June 2024 Security Updates
This release consists of the following 49 Microsoft CVEs:
Tag CVE Base Score CVSS Vector Exploitability FAQs? Workarounds? Mitigations?

Visual Studio CVE-2024-29060
Visual Studio CVE-2024-30052
Windows Server Service CVE-2024-30062
Windows Distributed File System (DFS) CVE-2024-30063
Windows Kernel CVE-2024-30064
Windows Themes CVE-2024-30065
Winlogon CVE-2024-30066
Winlogon CVE-2024-30067
Windows Kernel CVE-2024-30068
Windows Remote Access Connection Manager CVE-2024-30069
Windows DHCP Server CVE-2024-30070
Windows Event Logging Service CVE-2024-30072
Windows Link Layer Topology Discovery Protocol CVE-2024-30074
Windows Link Layer Topology Discovery Protocol CVE-2024-30075
Windows Container Manager Service CVE-2024-30076
Microsoft WDAC OLE DB provider for SQL CVE-2024-30077
Windows Wi-Fi Driver CVE-2024-30078
Windows Server Service CVE-2024-30080
Windows Win32K - GRFX CVE-2024-30082
Windows Standards-Based Storage Management Service CVE-2024-30083
Windows Kernel-Mode Drivers CVE-2024-30084
Windows Cloud Files Mini Filter Driver CVE-2024-30085
Windows Win32 Kernel Subsystem CVE-2024-30086
Windows Win32K - GRFX CVE-2024-30087
Windows NT OS Kernel CVE-2024-30088
Microsoft Streaming Service CVE-2024-30089
Microsoft Streaming Service CVE-2024-30090
Windows Win32K - GRFX CVE-2024-30091
Windows Storage CVE-2024-30093
Windows Routing and Remote Access Service (RRAS) CVE-2024-30094
Windows Routing and Remote Access Service (RRAS) CVE-2024-30095
Windows Cryptographic Services CVE-2024-30096
Microsoft Windows Speech CVE-2024-30097
Windows NT OS Kernel CVE-2024-30099
Microsoft Office SharePoint CVE-2024-30100
Microsoft Office CVE-2024-30101
Microsoft Office Word CVE-2024-30102
Microsoft Office Outlook CVE-2024-30103
Microsoft Office CVE-2024-30104
Dynamics Business Central CVE-2024-35248
Dynamics Business Central CVE-2024-35249
Windows Kernel-Mode Drivers CVE-2024-35250
Azure Storage Library CVE-2024-35252
Azure File Sync CVE-2024-35253
Azure Monitor CVE-2024-35254
Azure SDK CVE-2024-35255
Microsoft Dynamics CVE-2024-35263
Windows Perception Service CVE-2024-35265
Azure Data Science Virtual Machines CVE-2024-37325

We are republishing 9 non-Microsoft CVEs:
CNA Tag CVE FAQs? Workarounds? Mitigations?
MITRE Corporation Microsoft Windows CVE-2023-50868
GitHub Visual Studio CVE-2024-29187
Chrome Microsoft Edge (Chromium-based) CVE-2024-5493
Chrome Microsoft Edge (Chromium-based) CVE-2024-5494
Chrome Microsoft Edge (Chromium-based) CVE-2024-5495
Chrome Microsoft Edge (Chromium-based) CVE-2024-5496
Chrome Microsoft Edge (Chromium-based) CVE-2024-5497
Chrome Microsoft Edge (Chromium-based) CVE-2024-5498
Chrome Microsoft Edge (Chromium-based) CVE-2024-5499

Security Update Guide Blog Posts
Date Blog Post
April 9, 2024 Toward greater transparency: Security Update Guide now shares CWEs for CVEs
January 11, 2022 Coming Soon: New Security Update Guide Notification System
February 9, 2021 Continuing to Listen: Good News about the Security Update Guide API
January 13, 2021 Security Update Guide Supports CVEs Assigned by Industry Partners
December 8, 2020 Security Update Guide: Let’s keep the conversation going
November 9, 2020 Vulnerability Descriptions in the New Version of the Security Update Guide

