Security Advisory

MS Family June 2024 Routine Security Update Advisory

  • Jun 12 2024

Overview

 

Microsoft(https://www.microsoft.com) has released a security update that fixes vulnerabilities in products it has supplied. Users of affected products are advised to update to the latest version.

 

Affected Products

 

Azure Family

Azure Data Science Virtual Machines for Linux

Azure File Sync v16.0

Azure File Sync v17.0

Azure File Sync v18.0

Azure Identity Library for .NET

Azure Identity Library for C++

Azure Identity Library for Go

Azure Identity Library for Java

Azure Identity Library for JavaScript

Azure Identity Library for Python

Azure Monitor Agent

Azure Storage Movement Client Library for .NET

Microsoft Authentication Library (MSAL) for .NET

Microsoft Authentication Library (MSAL) for Java

Microsoft Authentication Library (MSAL) for Node.js

 

Developer Tools suite

Microsoft Visual Studio 2017 version 15.9 (includes 15.0 – 15.8)

Microsoft Visual Studio 2019 version 16.11 (includes 16.0 – 16.10)

Microsoft Visual Studio 2022 version 17.10

Microsoft Visual Studio 2022 version 17.4

Microsoft Visual Studio 2022 version 17.6

Microsoft Visual Studio 2022 version 17.8

 

ESU Family

Windows Server 2008 R2 for x64-based Systems Service Pack 1

Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)

Windows Server 2008 for 32-bit Systems Service Pack 2

Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)

Windows Server 2008 for x64-based Systems Service Pack 2

Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)

Windows Server 2012

Windows Server 2012 (Server Core installation)

Windows Server 2012 R2

Windows Server 2012 R2 (Server Core installation)

 

Microsoft Dynamics Suite

Microsoft Dynamics 365 (on-premises) version 9.1

Microsoft Dynamics 365 Business Central 2023 Release Wave 1

Microsoft Dynamics 365 Business Central 2023 Release Wave 2

Microsoft Dynamics 365 Business Central 2024 Release Wave 1

 

Microsoft Office Suite

Microsoft 365 Apps for Enterprise for 32-bit Systems

Microsoft 365 Apps for Enterprise for 64-bit Systems

Microsoft Office 2016 (32-bit edition)

Microsoft Office 2016 (64-bit edition)

Microsoft Office 2019 for 32-bit editions

Microsoft Office 2019 for 64-bit editions

Microsoft Office LTSC 2021 for 32-bit editions

Microsoft Office LTSC 2021 for 64-bit editions

Microsoft Outlook 2016 (32-bit edition)

Microsoft Outlook 2016 (64-bit edition)

Microsoft SharePoint Enterprise Server 2016

Microsoft SharePoint Server 2019

Microsoft SharePoint Server Subscription Edition

 

Windows Family

Windows 10 Version 1607 for 32-bit Systems

Windows 10 Version 1607 for x64-based Systems

Windows 10 Version 1809 for 32-bit Systems

Windows 10 Version 1809 for ARM64-based Systems

Windows 10 Version 1809 for x64-based Systems

Windows 10 Version 21H2 for 32-bit Systems

Windows 10 Version 21H2 for ARM64-based Systems

Windows 10 Version 21H2 for x64-based Systems

Windows 10 Version 22H2 for 32-bit Systems

Windows 10 Version 22H2 for ARM64-based Systems

Windows 10 Version 22H2 for x64-based Systems

Windows 10 for 32-bit Systems

Windows 10 for x64-based Systems

Windows 11 Version 22H2 for ARM64-based Systems

Windows 11 Version 22H2 for x64-based Systems

Windows 11 Version 23H2 for ARM64-based Systems

Windows 11 Version 23H2 for x64-based Systems

Windows 11 version 21H2 for ARM64-based Systems

Windows 11 version 21H2 for x64-based Systems

Windows Server 2016

Windows Server 2016 (Server Core installation)

Windows Server 2019

Windows Server 2019 (Server Core installation)

Windows Server 2022

Windows Server 2022 (Server Core installation)

Windows Server 2022, 23H2 Edition (Server Core installation)

 

Resolved Vulnerabilities

 

1 critical vulnerability and 50 important vulnerabilities were found.

