Virtual Administrator’s June Patch Recommendations

Patch Recommendations

This month Microsoft released patches for 51 vulnerabilities with 1 rated “Critical” in severity.

All new patches will be approved in our patch policy.

A sleepy June patch cycle bringing 51 CVEs and few problems so far.

CVE-2024-30080 is a flaw in the Microsoft Message Queuing (MSMQ) service and is the only Critical patch this month. This is a Remote Code Execution (RCE) vulnerability. MSMQ is not a default service on Windows.

CVE-2023-50868 a publicly known Denial-of-Service  (DoS)  vulnerability in DNSSEC validation which exploits standard DNSSEC protocols intended for DNS integrity and causing CPU exhaustion on a DNSSEC-validating resolver.

CVE-2024-30078 is a Remote Code Execution (RCE) vulnerability in the Windows WiFi Driver. Microsoft released Out-of-band KB5039705 on May 23rd to address failing Server 2019 CUs that did not have the English (United States) language pack – see “New Known Issues” below.

Disclosed: CVE-2023-50868

Exploited: None

Known Issues Fixed

May 23, 2024—KB5039705 Out-of-band

Windows Server 2019 CU KB5037765 may fail with error code 0x800f0982

This update addresses a known issue that is related to the English (United States) language pack. If your device does not have it, installing KB5037765 might fail. The error code is 0x800f0982. But this issue might affect devices that do have that language pack. In that case, the error code is 0x80004005.

Security Update Guide

Microsoft Security Advisories – None

New Known Issues

No new known issues reported by Microsoft.

Microsoft continues to list unresolved older problems under the Known Issues for new patches. So if you have not yet experienced one of these issues it is unlikely it will occur now.

Good resource for known issues with Windows 10/11 patches. Find the version and click on “Known issues”.

Windows release health

Monthly Rollup/Security Only/Windows 10,11/Server 2016,2019,2022 KBs

Links are with the KB number only.

Security and Quality Rollup

  • KB5039294 – Windows Server 2012 R2 (ESU)
  • KB5039260 – Windows Server 2012 (ESU)

Cumulative Updates

Windows 10

  • KB5039225 – Original release version 1507 (OS Build 10240)
  • KB5039214 – Version 1607 “Anniversary Update” (OS Build 14393)
  • KB5039217 – Version 1809 “October 2018 Update” (OS Build 17763)
  • KB5039211 – Version 21H2 “November 2021 Update” (OS Build 19044)
  • KB5039211 – Version 22H2 “November 2022 Update” (OS Build 19045)

(Versions 1511,1703,1709,1803,1903,1909,2004,20H2,21H1 are no longer under support)

Windows 11

  • KB5039213 – 21H2 (OS Build 22000) Original release
  • KB5039212 – 22H2 (OS Build 22621)
  • KB5039212 – 23H2 (OS Build 22631)

Windows Server

  • KB5039214 – Server 2016 (same KB as Windows 10 Version 1607)
  • KB5039217 – Server 2019 (same KB as Windows 10 Version 1809)
  • KB5039227 – Server 2022 (OS Build 20348)
  • KB5039236 – Server 23H2 (OS Build 25398)

June 2024 updates for Microsoft Office

Notable CVEs

CVE-2024-30078 | Windows Wi-Fi Driver Remote Code Execution Vulnerability (Cumulative Update/Monthly Rollup)

Exploiting this vulnerability requires an attacker to be within proximity of the target system to send and receive radio transmissions. An unauthenticated attacker could send a malicious networking packet to an adjacent system that is employing a Wi-Fi networking adapter, which could enable remote code execution.

CVE-2024-30080 | Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability (Cumulative Update/Monthly Rollup)

To exploit this vulnerability, an attacker would need to send a specially crafted malicious MSMQ packet to a MSMQ server. This could result in remote code execution on the server side.

CVE-2024-30103 | Microsoft Outlook Remote Code Execution Vulnerability (KB5002600/Click to Run)

The Preview Pane is an attack vector. The attacker must be authenticated using valid Exchange user credentials. An attacker who successfully exploited this vulnerability could bypass Outlook registry block lists and enable the creation of malicious DLL files.

CVE-2023-50868 | MITRE: CVE-2023-50868 NSEC3 closest encloser proof can exhaust CPU (Cumulative Update/Monthly Rollup)

CVE-2023-50868 is regarding a vulnerability in DNSSEC validation where an attacker could exploit standard DNSSEC protocols intended for DNS integrity by using excessive resources on a resolver, causing a denial of service for legitimate users. MITRE created this CVE on their behalf.