Relevant Resources

The new Hotpatching feature is now generally available. Please see Hotpatching feature for Windows Server Azure Edition virtual machines (VMs) for more information.
Windows 10 updates and Windows 11 are cumulative. The monthly security release includes all security fixes for vulnerabilities that affect Windows 10 and Windows 11, in addition to non-security updates. The updates are available via the Microsoft Update Catalog. For information on lifecycle and support dates for Windows 10 and Windows 11 operating systems, please see Windows Lifecycle Facts Sheet.
Microsoft is improving Windows Release Notes. For more information, please see What's next for Windows release notes.
A list of the latest servicing stack updates for each operating system can be found in ADV990001. This list will be updated whenever a new servicing stack update is released. It is important to install the latest servicing stack update.
In addition to security changes for the vulnerabilities, updates include defense-in-depth updates to help improve security-related features.
Customers running Windows Server 2008 R2, or Windows Server 2008 need to purchase the Extended Security Update to continue receiving security updates. See 4522133 for more information.

Known Issues
You can see these in more detail from the Deployments tab by selecting Known Issues column in the Edit Columns panel.

For more information about Windows Known Issues, please see Windows message center (links to currently-supported versions of Windows are in the left pane).

KB Article Applies To
5039211 Windows 10, version 21H2, Windows 10, version 22H2
5039213 Windows 11, version 21H2
5039227 Windows Server 2022
5039245 Windows Server 2008 (Monthly Rollup)
5039266 Windows Server 2008 (Security-only update)
Released: Jun 11, 2024
https://msrc.microsoft.com/update-guide/releaseNote/2024-Jun

Page 1 / 1

CVEs have been published or revised in the Security Update Guide
June 13, 2024

These common vulnerabilities and exposures (CVEs) were recently published or revised in the Microsoft Security Update Guide:

CVE-2024-30057

· Title: Microsoft Edge for iOS Spoofing Vulnerability

· Version: 1.0

· Reason for revision: Information published.

· Originally released: June 13, 2024

· Last updated: June 13, 2024

· Aggregate CVE Severity Rating: Low

CVE-2024-30058

· Title: Microsoft Edge (Chromium-based) Spoofing Vulnerability

· Version: 1.0

· Reason for revision: Information published.

· Originally released: June 13, 2024

· Last updated: June 13, 2024

· Aggregate CVE Severity Rating: Low

CVE-2024-35255

· Title: Azure Identity Libraries and Microsoft Authentication Library Elevation of Privilege Vulnerability

· Version: 2.0

· Reason for revision: In the Security Updates table, removed Microsoft Authentication Library (MSAL) for Python as it is not affected by CVE-2024-35255.

· Originally released: June 11, 2024

· Last updated: June 11, 2024

· Aggregate CVE Severity Rating: Important

CVE-2024-38083

· Title: Microsoft Edge (Chromium-based) Spoofing Vulnerability

· Version: 1.0

· Reason for revision: Information published.

· Originally released: June 13, 2024

· Last updated: June 13, 2024

· Aggregate CVE Severity Rating: Moderate

CVE-2024-5830

· Title: Chromium: CVE-2024-5830 Type Confusion in V8

· Version: 1.0

· Reason for revision: Information published.

· Originally released: June 13, 2024

· Last updated: June 13, 2024

· Aggregate CVE Severity Rating:

CVE-2024-5831

· Title: Chromium: CVE-2024-5831 Use after free in Dawn

· Version: 1.0

· Reason for revision: Information published.

· Originally released: June 13, 2024

· Last updated: June 13, 2024

· Aggregate CVE Severity Rating:

CVE-2024-5832

· Title: Chromium: CVE-2024-5832 Use after free in Dawn

· Version: 1.0

· Reason for revision: Information published.

· Originally released: June 13, 2024

· Last updated: June 13, 2024

· Aggregate CVE Severity Rating:

CVE-2024-5833

· Title: Chromium: CVE-2024-5833 Type Confusion in V8

· Version: 1.0

· Reason for revision: Information published.

· Originally released: June 13, 2024

· Last updated: June 13, 2024

· Aggregate CVE Severity Rating:

CVE-2024-5834

· Title: Chromium: CVE-2024-5834 Inappropriate implementation in Dawn

· Version: 1.0

· Reason for revision: Information published.

· Originally released: June 13, 2024

· Last updated: June 13, 2024

· Aggregate CVE Severity Rating:

CVE-2024-5835

· Title: Chromium: CVE-2024-5835 Heap buffer overflow in Tab Groups

· Version: 1.0

· Reason for revision: Information published.

