Microsoft’s June 2024 Patch Tuesday Addresses Critical Windows Flaws

Microsoft has released its latest Patch Tuesday updates for June 2024, addressing a total of 68 security vulnerabilities across its product suite, including fixes for two actively exploited zero-day vulnerabilities. This cumulative update, KB5039212/KB5039213, is available for Windows 11, and includes important enhancements and security improvements.

Update details

The KB5039213 update (OS Build 22000.3019) includes several notable security and functionality improvements summarized as follows:

• Server Message Block (SMB) over QUIC: This update enables client certificate authentication for SMB over QUIC, allowing administrators to restrict access to SMB over QUIC servers based on client certificates.
• curl.exe Update: The version of curl.exe included in Windows has been updated to 8.7.1, addressing various security and functionality issues.
• Memory Leak in lsass.exe: The update fixes a memory leak in lsass.exe, which occurred during a Local Security Authority (Domain Policy) Remote Protocol (LSARPC) call.
• Remote Desktop Session Issues: It resolves an issue causing stop error RDR_FILE_SYSTEM (0x27) during remote desktop sessions, which resulted in all users being signed out from the machine.
• BitLocker and Hibernate: This update fixes an issue preventing systems from resuming from hibernate when BitLocker is enabled.

Zero-Day vulnerabilities

The update addresses two critical zero-day vulnerabilities that were actively exploited in the wild:

Windows MSHTML Platform Security Feature Bypass (CVE-2024-30040):

This vulnerability allows attackers to bypass OLE mitigations in Microsoft 365 and Microsoft Office. Exploitation requires user interaction, typically involving the manipulation of a specially crafted file sent via email or instant messaging. Successfully exploiting this flaw enables arbitrary code execution within the user's context.

Windows DWM Core Library Elevation of Privilege (CVE-2024-30051):

This heap-based buffer overflow vulnerability in the Desktop Window Manager (DWM) allows attackers to gain SYSTEM privileges. Exploitation of this vulnerability is straightforward due to its low attack complexity and does not require user interaction.

The update also addresses various issues affecting core system components, such as Storage Spaces Direct (S2D) and Remote Direct Memory Access (RDMA), enhancing the reliability of these features.

Applying the update

Users are strongly encouraged to apply the KB5039212/KB5039213 update immediately to protect against potential exploits of the highlighted vulnerabilities. Microsoft has combined the latest servicing stack update (SSU) with the latest cumulative update (LCU) to streamline the update process.

• The ‘Patch Tuesday' update will be downloaded and installed automatically via Windows Update.
• For those preferring manual updates, the update can be downloaded from the Microsoft Update Catalog.
• Administrators can deploy the update through WSUS for enterprise environments.

After installing this update, some users might encounter issues when attempting to change their user account profile picture. Microsoft is aware of this issue and is working on a resolution, which is expected to be included in a future update.