Last updated at Fri, 14 Jun 2024 14:15:18 GMT
这是 2024年6月补丁星期二. Microsoft is addressing 51 vulnerabilities today, 和 has evidence of public disclosure for just a single one of those. At time of writing, none of the vulnerabilities published today are listed on 中钢协KEV, although this is always subject to change. Microsoft is patching a single critical remote code execution (RCE) vulnerability today. Seven browser vulnerabilities were published separately this month, 和不包括在总数中.
MSMQ:临界RCE
今天唯一修复的关键RCE是 cve - 2024 - 30080 适用于所有当前版本的Windows. Exploitation requires that an attacker send a specially crafted malicious packet to an MSMQ server, which 星期二补丁 watchers will know as a perennial source of vulnerabilities. 像往常一样, Microsoft points out that the Windows message queuing service is not enabled by default; as usual, Rapid7 笔记 that a number of applications – including Microsoft Exchange – quietly introduce MSMQ as part of their own installation routine. As is typical of MSMQ RCE vulnerabilities, cve - 2024 - 30080 receives a high CVSSv3基本分数 due to the network attack vector, 低攻击复杂度, 以及缺乏必要的特权. Code execution is presumably in a SYSTEM context, although the advisory does not specify.
Office:恶意文件rce
Microsoft Office receives patches for a pair of RCE-via-malicious-file vulnerabilities. cve - 2024 - 30101 is a vulnerability in Outlook; although the Preview Pane is a vector, the user must subsequently perform unspecified specific actions to trigger the vulnerability 和 the attacker must win a race condition. 另一方面, cve - 2024 - 30104 does not have the Preview Pane as a vector, but nevertheless ends up with a slightly higher CVSS base score of 7.8, since exploitation relies solely on the user opening a malicious file.
SharePoint:远端控制设备
This month also brings a patch for SharePoint RCE cve - 2024 - 30100. The advisory is sparing on details, 和 the context of code exploitation is not clear. The weakness is described as CWE-426: Untrusted 搜索 Path; many (but not all) vulnerabilities associated with CWE-426 lead to elevation of privilege.
DNSSEC NSEC3: CPU耗尽DoS
And now for something completely different: cve - 2023 - 50868, which describes a denial of service vulnerability in DNSSEC. This vulnerability is present in the DNSSEC spec itself, 和 the CVE was assigned by MITRE on behalf of DNSSEC. Microsoft’s implementation of DNSSEC is thus subject to the same attack as other implementations. An attacker can exhaust CPU resources on a DNSSEC-validating DNS resolver by dem和ing responses from a DNSSEC-signed zone, if the resolver uses NSEC3 to respond to the request. NSEC3 is designed to provide a safe way for a DNSSEC-validating DNS resolver to indicate that a requested resource does not exist. 在某些情况下, the DNS resolver must perform thous和s of iterations of a hash function to calculate an NSEC3 response, 和 this is the foundation on which this DoS exploit rests. All current versions of Windows Server receive a patch today.
通常, when Microsoft publishes a security advisory 和 describes the vulnerability as publicly disclosed, that public disclosure will have been recent. 然而, 在cve - 2023 - 50868的情况下, the flaw in DNSSEC was first publicly disclosed on 2024-02-13. The advisory acknowledges four academics from the German National 研究 Centre for Applied Cybersecurity (ATHENE), which is perhaps of interest since these same researchers are authors on a March 2024 academic paper that downplays the DoS potential of cve - 2023 - 50868. Those same researchers published another DNSSEC flaw cve - 2023 - 50387 (also known as KeyTrap) in January 2024, which they describe as having potentially serious implications; Microsoft patched that one at the next scheduled opportunity in February. The cve - 2023 - 50868 advisory published today does not provide further insight as to why this vulnerability wasn’t patched sooner; a reasonable assumption might be that Microsoft assesses cve - 2023 - 50868 as less urgent/critical than cve - 2023 - 50387, although both receive a rating of Important on Microsoft’s proprietary severity ranking scale. 这是 also possible that Microsoft does not wish to be the only major server OS vendor without a patch.
生命周期更新
There are no significant changes to the lifecycle phase of Microsoft products this month. In July, Microsoft SQL Server 2014 will 从延长支持期结束开始. 从八月起, Microsoft only guarantees to provide SQL Server 2014 security updates to customers who choose to participate in the paid Extended Security 更新 program.
