Microsoft Monthly Security Update (June 2024)
[Updated on 2024-10-17]
Updated Risk, Description, Source and Related Links.
CVE-2024-30088 is being exploited in the wild. This is a Windows Kernel Time-of-check Time-of-use (TOCTOU) Race Condition Vulnerability. Attacker can take advantage of the vulnerability to perform elevation of privilege.
[Updated on 2024-12-17]
Updated Description and Related Links.
CVE-2024-35250 is being exploited in the wild. Microsoft Windows Kernel-Mode Driver contains an untrusted pointer dereference vulnerability that allows a local attacker to escalate privileges.
Microsoft has released monthly security update for their products:
Vulnerable Product | Risk Level | Impacts | Notes |
Windows | Remote Code Execution Denial of Service Elevation of Privilege Information Disclosure | CVE-2024-30088 is being exploited in the wild. This is a Windows Kernel Time-of-check Time-of-use (TOCTOU) Race Condition Vulnerability. Attacker can take advantage of the vulnerability to perform elevation of privilege.
CVE-2024-35250 is being exploited in the wild. Microsoft Windows Kernel-Mode Driver contains an untrusted pointer dereference vulnerability that allows a local attacker to escalate privileges. | |
Microsoft Office | Remote Code Execution | ||
Microsoft Dynamics | Remote Code Execution Elevation of Privilege Information Disclosure | ||
Extended Security Updates (ESU) | Remote Code Execution Denial of Service Elevation of Privilege | ||
Developer Tools | Remote Code Execution Elevation of Privilege | ||
Azure | Denial of Service Elevation of Privilege |
Number of ‘Extremely High Risk’ product(s): 0
Number of ‘High Risk’ product(s): 1
Number of ‘Medium Risk’ product(s): 5
Number of ‘Low Risk’ product(s): 0
Evaluation of overall ‘Risk Level’: High Risk
RISK: High Risk
TYPE: Operating Systems – Windows OS
Impact
- Remote Code Execution
- Denial of Service
- Elevation of Privilege
- Information Disclosure
System / Technologies affected
- Windows
- Microsoft Office
- Microsoft Dynamics
- Extended Security Updates (ESU)
- Developer Tools
- Azure
Solutions
Before installation of the software, please visit the vendor web-site for more details.
- Apply fixes issued by the vendor.
Vulnerability Identifier
Source
Related Link
A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.
If you like the site, please support us on “Patreon” or “Buy Me A Coffee” using the buttons below
To keep up to date follow us on the below channels.