 

Azure Family

Critical elevation of privilege vulnerability in Azure Data Science Virtual Machines (CVE-2024-37325)

Critical elevation of privilege vulnerability in Azure File Sync (CVE-2024-35253)

Critical elevation of privilege vulnerability in Azure Monitor (CVE-2024-35254)

Critical elevation of privilege vulnerability in Azure SDK (CVE-2024-35255)

Critical denial of service vulnerability in Azure Storage Library (CVE-2024-35252)

 

Developer Tools suite

Critical elevation of privilege vulnerability in Visual Studio (CVE-2024-29187, CVE-2024-29060)

Critical remote code execution vulnerability in Visual Studio (CVE-2024-30052)

 

ESU Family

Critical remote code execution vulnerabilities in Windows Link Layer Topology Discovery Protocol (CVE-2024-30074, CVE-2024-30075)

 

Microsoft Dynamics Suite

Critical elevation of privilege vulnerability in Dynamics Business Central (CVE-2024-35248)

Critical remote code execution vulnerability in Dynamics Business Central (CVE-2024-35249)

Critical information disclosure vulnerability in Microsoft Dynamics (CVE-2024-35263)

 

Microsoft Office Suite

Critical remote code execution vulnerability in Microsoft Office Outlook (CVE-2024-30103)

Critical remote code execution vulnerability in Microsoft Office SharePoint (CVE-2024-30100)

Critical remote code execution vulnerability in Microsoft Office Word (CVE-2024-30102)

Critical remote code execution vulnerability in Microsoft Office (CVE-2024-30101, CVE-2024-30104)

 

Windows Family

Critical elevation of privilege vulnerabilities in Microsoft Streaming Service (CVE-2024-30089, CVE-2024-30090)

Critical remote code execution vulnerability in Microsoft WDAC OLE DB provider for SQL (CVE-2024-30077)

Critical remote code execution vulnerability in Microsoft Windows Speech (CVE-2024-30097)

Critical-grade denial-of-service vulnerability in Microsoft Windows (CVE-2023-50868)

Critical elevation of privilege vulnerability in Windows Cloud Files Mini Filter Driver (CVE-2024-30085)

Critical elevation of privilege vulnerability in Windows Container Manager Service (CVE-2024-30076)

Critical information disclosure vulnerability in Windows Cryptographic Services (CVE-2024-30096)

Critical Denial of Service Vulnerability in Windows DHCP Server (CVE-2024-30070)

Critical remote code execution vulnerability in Windows Distributed File System (DFS) (CVE-2024-30063)

Critical remote code execution vulnerability in Windows Event Logging Service (CVE-2024-30072)

Critical elevation of privilege vulnerabilities in Windows Kernel-Mode Drivers (CVE-2024-35250, CVE-2024-30084)

Critical elevation of privilege vulnerabilities in the Windows Kernel (CVE-2024-30064, CVE-2024-30068)

Critical elevation of privilege vulnerabilities in the Windows NT OS Kernel (CVE-2024-30088, CVE-2024-30099)

Critical elevation of privilege vulnerability in Windows Perception Service (CVE-2024-35265)

Critical information disclosure vulnerability in Windows Remote Access Connection Manager (CVE-2024-30069)

Critical remote code execution vulnerabilities in Windows Routing and Remote Access Service (RRAS) (CVE-2024-30094, CVE-2024-30095)

Critical remote code execution vulnerability in Windows Server Services (CVE-2024-30080)

Critical-grade remote code execution vulnerability in Windows Server Service (CVE-2024-30062)

Critical-grade denial-of-service vulnerability in Windows Standards-Based Storage Management Service (CVE-2024-30083)

Critical elevation of privilege vulnerability in Windows Storage (CVE-2024-30093)

Critical denial of service vulnerability in Windows Themes (CVE-2024-30065)

Critical remote code execution vulnerability in Windows Wi-Fi Driver (CVE-2024-30078)

Critical elevation of privilege vulnerability in Windows Win32 Kernel Subsystem (CVE-2024-30086)

Critical elevation of privilege vulnerabilities in Windows Win32K – GRFX (CVE-2024-30082, CVE-2024-30087, CVE-2024-30091)

Critical elevation of privilege vulnerabilities in Winlogon (CVE-2024-30066, CVE-2024-30067)

 

Vulnerability Patches

 

The following product-specific vulnerability patches were made available in the June 11, 2024 Update. Please use the Windows Update feature to install automatically or refer to the URLs in the product information below to download and install.

