Skip to main content

Microsoft Monthly Security Update (June 2024)

Last Update Date: 17 Dec 2024 Release Date: 12 Jun 2024 5807 Views

RISK: High Risk

TYPE: Operating Systems - Windows OS

TYPE: Windows OS

[Updated on 2024-10-17]

Updated Risk, Description, Source and Related Links.

CVE-2024-30088 is being exploited in the wild. This  is a Windows Kernel Time-of-check Time-of-use (TOCTOU) Race Condition Vulnerability. Attacker can take advantage of the vulnerability to perform elevation of privilege. 

 

[Updated on 2024-12-17]

Updated Description and Related Links.

CVE-2024-35250 is being exploited in the wild. Microsoft Windows Kernel-Mode Driver contains an untrusted pointer dereference vulnerability that allows a local attacker to escalate privileges.

 

Microsoft has released monthly security update for their products:

 

Vulnerable ProductRisk LevelImpactsNotes
WindowsHigh Risk High Risk

Remote Code Execution

Denial of Service

Elevation of Privilege

Information Disclosure

CVE-2024-30088 is being exploited in the wild. This  is a Windows Kernel Time-of-check Time-of-use (TOCTOU) Race Condition Vulnerability. Attacker can take advantage of the vulnerability to perform elevation of privilege. 

 

CVE-2024-35250 is being exploited in the wild. Microsoft Windows Kernel-Mode Driver contains an untrusted pointer dereference vulnerability that allows a local attacker to escalate privileges.

Microsoft OfficeMedium Risk Medium RiskRemote Code Execution 
Microsoft DynamicsMedium Risk Medium Risk

Remote Code Execution

Elevation of Privilege

Information Disclosure

 
Extended Security Updates (ESU)Medium Risk Medium Risk

Remote Code Execution

Denial of Service

Elevation of Privilege

 
Developer ToolsMedium Risk Medium Risk

Remote Code Execution

Elevation of Privilege

 
AzureMedium Risk Medium Risk

Denial of Service

Elevation of Privilege

 

 

Number of 'Extremely High Risk' product(s): 0

Number of 'High Risk' product(s): 1

Number of 'Medium Risk' product(s): 5

Number of 'Low Risk' product(s): 0

Evaluation of overall 'Risk Level': High Risk


Impact

  • Remote Code Execution
  • Denial of Service
  • Elevation of Privilege
  • Information Disclosure

System / Technologies affected

  • Windows
  • Microsoft Office
  • Microsoft Dynamics
  • Extended Security Updates (ESU)
  • Developer Tools
  • Azure

Solutions

Before installation of the software, please visit the vendor web-site for more details.

  •  Apply fixes issued by the vendor.

Vulnerability Identifier


Source


Related Link