· Originally released: June 13, 2024

· Last updated: June 13, 2024

· Aggregate CVE Severity Rating:

CVE-2024-5836

· Title: Chromium: CVE-2024-5836 Inappropriate Implementation in DevTools

· Version: 1.0

· Reason for revision: Information published.

· Originally released: June 13, 2024

· Last updated: June 13, 2024

· Aggregate CVE Severity Rating:

CVE-2024-5837

· Title: Chromium: CVE-2024-5837 Type Confusion in V8

· Version: 1.0

· Reason for revision: Information published.

· Originally released: June 13, 2024

· Last updated: June 13, 2024

· Aggregate CVE Severity Rating:

CVE-2024-5838

· Title: Chromium: CVE-2024-5838 Type Confusion in V8

· Version: 1.0

· Reason for revision: Information published.

· Originally released: June 13, 2024

· Last updated: June 13, 2024

· Aggregate CVE Severity Rating:

CVE-2024-5839

· Title: Chromium: CVE-2024-5839 Inappropriate Implementation in Memory Allocator

· Version: 1.0

· Reason for revision: Information published.

· Originally released: June 13, 2024

· Last updated: June 13, 2024

· Aggregate CVE Severity Rating:

CVE-2024-5840

· Title: Chromium: CVE-2024-5840 Policy Bypass in CORS

· Version: 1.0

· Reason for revision: Information published.

· Originally released: June 13, 2024

· Last updated: June 13, 2024

· Aggregate CVE Severity Rating:

CVE-2024-5841

· Title: Chromium: CVE-2024-5841 Use after free in V8

· Version: 1.0

· Reason for revision: Information published.

· Originally released: June 13, 2024

· Last updated: June 13, 2024

· Aggregate CVE Severity Rating:

CVE-2024-5842

· Title: Chromium: CVE-2024-5842 Use after free in Browser UI

· Version: 1.0

· Reason for revision: Information published.

· Originally released: June 13, 2024

· Last updated: June 13, 2024

· Aggregate CVE Severity Rating:

CVE-2024-5843

· Title: Chromium: CVE-2024-5843 Inappropriate implementation in Downloads

· Version: 1.0

· Reason for revision: Information published.

· Originally released: June 13, 2024

· Last updated: June 13, 2024

· Aggregate CVE Severity Rating:

CVE-2024-5844

· Title: Chromium: CVE-2024-5844 Heap buffer overflow in Tab Strip

· Version: 1.0

· Reason for revision: Information published.

· Originally released: June 13, 2024

· Last updated: June 13, 2024

· Aggregate CVE Severity Rating:

CVE-2024-5845

· Title: Chromium: CVE-2024-5845 Use after free in Audio

· Version: 1.0

· Reason for revision: Information published.

· Originally released: June 13, 2024

· Last updated: June 13, 2024

· Aggregate CVE Severity Rating:

CVE-2024-5846

· Title: Chromium: CVE-2024-5846 Use after free in PDFium

· Version: 1.0

· Reason for revision: Information published.

· Originally released: June 13, 2024

· Last updated: June 13, 2024

· Aggregate CVE Severity Rating:

CVE-2024-5847

· Title: Chromium: CVE-2024-5847 Use after free in PDFium

· Version: 1.0

· Reason for revision: Information published.

· Originally released: June 13, 2024

· Last updated: June 13, 2024

· Aggregate CVE Severity Rating:

CVEs have been published or revised in the Security Update Guide
June 14, 2024

These common vulnerabilities and exposures (CVEs) were recently published or revised in the Microsoft Security Update Guide:

CVE-2024-30080

· Title: Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability

· Version: 1.1

· Reason for revision: Corrected information in the FAQ and Mitigation sections as follows: To exploit the vulnerability, an attacker must send a series of specially crafted MSMQ packets in a rapid sequence over HTTP to a MSMQ server. To determine if your system is susceptible, check to see if the MSMQ HTTP-Support feature is enabled and if there is a service running named Message Queuing on the machine. These are informational changes only.

· Originally released: June 11, 2024

· Last updated: June 13, 2024

Aggregate CVE Severity Rating: Critical