Microsoft Patch Tuesday update - May 2024

Today part of the June 2024 patch Tuesday, Microsoft released a bunch of security updates for its products and services, to resolve various vulnerabilities and bugs. June 2024 Patch Tuesday update, addressed 49 security vulnerabilities including one actively exploited or publicly disclosed zero days and one critical vulnerability. It also addresses a series of other bugs related to performance and usability. These updates are important and install as soon as possible to protect your device from potential attacks and exploits. Let’s look at the highlights of the Microsoft Patch Tuesday update in June 2024 for Windows 11 and Windows 10.

What is Patch Tuesday Update?

Microsoft Patch Tuesday Update, the colloquial term for Microsoft’s Update Tuesday falls on the second Tuesday of every month, and brings security updates to fix vulnerabilities or recent bugs.

A vulnerability is a weakness or flaw in a software or hardware component that an attacker could exploit to gain unauthorized access, execute malicious code, or cause damage or disruption. A bug is an error or defect in a software or hardware component that could cause it to malfunction or behave unexpectedly. A security update is a software patch that fixes or mitigates one or more vulnerabilities or bugs.

A security update can have different ratings depending on the severity and impact of the vulnerability or bug it addresses. Microsoft uses four ratings: critical, important, moderate, and low.

  • The critical update fixes a vulnerability that could allow an attacker to take complete control of a system without user interaction.
  • An Important update fixes a vulnerability that could compromise data or functionality but require user interaction or specific conditions.
  • Moderate update fixes a vulnerability that is unlikely to be exploited, but could still have some impact.
  • A Low update fixes a vulnerability that is very unlikely to be exploited and has minimal impact.

Microsoft Patch Tuesday update June 2024

The June 2024 Patch Tuesday includes 49 security updates, including one critical Microsoft  Message Queuing (MSMQ) Remote Code Execution Vulnerability (As it allows privilege elevation, spoofing, or remote code execution) 48 are rated Important in severity. The critical updates affect Windows, Internet Explorer, Edge, Office, SharePoint, Exchange, and Azure DevOps Server.

As per the release notes, the June 2024 Microsoft Patch Tuesday Update fixed 25 Elevation of Privilege security issues, 18 Remote Code Execution bugs, 3 Information Disclosure vulnerabilities, and 5 Denial of Service Vulnerabilities.

Also, Microsoft discloses one zero-day vulnerability patched in part of today’s Patch Tuesday updates.

CVE-2023-50868: MITRE: CVE-2023-50868 NSEC3 closest encloser proof can exhaust CPU

Microsoft’s June 2024 Patch Tuesday, which includes security updates for a total of 49 flaws.

One Critical Severity Vulnerability Patched

CVE-2024-30080: Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability

“To exploit this vulnerability, an attacker would need to send a specially crafted malicious MSMQ packet to a MSMQ server,” Microsoft said. “This could result in remote code execution on the server side.”

Other Microsoft Vulnerability Highlights

  • CVE-2024-30082 is an elevation of privilege vulnerability in Win32k. An attacker who successfully exploits the vulnerability may gain SYSTEM privileges.
  • CVE-2024-35250 is an elevation of privilege vulnerability in the Windows Kernel-Mode Driver. On successful exploitation, an attacker may gain SYSTEM privileges.
  • CVE-2024-30084 is an elevation of privilege vulnerability in the Windows Kernel-Mode Driver. To exploit the vulnerability, an attacker must win a race condition. On successful exploitation, an attacker may gain SYSTEM privileges.
  • CVE-2024-30085 is an elevation of privilege vulnerability in the Windows Cloud Files Mini Filter Driver. An attacker who successfully exploits the vulnerability may gain SYSTEM privileges.
  • CVE-2024-30086 is an elevation of privilege vulnerability in the Windows Win32 Kernel Subsystem. On successful exploitation, an attacker may gain SYSTEM privileges.
  • CVE-2024-30087 is an elevation of privilege vulnerability in the Win32k. An attacker would gain the rights of the user running the affected application.
  • CVE-2024-30089 is an elevation of privilege vulnerability in the Microsoft Streaming Service. On successful exploitation, an attacker may gain SYSTEM privileges.
  • CVE-2024-30091 is an elevation of privilege vulnerability in Win32k. The attacker would gain the rights of the user running the affected application.
  • CVE-2024-30088 and CVE-2024-30099 are elevation of privilege vulnerabilities in the Windows Kernel. To exploit them, an attacker must win a race condition. On successful exploitation, an attacker may gain SYSTEM privileges.

Update for Windows client versions

June 2024 (Patch Tuesday) Windows security updates are the following:

  • KB5039212 (OS Build 22631.3737/22621.3737) for the latest Windows 11 version 23H2/22H2
  • KB5039213 (OS Build 22000.3019) for the latest Windows 11 version 21H2
  • KB5039211 (OS Builds 19045.4529) for the latest Windows 10 version 22H2/21H2
  • KB5039217 (OS Build 17763.5936) for the latest Windows 10 version 1809

All these updates only include minor patches and security fixes, rather than any new features.

Note: Windows 11 was released with several new features and improvements as a free upgrade for eligible Windows 10 devices. Here is how to upgrade to Windows 11 for free.

Windows 11 KB5039212 and Windows 10 KB5039211 address security issues for your Windows operating system.

Download the Microsoft Security Update

To download and install the updates, users can use Windows Update, Microsoft Update Catalog, or other tools such as Windows Server Update Services (WSUS) or System Center Configuration Manager (SCCM). Users should also check for updates from other vendors that June be affected by the same vulnerabilities or use components from Microsoft.

Usually, security updates are automatically downloaded and installed via Windows update. Or you can force Windows update from settings, Windows update, and check for updates to download and install the latest patch updates immediately.

Windows 11 KB5039212

Microsoft has published download links for Windows update offline installers if you prefer manual installation over Windows Update.

Windows 10 KB5039217 (for version 1809) Offline Download links

If you are Looking for Windows 10 version 22H2 ISO image, click here.

Or Check How to Upgrade to Windows 10 version 23H2 Using the media creation tool.

If you face any difficulty while installing these updates, Check the Windows 10 Update troubleshooting guide to fix the Windows 10 update KB5039211 stuck downloading, failed to install with different errors, etc.

FAQ on Patch Tuesday update

What is Patch Tuesday?

  • Patch Tuesday is the colloquial term for Microsoft’s Update Tuesday which falls on the second Tuesday of every month.

When is Patch Tuesday?

  • Patch Tuesday falls on the second Tuesday of each month. The upcoming Patch Tuesday is on 9 july 2024.

What is patching and why is it important?

  • Patches are nothing but pieces of software code that are written to fix a bug in a software application that might lead to a vulnerability.

What kind of patch updates are released during Patch Tuesday?

  • Predominantly security patch updates of varying severity like Critical, Important, Moderate and low are labelled and released.

What are CVE IDs?

  • CVE ID – Common Vulnerabilities and Exposure ID is a format in which each vulnerability is disclosed and catalogued in the National Vulnerability Database (NVD).

Also Read

Steve Ballmer
With over 7 years of experience in the IT industry, I have experience in IT support, helpdesk, sysadmin, network admin, and cloud computing. Certified in Microsoft Technologies (MCTS and MCSA) and also Cisco Certified Professional in Routing and Switching.