an elevation of privilege vulnerability in Win32k. The attacker would gain the rights of the user running the affected application. CVE-2024-30088 and CVE-2024-30099 are elevation of privilege vulnerabilities in the Windows Kernel. To exploit them, an attacker must win a race condition. On successful exploitation, an attacker may gain SYSTEM privileges.

Tenable: CVE-2024-30089 | Microsoft Streaming Service Elevation of Privilege Vulnerability

Tenable: CVE-2024-30089 is an EoP vulnerability in the Microsoft Streaming Service. It was assigned a CVSSv3 score of 7.8 and is rated as important. An attacker could exploit this vulnerability as part of post-compromise activity to elevate privileges to SYSTEM.

• Azure Identity Libraries and Microsoft Authentication Library (CVE-2024-35255)
• Winlogon (CVE-2024-30066, CVE-2024-30067)
• Visual Studio (CVE-2024-29060)

Information Disclosure (4)

• Microsoft Edge (CVE-2024-30056)

MS PT Extended: CVE-2024-30056 was published before June 2024 Patch Tuesday from 2024-05-15 to 2024-06-10

• Windows Cryptographic Services (CVE-2024-30096)
• Windows Remote Access Connection Manager (CVE-2024-30069)
• Microsoft Dynamics 365 (On-Premises) (CVE-2024-35263)

Denial of Service (5)

• DHCP Server Service (CVE-2024-30070)

Qualys: CVE-2024-30070: DHCP Server Service Denial of Service Vulnerability CVSS:3.1 7.5 / 6.7 Policy Compliance Control IDs (CIDs): 26238 Status of the DHCP Failover Configuration (Qualys Agent Only) The following QQL will return a posture assessment for the CIDs for this Patch Tuesday: control.id: [26238] The next Patch Tuesday falls on July 9, and we’ll be back with details and patch analysis. Until next Patch Tuesday, stay safe and secure. Be sure to subscribe to the ‘This Month in Vulnerabilities and Patch’s webinar.’

• Windows Standards-Based Storage Management Service (CVE-2024-30083)
• Windows Themes (CVE-2024-30065)
• Azure Storage Movement Client Library (CVE-2024-35252)
• DNSSEC (CVE-2023-50868)

Qualys: CVE-2023-50868: MITRE: CVE-2023-50868 NSEC3 closest encloser proof can exhaust CPU The vulnerability exists in DNSSEC validation that may allow an attacker to exploit standard DNSSEC protocols intended for DNS integrity by using excessive resources on a resolver, causing a denial of service for legitimate users. This vulnerability was disclosed in February and patched in numerous DNS implementations.

Tenable: Microsoft addresses 49 CVEs in its June 2024 Patch Tuesday release with one rated as critical and no zero-day or publicly disclosed vulnerabilities. Our counts omitted two CVEs that were not issued by Microsoft, which include CVE-2023-50868 (issued by MITRE) and CVE-2024-29187 (issued by GitHub).

Rapid7: And now for something completely different: CVE-2023-50868, which describes a denial of service vulnerability in DNSSEC. This vulnerability is present in the DNSSEC spec itself, and the CVE was assigned by MITRE on behalf of DNSSEC. Microsoft’s implementation of DNSSEC is thus subject to the same attack as other implementations. An attacker can exhaust CPU resources on a DNSSEC-validating DNS resolver by demanding responses from a DNSSEC-signed zone, if the resolver uses NSEC3 to respond to the request. NSEC3 is designed to provide a safe way for a DNSSEC-validating DNS resolver to indicate that a requested resource does not exist. Under certain circumstances, the DNS resolver must perform thousands of iterations of a hash function to calculate an NSEC3 response, and this is the foundation on which this DoS exploit rests. All current versions of Windows Server receive a patch today.

Rapid7: Typically, when Microsoft publishes a security advisory and describes the vulnerability as publicly disclosed, that public disclosure will have been recent. However, in the case of CVE-2023-50868, the flaw in DNSSEC was first publicly disclosed on 2024-02-13. The advisory acknowledges four academics from the German National Research Centre for Applied Cybersecurity (ATHENE), which is perhaps of interest since these same researchers are authors on a March 2024 academic paper that downplays the DoS potential of CVE-2023-50868. Those same researchers published another DNSSEC flaw CVE-2023-50387 (also known as KeyTrap) in January 2024, which they describe as having potentially serious implications; Microsoft patched that one at the next scheduled opportunity in February. The CVE-2023-50868 advisory published today does not provide further insight as to why this vulnerability wasn’t patched sooner; a reasonable assumption might be that Microsoft assesses CVE-2023-50868 as less urgent/critical than CVE-2023-50387, although both receive a rating of Important on Microsoft’s proprietary severity ranking scale. It’s also possible that Microsoft does not wish to be the only major server OS vendor without a patch.

Rapid7: 2024-06-12: Corrected a typo in a reference to CVE-2023-50868.

Memory Corruption (10)

• Chromium (CVE-2024-4948, CVE-2024-4949, CVE-2024-5158, CVE-2024-5159, CVE-2024-5160, CVE-2024-5493, CVE-2024-5494, CVE-2024-5495, CVE-2024-5497, CVE-2024-5498)

MS PT Extended: CVE-2024-5158 was published before June 2024 Patch Tuesday from 2024-05-15 to 2024-06-10

MS PT Extended: CVE-2024-5497 was published before June 2024 Patch Tuesday from 2024-05-15 to 2024-06-10

MS PT Extended: CVE-2024-5495 was published before June 2024 Patch Tuesday from 2024-05-15 to 2024-06-10

MS PT Extended: CVE-2024-5160 was published before June 2024 Patch Tuesday from 2024-05-15 to 2024-06-10

MS PT Extended: CVE-2024-5159 was published before June 2024 Patch Tuesday from 2024-05-15 to 2024-06-10

MS PT Extended: CVE-2024-4948 was published before June 2024 Patch Tuesday from 2024-05-15 to 2024-06-10

MS PT Extended: CVE-2024-5494 was published before June 2024 Patch Tuesday from 2024-05-15 to 2024-06-10

MS PT Extended: CVE-2024-4949 was published before June 2024 Patch Tuesday from 2024-05-15 to 2024-06-10

MS PT Extended: CVE-2024-5493 was published before June 2024 Patch Tuesday from 2024-05-15 to 2024-06-10

MS PT Extended: CVE-2024-5498 was published before June 2024 Patch Tuesday from 2024-05-15 to 2024-06-10

Spoofing (1)

• Chromium (CVE-2024-4950)

MS PT Extended: CVE-2024-4950 was published before June 2024 Patch Tuesday from 2024-05-15 to 2024-06-10