June 2024 Patch Tuesday
This month is a much milder Patch Tuesday compared to the zero-day lineup from last month.
Looking at CISA’s KEV Catalog from the end of May up to Patch Tuesday, there was another Chrome zero-day (CVE-2024-5274) on May 28; Justice AV Solutions (CVE-2024-4978) on May 29; a Linux Kernel Use-After-Free vulnerability (CVE-2024-1086) on May 30; an Information Disclosure vulnerability in Check Point Quantum Security Gateways (CVE-2024-24919) on May 30; and most recent, but also an interesting blast from the past, a command injection vulnerability in Oracle WebLogic Server OS (CVE-2017-3506) added June 3. The good news is other than a publicly disclosed vulnerability in DNSSEC validation (CVE-2023-50868) there are no new zero-day vulnerabilities for June Patch Tuesday.
Microsoft Patch Tuesday Update
Microsoft resolved 51 CVEs in its June Patch Tuesday update. Microsoft Windows, Office 365, Visual Studio, Edge and Azure updates have been released. There is only one critical CVE this month on the Microsoft side (CVE-2024-30080) which could allow an attacker to execute code remotely over the network with no credential required and with low complexity. This CVE puts the Windows OS as your most urgent update to deploy on the Microsoft side this month.
Third-Party Updates
Mozilla and Adobe have released updates. Mozilla resolved 16 CVEs across Firefox and Firefox ESR updates. Adobe resolved 167 CVEs across 10 updates this month, with Adobe Experience Manager contributing 144 to the overall count. All the Adobe updates were rated as Priority 3, so nothing urgent, but remediating these will definitely pad your stats this month for total number of CVEs resolved. Google Chrome recently updated on June 7, which is included in this month’s Edge browser update, but expect another Chrome update this week.
Update Priorities for June Patch Tuesday
- Windows OS update is the most urgent. Between the Critical CVE (CVE-2024-30080) and the publicly disclosed CVE (CVE-2023-50868), the most significant risks can be resolved with the OS update.
- Browsers, as always, are good to keep up to date often and aggressively. It is recommended to get into a weekly update cadence for browser updates, as you can expect two to three Firefox updates and around four Chrome and Edge updates each month that will resolve security vulnerabilities.