Patchday June 2024: Microsoft delivers bug fixes again
Contents
As on every second Tuesday of the month, Microsoft has once again delivered a few bug fixes and patches for Windows and all programs and applications under the Microsoft banner on Patchday June 2024. The June 2024 Patchday update is manageable.
49 patches and bug fixes in the June 2024 patchday
Microsoft already had a relatively quiet month last month with 60 patches. The June 2024 patch day is even lower with 49 patches. This could be a positive sign in terms of security in Microsoft's applications and programs. In theory, fewer patches mean fewer security vulnerabilities. However, it is of course also possible that Microsoft has not yet identified dangerous security vulnerabilities or has not yet found solutions for known bugs.
Of the 49 bugs in the June 2024 patchday, only one is considered publicly known and only one is classified as a critical security threat - almost all other bugs are considered important but not critical. According to Microsoft, none of the fixed bugs were used by hackers. Nevertheless, you should of course install the updates as soon as possible. By the time the patches are released at the latest, all bugs will be known and open the door to attacks on computers that have not yet installed the latest update.
One critical and one known bugfix in the June 2024 patchday
The critical bug that Microsoft has fixed in the latest update concerns Microsoft Message Queuing (MSMQ). With a score of 9.8 in the Common Vulnerability Scoring System (CVSS), the bug is almost at the top of the scale. The CVSS classifies the danger of bugs. The scale goes up to 10, meaning that the critical bug is right at the top of the scale.
The bug allows unauthenticated hackers to enter the MSMQ system and leave malicious code behind. This code then spreads via the servers and can reach any computer that is in the system and has MSMQ activated.
A bug with a threat level of 8.8 affects Microsoft Outlook. Attackers can use the bug to bypass the blocklist in Outlook. They can then create dangerous DLL files there. These dynamic link libraries contain paths to malicious files and websites.
A less dangerous bug that should nevertheless be mentioned concerns the Wi-Fi drivers in Windows. Hackers can send network packets to their victims via a Wi-Fi adapter. However, the victim must use a Wi-Fi adapter and be nearby for the packet to be injected. The risk is therefore rather low, but users of a Wi-Fi adapter should install the bugfix.
The publicly known bug affects MITRE and can overload the CPU. This bug is also history with the current update.
Use Microsoft applications securely with skill it
We have a number of seminars that will show you how to use Microsoft programs and applications safely.
The course Microsoft Security, Compliance, and Identity Fundamentals course teaches you the basics of using Microsoft applications securely.
If you want to delve deeper into Microsoft applications and create your own security measures, you can attend our four-day course to become a Microsoft Cybersecurity Architect course. This course prepares you for the exam to become a certified cybersecurity architect.
