Microsoft June 2024 Patch Tuesday update Fixes 49 Security Flaws

Today Microsoft fixed at least 60 security vulnerabilities in its product portfolio. Here are Details on Microsoft's security updates in November's Patch Tuesday

Today is the second Tuesday of June 2024, and Microsoft has released its latest security updates. These updates address 49 vulnerabilities across various Microsoft products. Among them, One zero day and one are considered critical because they can allow attackers to gain higher privileges, execute remote code, or engage in spoofing activities, and the remaining 48 are classified as important.

One Critical and One Zero-Day vulnerabilities are:

Microsoft patched 49 CVEs in its June 2024 Patch Tuesday Release, including one zero-day (CVE-2023-50868), with one rated as critical and 48 rated as important.

Microsoft June 2024 Patch Tuesday update

This Patch Tuesday fixed 18 RCE flaws but only one critical vulnerability, a remote code execution vulnerability in Microsoft Message Queuing (MSMQ).

The number of bugs in each vulnerability category is listed below:

  • 25 Elevation of Privilege Vulnerabilities
  • 18 Remote Code Execution Vulnerabilities
  • 3 Information Disclosure Vulnerabilities
  • 5 Denial of Service Vulnerabilities

This month’s update includes patches for two significant vulnerabilities. The first, CVE-2023-50868, is a previously disclosed zero-day denial-of-service (DoS) vulnerability affecting the DNS protocol, with a severity rating of Important and a CVSS score of 7.5. This vulnerability could allow attackers to crash target websites or services, disrupting access for legitimate users.

The second, CVE-2024-30080, is a Critical remote code execution (RCE) vulnerability in Microsoft Message Queuing, with a CVSS score of 9.8. Exploitation requires the service to be enabled and network traffic permitted on TCP port 1801. Attackers can exploit this vulnerability without authentication, due to its low attack complexity, allowing them to execute arbitrary code on the MSMQ server. Microsoft advises users to ensure the Message Queuing service is disabled and TCP port 1801 is not open unless necessary.

Some Other Microsoft Vulnerability Highlights include:

  • CVE-2024-30082: An elevation of privilege vulnerability in Win32k, allowing attackers to gain SYSTEM privileges.
  • CVE-2024-35250: An elevation of privilege vulnerability in the Windows Kernel-Mode Driver, granting SYSTEM privileges upon successful exploitation.
  • CVE-2024-30084: An elevation of privilege vulnerability in the Windows Kernel-Mode Driver, requiring an attacker to win a race condition to gain SYSTEM privileges.
  • CVE-2024-30085: An elevation of privilege vulnerability in the Windows Cloud Files Mini Filter Driver, allowing attackers to gain SYSTEM privileges.
  • CVE-2024-30086: An elevation of privilege vulnerability in the Windows Win32 Kernel Subsystem, granting SYSTEM privileges on successful exploitation.
  • CVE-2024-30087: An elevation of privilege vulnerability in Win32k, giving the attacker the rights of the user running the affected application.
  • CVE-2024-30089: An elevation of privilege vulnerability in the Microsoft Streaming Service, enabling attackers to gain SYSTEM privileges.
  • CVE-2024-30091: Another elevation of privilege vulnerability in Win32k, also giving the attacker the rights of the user running the affected application.
  • CVE-2024-30088 and CVE-2024-30099: Elevation of privilege vulnerabilities in the Windows Kernel, both requiring the attacker to win a race condition to gain SYSTEM privileges.

Windows security updates

In addition to Microsoft security updates, this June 2024 Patch Tuesday update also brought Windows 11 and Windows 10 cumulative updates. That includes KB5039211 for Windows 10 and KB5039212 for Windows 11 version 23H2. So if you are running any of these Windows versions make sure you update them as you install the new patches.

Windows 7 and Windows 8.1 reached the End of support from Microsoft, which means the company no longer provides frequent updates or security patches for these operating systems. For more information please visit the Microsoft lifecycle page at https://learn.microsoft.com/en-us/lifecycle/end-of-support/end-of-support-2023

Windows 11 KB5039212

Windows 11’s June 2024 Update, KB5039212 advance Build 22631.3737,  addresses a known issue that might affects the taskbar.  It might briefly glitch or not respond. It might also disappear and reappear.

It fixes lsass.exe crashes that occur after the April 2024 security updates on Windows servers, addresses systems failing to resume from hibernate with BitLocker enabled, and corrects lsass.exe memory leaks during LSARPC calls. Additionally, it resolves a known installation issue causing errors and rollback to previous updates, particularly affecting Windows virtual machines on Arm-based Mac devices using Parallels Desktop.

