最后更新于2024年6月14日星期五14:15:18 GMT
这是 June 2024 Patch Tuesday. 微软今天正在解决51个漏洞, 而且有证据表明其中只有一项是公开披露的. At time of writing, none of the vulnerabilities published today are listed on 中钢协KEV,尽管这总是会发生变化. Microsoft is patching a single critical remote code execution (RCE) vulnerability today. 本月分别发布了7个浏览器漏洞, 和 are not included in the total.
MSMQ: critical RCE
The sole critical RCE patched today is CVE-2024-30080 for all current versions of Windows. Exploitation requires that an attacker send a specially crafted malicious packet to an MSMQ server, which Patch Tuesday watchers will know as a perennial source of vulnerabilities. As usual, Microsoft points out that the Windows message queuing service is not enabled by default; as usual, Rapid7 笔记 that a number of applications – including Microsoft Exchange – quietly introduce MSMQ as part of their own installation routine. 这是典型的MSMQ RCE漏洞, CVE-2024-30080 receives a high CVSSv3 base score due to the network attack vector, low attack complexity, 和 lack of required privileges. Code execution is presumably in a SYSTEM context, although the advisory does not specify.
Office: malicious file RCEs
Microsoft Office receives patches for a pair of RCE-via-malicious-file vulnerabilities. CVE-2024-30101 is a vulnerability in Outlook; although the Preview Pane is a vector, the user must subsequently perform unspecified specific actions to trigger the vulnerability 和 the attacker must win a race condition. On the other h和, CVE-2024-30104 没有预览窗格作为矢量, 但最终与稍高的CVSS基础得分7.8,因为利用完全依赖于用户打开一个恶意文件.
SharePoint: RCE
这个月还发布了SharePoint RCE的补丁 CVE-2024-30100. The advisory is sparing on details, 和 the context of code exploitation is not clear. The weakness is described as CWE-426: Untrusted 搜索 Path; many (but not all) vulnerabilities associated with CWE-426 lead to elevation of privilege.
DNSSEC NSEC3: CPU exhaustion DoS
现在是完全不同的东西: CVE-2023-50868,描述了DNSSEC中的拒绝服务漏洞. 此漏洞存在于DNSSEC规范本身中, CVE由MITRE代表DNSSEC指定. Microsoft’s implementation of DNSSEC is thus subject to the same attack as other implementations. An attacker can exhaust CPU resources on a DNSSEC-validating DNS resolver by dem和ing responses from a DNSSEC-signed zone, 如果解析器使用NSEC3来响应请求. NSEC3 is designed to provide a safe way for a DNSSEC-validating DNS resolver to indicate that a requested resource does not exist. Under certain circumstances, the DNS resolver must perform thous和s of iterations of a hash function to calculate an NSEC3 response, 这就是DoS漏洞的基础. 所有当前版本的Windows Server今天都会收到补丁.
Typically, when Microsoft publishes a security advisory 和 describes the vulnerability as publicly disclosed, 公开披露将是最近的事. 然而, in the case of CVE-2023-50868, DNSSEC的漏洞是在2024-02-13首次公开披露的. The advisory acknowledges four academics from the German National Research Centre for Applied Cybersecurity (ATHENE), which is perhaps of interest since these same researchers are authors on a March 2024 academic paper that downplays the DoS potential of CVE-2023-50868. 这些研究人员公布了另一个DNSSEC漏洞 CVE-2023-50387 (也被称为KeyTrap)在2024年1月, which they describe as having potentially serious implications; Microsoft patched that one at the next scheduled opportunity in February. The CVE-2023-50868 advisory published today does not provide further insight as to why this vulnerability wasn’t patched sooner; a reasonable assumption might be that Microsoft assesses CVE-2023-50868 as less urgent/critical than CVE-2023-50387, although both receive a rating of Important on Microsoft’s proprietary severity ranking scale. 这是 also possible that Microsoft does not wish to be the only major server OS vendor without a patch.
Lifecycle update
There are no significant changes to the lifecycle phase of Microsoft products this month. 今年7月,微软SQL Server 2014将会发布 move past the end of extended support. From August onwards, Microsoft only guarantees to provide SQL Server 2014 security updates to customers who choose to participate in the paid Extended Security 更新 program.