Azure Data Science Virtual Machines for Linux version

https://msrc.microsoft.com/update-guide/

Azure File Sync v16.0 version

Azure File Sync v17.0 version

https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5039814

Azure File Sync v18.0 version

https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023058

Azure Identity Library for .NET version

Azure Identity Library for C++ version

Azure Identity Library for Go version

Azure Identity Library for Java version

Azure Identity Library for JavaScript editions

Azure Identity Library for Python editions

Azure Monitor Agent version

Azure Storage Movement Client Library for .NET versions

https://msrc.microsoft.com/update-guide/

Microsoft 365 Apps for Enterprise version

https://msrc.microsoft.com/update-guide/

Microsoft Authentication Library (MSAL) for .NET version

Microsoft Authentication Library (MSAL) for Java version

Microsoft Authentication Library (MSAL) for Node.js version

https://msrc.microsoft.com/update-guide/

Microsoft Dynamics 365 (on-premises) version 9.1 version

https://www.microsoft.com/downloads/details.aspx?familyid=9b7950ad-00d1-41d4-9f9b-c516b0ad42dd

Microsoft Dynamics 365 Business Central 2023 Release Wave 1 version

https://www.microsoft.com/en-us/download/details.aspx?id=106031

Microsoft Dynamics 365 Business Central 2023 Release Wave 2 version

https://www.microsoft.com/en-us/download/details.aspx?id=106032

Microsoft Dynamics 365 Business Central 2024 Release Wave 1 version

https://www.microsoft.com/en-us/download/details.aspx?id=106062

Microsoft Office 2016 editions

https://www.microsoft.com/downloads/details.aspx?familyid=3094b75b-0f54-4ea7-895b-17e044ac71d5

https://www.microsoft.com/downloads/details.aspx?familyid=8f70d01d-35a2-4691-8783-7f28c9426625

Microsoft Office 2019 versions

Microsoft Office LTSC 2021 editions

https://msrc.microsoft.com/update-guide/

Microsoft Outlook 2016 version

https://www.microsoft.com/downloads/details.aspx?familyid=450b0e96-a9e8-44fe-b3a4-53e224f5ce39

Microsoft SharePoint Enterprise Server 2016 version

https://www.microsoft.com/downloads/details.aspx?familyid=1a7faa43-e3b2-4f30-86cd-c7b37ce18114

Microsoft SharePoint Server 2019 version

https://www.microsoft.com/downloads/details.aspx?familyid=b660c04c-957b-4ae9-b220-8cf403cf54b4

Microsoft SharePoint Server Subscription Edition version

https://www.microsoft.com/downloads/details.aspx?familyid=2bc807be-19c7-4962-b4ee-ac10524d99eb

Microsoft Visual Studio 2017 version 15.9 (includes 15.0 – 15.8) version

Microsoft Visual Studio 2019 version 16.11 (includes 16.0 – 16.10) version

Microsoft Visual Studio 2022 version 17.10

Microsoft Visual Studio 2022 version 17.4

Microsoft Visual Studio 2022 version 17.6

Microsoft Visual Studio 2022 version 17.8

https://msrc.microsoft.com/update-guide/

Windows 10 version

https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5039225

Windows 10 Version 1607 Version

https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5039214

Windows 10 Version 1809

https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5039217

Windows 10 Version 21H2

Windows 10 Version 22H2

https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5039211

Windows 11 Version 22H2

Windows 11 Version 23H2

https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5039212

Windows 11 Version 21H2

https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5039213

Windows Server 2008 R2 with Service Pack 1 version

https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5039289

https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5039274

Windows Server 2008 Service Pack 2 editions

https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5039245

https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5039266

Windows Server 2012 editions

https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5039260

Windows Server 2012 R2 editions

https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5039294

Windows Server 2016 editions

https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5039214

Windows Server 2019 editions

https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5039217

Windows Server 2022 editions

https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5039227

https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5039330

Windows Server 2022, 23H2 Edition version

https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5039236

Tags:

Previous Post

Next Post