  • This update adds a feature that stops you from accidentally closing the Windows share window. Clicking outside of the window will no longer close it. To close it, select the close button at the upper-right corner.
  • You can now use your mouse to drag files between breadcrumbs in the File Explorer address bar. A breadcrumb shows the path to your current file location in the address bar. For example, there are three breadcrumbs in the path This PC > Windows (C:) > Program Files.
  • This update adds a page to Settings > Accounts called Linked devices. On it, you can manage your PCs and Xbox consoles. This page only shows on Home and Pro editions when you sign in to Windows using your Microsoft account (MSA).
  • This update starts the rollout of the new account manager on the Start menu. When you use a Microsoft account to sign in to Windows, you will get a glance at your account benefits. This feature also makes it easy to manage your account settings.
  • You can now create quick response (QR) codes for webpage URLs and cloud files from the Windows share window. Select the share button in the Microsoft Edge toolbar and choose “Windows share options.” Then, you can share the URLs and files across your devices.
  • Windows will now back up many of your sound settings (this includes your sound scheme). This only occurs if you turn on Remember my preferences and select the checkboxes for Personalization and Other Windows settings.To find these, go to Settings > Accounts > Windows backup. Then, you can use the Windows Backup app to restore those settings on a new device.
  • Starting with this update, you can sign in to your Microsoft account in the Windows Backup app. This app saves backups to your account.
  • You can now send email to yourself from the Windows share window. You will receive the email at the email address that is in your Microsoft account.
  • This update starts the rollout of a the “Add now” button to Settings > Account. When you select it, you can add a recovery email address if you have not added one for your Microsoft account yet. The button only shows if you sign in to your Microsoft account.
  • This update addresses an issue that affects File Explorer. It stops responding when you swipe from a screen edge. This issue occurs after you turn off edge swiping.
  • This update addresses an issue that affects handwriting panels and touch keyboards. They do not appear when you use a pen.
  • This update addresses an issue that displays a hidden window. Its title bar has no content and no client area. This occurs when you share your screen using certain apps.
  • This update addresses an issue that distorts parts of the screen. This occurs when you use a Chromium-based browser to play a video.
  • This update addresses an issue that affects File Explorer. It takes up to two minutes to start when you pin a folder that is on a network share to Quick Access. This occurs when you upgrade from Windows 11, version 21H2 to Windows 11, version 22H2.
  • This update addresses an issue that affects Bluetooth Low Energy (LE) Audio headsets. They do not show the option to connect or disconnect.
  • This update addresses a known issue that affects your account profile picture. When you try to change it, youmight get an error message. The error code is 0x80070520.
  • This update addresses an issue that affects the Share button on USB controllers. It might not work with Game Bar.

You can read the complete changelog Microsoft support blog here.

Windows 10 KB5039211

The KB5039211 cumulative update for Windows 10 22H2 brings significant changes and additions. Upon installation, Windows 10 22H2 is updated to build 19045.4529.

  • This update adds a new Snipping Tool feature. The feature is available when you link your Android mobile device to your PC. When you take a photo or screenshot on your Android device, a dialog on your PC prompts you to open Snipping Tool. To turn on this experience, go to Settings > Mobile devices. Choose to allow your PC to access your mobile devices and select Manage devices. Your PC will get a Cross Device Experience Host update in Microsoft Store. You need this for the feature to work. Finally, use the Add device option to link your Android phone.

    Note This feature might not be available to all users because it will roll out gradually.

  • This update addresses an issue that displays a hidden window. Its title bar has no content and no client area. This occurs when you share your screen using certain apps.
  • This update addresses an issue that affects the Share button on USB controllers. It might not work with Game Bar.
  • This update addresses an issue that affects a Microsoft Entra ID account. Devices cannot authenticate a second one. This occurs after you install the Windows update, dated November 13, 2023.
  • This update addresses an issue that affects a server after you remove it from a domain. The Get-LocalGroupMember cmdlet returns an exception. This occurs if the local groups contain domain members.
  • This update addresses an issue that affects a Windows Presentation Foundation (WPF) app. It stops responding.
  • This update addresses an issue that affects an IPP-over-USB printer. After you delete it, it still appears as not available in Control Panel.
  • This update addresses an issue that affects TWAIN drivers. They might stop responding when you use them in a virtual environment.
  • This update brings Country and Operator Settings Asset (COSA) profiles up to date for certain mobile operators.
  • This update addresses an issue that affects Unified Write Filter (UWF) Windows Management Instrumentation (WMI) API calls. Calls to shut down or restart the system throw an access denied exception.

You can read the complete changelog Microsoft support blog here.

Download the Windows 10 Cumulative update

All these Security updates Automatically download and get installed on your device via Windows update. If your device has not received it yet open Settings, Update & Security and Check for updates. Once done restart your Device to apply the updates.

Install windows 11 update

The above link directly opens the Microsoft Update Catalog which is the library of Windows Update offline installers. You need to click on the ‘Download’ button next to the version of the OS installed on your machine and run the .msu files to begin the installation of the update.

If you are Looking for Windows 10 22H2 Update ISO image click here Or check How to Upgrade to Windows 10 version 22H2 Using the media creation tool.

If you face any difficulty while installing these updates, Check the Windows 10 Update troubleshooting guide to fix the Windows 10 Cumulative update stuck downloading, failed to install with different errors, etc.

What time do Patch Tuesday patches come out?

  • Microsoft schedules the release of security updates on “Patch Tuesday,” the second Tuesday of each month at 10:00 AM PST.

Is Patch Tuesday weekly or monthly?

  • Patch Tuesday falls on the second Tuesday of each month. The upcoming Patch Tuesday is on June 11, 2024.

Why did the second Tuesday of every month call Patch Tuesday?

  • The second Tuesday of the month is referred to as “Patch Tuesday” because Microsoft attempts to combine the largest updates into this maintenance window.

What is the latest update for Windows 11 June 2024?

  • The latest KB5039212 for Windows 11 version 23H2/22H2 and KB5039211 for Windows 10 version 22H2.

What is the zero-day patch?

  • The term “Zero-Day” is used when security teams are unaware of their software vulnerability, and they’ve had “0” days to work on a security patch or an update to fix the issue.
Source Microsoft windows 10 update history Microsoft windows 11 update history

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Accept Read More