Summary Charts
Summary Tables
Azure vulnerabilities
| CVE | Title | Exploited? | Publicly disclosed? | CVSSv3 base score |
|---|---|---|---|---|
| CVE-2024-37325 | Azure Science Virtual Machine (DSVM) Elevation of Privilege Vulnerability | No | No | 8.1 |
| CVE-2024-35252 | Azure存储移动客户端库拒绝服务漏洞 | No | No | 7.5 |
| CVE-2024-35254 | Azure监视器代理权限提升漏洞 | No | No | 7.1 |
| CVE-2024-35255 | Azure Identity Libraries 和 Microsoft Authentication Library Elevation of Privilege Vulnerability | No | No | 5.5 |
| CVE-2024-35253 | Microsoft Azure文件同步特权提升漏洞 | No | No | 4.4 |
Browser vulnerabilities
| CVE | Title | Exploited? | Publicly disclosed? | CVSSv3 base score |
|---|---|---|---|---|
| CVE-2024-5499 | Chromium: CVE-2024-5499越界写入流API | No | No | N/A |
| CVE-2024-5498 | Chromium: CVE-2024-5498在演示API中免费使用 | No | No | N/A |
| CVE-2024-5497 | Chromium: CVE-2024-5497键盘输入中内存访问越界 | No | No | N/A |
| CVE-2024-5496 | Chromium: CVE-2024-5496在媒体会话免费后使用 | No | No | N/A |
| CVE-2024-5495 | Chromium: CVE-2024-5495黎明免费后使用 | No | No | N/A |
| CVE-2024-5494 | Chromium: CVE-2024-5494黎明免费后使用 | No | No | N/A |
| CVE-2024-5493 | 修复:CVE-2024-5493在webbrtc堆缓冲区溢出 | No | No | N/A |
Developer Tools vulnerabilities
| CVE | Title | Exploited? | Publicly disclosed? | CVSSv3 base score |
|---|---|---|---|---|
| CVE-2024-29187 | GitHub: CVE-2024-29187 WiX Burn-based bundles are vulnerable to binary hijack when run as SYSTEM | No | No | 7.3 |
| CVE-2024-29060 | Visual Studio特权提升漏洞 | No | No | 6.7 |
| CVE-2024-30052 | Visual Studio远程代码执行漏洞 | No | No | 4.7 |
ESU vulnerabilities
| CVE | Title | Exploited? | Publicly disclosed? | CVSSv3 base score |
|---|---|---|---|---|
| CVE-2024-30074 | Windows Link Layer Topology Discovery Protocol Remote Code Execution Vulnerability | No | No | 8 |
| CVE-2024-30075 | Windows Link Layer Topology Discovery Protocol Remote Code Execution Vulnerability | No | No | 8 |
Microsoft Dynamics vulnerabilities
| CVE | Title | Exploited? | Publicly disclosed? | CVSSv3 base score |
|---|---|---|---|---|
| CVE-2024-35249 | Microsoft Dynamics 365 Business Central Remote Code Execution Vulnerability | No | No | 8.8 |
| CVE-2024-35248 | Microsoft Dynamics 365 Business Central Elevation of Privilege Vulnerability | No | No | 7.3 |
| CVE-2024-35263 | Microsoft Dynamics 365(本地)信息泄露漏洞 | No | No | 5.7 |
Microsoft Office vulnerabilities
| CVE | Title | Exploited? | Publicly disclosed? | CVSSv3 base score |
|---|---|---|---|---|
| CVE-2024-30103 | Microsoft Outlook远程代码执行漏洞 | No | No | 8.8 |
| CVE-2024-30100 | Microsoft SharePoint服务器远程代码执行漏洞 | No | No | 7.8 |
| CVE-2024-30104 | Microsoft Office远程代码执行漏洞 | No | No | 7.8 |
| CVE-2024-30101 | Microsoft Office远程代码执行漏洞 | No | No | 7.5 |
| CVE-2024-30102 | Microsoft Office远程代码执行漏洞 | No | No | 7.3 |
Windows vulnerabilities
