Microsoft Monthly Security Update (June 2024)
RISK: High Risk
TYPE: Operating Systems - Windows OS
[Updated on 2024-10-17]
Updated Risk, Description, Source and Related Links.
CVE-2024-30088 is being exploited in the wild. This is a Windows Kernel Time-of-check Time-of-use (TOCTOU) Race Condition Vulnerability. Attacker can take advantage of the vulnerability to perform elevation of privilege.
[Updated on 2024-12-17]
Updated Description and Related Links.
CVE-2024-35250 is being exploited in the wild. Microsoft Windows Kernel-Mode Driver contains an untrusted pointer dereference vulnerability that allows a local attacker to escalate privileges.
Microsoft has released monthly security update for their products:
Vulnerable Product | Risk Level | Impacts | Notes |
Windows | High Risk | Remote Code Execution Denial of Service Elevation of Privilege Information Disclosure | CVE-2024-30088 is being exploited in the wild. This is a Windows Kernel Time-of-check Time-of-use (TOCTOU) Race Condition Vulnerability. Attacker can take advantage of the vulnerability to perform elevation of privilege.
CVE-2024-35250 is being exploited in the wild. Microsoft Windows Kernel-Mode Driver contains an untrusted pointer dereference vulnerability that allows a local attacker to escalate privileges. |
Microsoft Office | Medium Risk | Remote Code Execution | |
Microsoft Dynamics | Medium Risk | Remote Code Execution Elevation of Privilege Information Disclosure | |
Extended Security Updates (ESU) | Medium Risk | Remote Code Execution Denial of Service Elevation of Privilege | |
Developer Tools | Medium Risk | Remote Code Execution Elevation of Privilege | |
Azure | Medium Risk | Denial of Service Elevation of Privilege |
Number of 'Extremely High Risk' product(s): 0
Number of 'High Risk' product(s): 1
Number of 'Medium Risk' product(s): 5
Number of 'Low Risk' product(s): 0
Evaluation of overall 'Risk Level': High Risk
Impact
- Remote Code Execution
- Denial of Service
- Elevation of Privilege
- Information Disclosure
System / Technologies affected
- Windows
- Microsoft Office
- Microsoft Dynamics
- Extended Security Updates (ESU)
- Developer Tools
- Azure
Solutions
Before installation of the software, please visit the vendor web-site for more details.
- Apply fixes issued by the vendor.
Vulnerability Identifier
Source
Related Link
Related Tags
Share with