| CVE | Title | Exploited? | Publicly disclosed? | CVSSv3 base score |
|---|---|---|---|---|
| CVE-2024-30064 | Windows内核特权提升漏洞 | No | No | 8.8 |
| CVE-2024-30068 | Windows内核特权提升漏洞 | No | No | 8.8 |
| CVE-2024-30097 | Microsoft Speech Application Programming Interface (SAPI) Remote Code Execution Vulnerability | No | No | 8.8 |
| CVE-2024-30085 | Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability | No | No | 7.8 |
| CVE-2024-30089 | 微软流媒体服务特权提升漏洞 | No | No | 7.8 |
| CVE-2024-30072 | Microsoft Event Trace Log File Parsing Remote Code Execution Vulnerability | No | No | 7.8 |
| CVE-2024-35265 | Windows感知服务特权提升漏洞 | No | No | 7 |
| CVE-2024-30088 | Windows内核特权提升漏洞 | No | No | 7 |
| CVE-2024-30099 | Windows内核特权提升漏洞 | No | No | 7 |
| CVE-2024-30076 | Windows Container 经理服务特权提升漏洞 | No | No | 6.8 |
| CVE-2024-30096 | Windows Cryptographic 服务信息泄露漏洞 | No | No | 5.5 |
| CVE-2024-30069 | Windows Remote Access Connection 经理 Information Disclosure Vulnerability | No | No | 4.7 |
Windows ESU vulnerabilities
| CVE | Title | Exploited? | Publicly disclosed? | CVSSv3 base score |
|---|---|---|---|---|
| CVE-2024-30080 | 微软消息队列(MSMQ)远程代码执行漏洞 | No | No | 9.8 |
| CVE-2024-30078 | Windows Wi-Fi驱动程序远程代码执行漏洞 | No | No | 8.8 |
| CVE-2024-30077 | Windows OLE远程代码执行漏洞 | No | No | 8 |
| CVE-2024-30086 | Windows Win32内核子系统特权提升漏洞 | No | No | 7.8 |
| CVE-2024-30062 | Windows St和ards-Based Storage Management Service Remote Code Execution Vulnerability | No | No | 7.8 |
| CVE-2024-30094 | Windows Routing 和 Remote Access Service (RRAS) Remote Code Execution Vulnerability | No | No | 7.8 |
| CVE-2024-30095 | Windows Routing 和 Remote Access Service (RRAS) Remote Code Execution Vulnerability | No | No | 7.8 |
| CVE-2024-35250 | Windows内核模式驱动程序特权提升漏洞 | No | No | 7.8 |
| CVE-2024-30082 | Win32k特权提升漏洞 | No | No | 7.8 |
| CVE-2024-30087 | Win32k特权提升漏洞 | No | No | 7.8 |
| CVE-2024-30091 | Win32k特权提升漏洞 | No | No | 7.8 |
| CVE-2024-30083 | Windows St和ards-Based Storage Management Service Denial of Service Vulnerability | No | No | 7.5 |
| CVE-2023-50868 | MITRE: CVE-2023-50868 NSEC3最近外壳证明可以耗尽CPU | No | 是的 | 7.5 |
| CVE-2024-30070 | DHCP服务器拒绝服务漏洞 | No | No | 7.5 |
| CVE-2024-30093 | Windows存储特权提升漏洞 | No | No | 7.3 |
| CVE-2024-30084 | Windows内核模式驱动程序特权提升漏洞 | No | No | 7 |
| CVE-2024-30090 | 微软流媒体服务特权提升漏洞 | No | No | 7 |
| CVE-2024-30063 | Windows Distributed File System (DFS) Remote Code Execution Vulnerability | No | No | 6.7 |
| CVE-2024-30066 | Winlogon特权提升漏洞 | No | No | 5.5 |
| CVE-2024-30067 | Winlogon特权提升漏洞 | No | No | 5.5 |
| CVE-2024-30065 | Windows主题拒绝服务漏洞 | No | No | 5.5 |
更新
- 2024-06-12修正了参考CVE-2023-50868时的一个错别字.
NEVER MISS AN EMERGING THREAT
Be the first to learn about the latest vulnerabilities 和 cybersecurity news.
Subscribe Now