总结图表
汇总表
Azure的漏洞
| CVE | Title | 利用? | 公开披露? | CVSSv3基本分数 |
|---|---|---|---|---|
| cve - 2024 - 37325 | Azure Science Virtual Machine (DSVM) Elevation of Privilege 脆弱性 | No | No | 8.1 |
| cve - 2024 - 35252 | Azure Storage Movement Client Library Denial of Service 脆弱性 | No | No | 7.5 |
| cve - 2024 - 35254 | Azure Monitor Agent Elevation of Privilege 脆弱性 | No | No | 7.1 |
| cve - 2024 - 35255 | Azure Identity Libraries 和 Microsoft Authentication Library Elevation of Privilege 脆弱性 | No | No | 5.5 |
| cve - 2024 - 35253 | Microsoft Azure File Sync Elevation of Privilege 脆弱性 | No | No | 4.4 |
浏览器的漏洞
| CVE | Title | 利用? | 公开披露? | CVSSv3基本分数 |
|---|---|---|---|---|
| cve - 2024 - 5499 | Chromium: cve - 2024 - 5499 Out of bounds write in Streams API | No | No | N/A |
| cve - 2024 - 5498 | Chromium: cve - 2024 - 5498 Use after free in Presentation API | No | No | N/A |
| cve - 2024 - 5497 | Chromium: cve - 2024 - 5497 Out of bounds memory access in Keyboard Inputs | No | No | N/A |
| cve - 2024 - 5496 | Chromium: cve - 2024 - 5496 Use after free in Media Session | No | No | N/A |
| cve - 2024 - 5495 | Chromium: cve - 2024 - 5495 Use after free in Dawn | No | No | N/A |
| cve - 2024 - 5494 | Chromium: cve - 2024 - 5494 Use after free in Dawn | No | No | N/A |
| cve - 2024 - 5493 | Chromium: cve - 2024 - 5493 Heap buffer overflow in WebRTC | No | No | N/A |
开发人员工具漏洞
| CVE | Title | 利用? | 公开披露? | CVSSv3基本分数 |
|---|---|---|---|---|
| cve - 2024 - 29187 | GitHub: cve - 2024 - 29187 WiX Burn-based bundles are vulnerable to binary hijack when run as SYSTEM | No | No | 7.3 |
| cve - 2024 - 29060 | Visual Studio Elevation of Privilege 脆弱性 | No | No | 6.7 |
| cve - 2024 - 30052 | Visual Studio Remote Code Execution 脆弱性 | No | No | 4.7 |
静电单位漏洞
| CVE | Title | 利用? | 公开披露? | CVSSv3基本分数 |
|---|---|---|---|---|
| cve - 2024 - 30074 | Windows Link Layer Topology Discovery Protocol Remote Code Execution 脆弱性 | No | No | 8 |
| cve - 2024 - 30075 | Windows Link Layer Topology Discovery Protocol Remote Code Execution 脆弱性 | No | No | 8 |
Microsoft Dynamics漏洞
| CVE | Title | 利用? | 公开披露? | CVSSv3基本分数 |
|---|---|---|---|---|
| cve - 2024 - 35249 | Microsoft Dynamics 365 Business Central Remote Code Execution 脆弱性 | No | No | 8.8 |
| cve - 2024 - 35248 | Microsoft Dynamics 365 Business Central Elevation of Privilege 脆弱性 | No | No | 7.3 |
| cve - 2024 - 35263 | Microsoft Dynamics 365 (On-Premises) Information Disclosure 脆弱性 | No | No | 5.7 |
Microsoft Office漏洞
| CVE | Title | 利用? | 公开披露? | CVSSv3基本分数 |
|---|---|---|---|---|
| cve - 2024 - 30103 | Microsoft Outlook Remote Code Execution 脆弱性 | No | No | 8.8 |
| cve - 2024 - 30100 | Microsoft SharePoint Server Remote Code Execution 脆弱性 | No | No | 7.8 |
| cve - 2024 - 30104 | Microsoft Office Remote Code Execution 脆弱性 | No | No | 7.8 |
| cve - 2024 - 30101 | Microsoft Office Remote Code Execution 脆弱性 | No | No | 7.5 |
| cve - 2024 - 30102 | Microsoft Office Remote Code Execution 脆弱性 | No | No | 7.3 |
Windows操作系统漏洞
| CVE | Title | 利用? | 公开披露? | CVSSv3基本分数 |
|---|---|---|---|---|
| cve - 2024 - 30064 | Windows Kernel Elevation of Privilege 脆弱性 | No | No | 8.8 |
| cve - 2024 - 30068 | Windows Kernel Elevation of Privilege 脆弱性 | No | No | 8.8 |
| cve - 2024 - 30097 | Microsoft Speech Application Programming Interface (SAPI) Remote Code Execution 脆弱性 | No | No | 8.8 |
| cve - 2024 - 30085 | Windows Cloud Files Mini Filter Driver Elevation of Privilege 脆弱性 | No | No | 7.8 |
| cve - 2024 - 30089 | Microsoft Streaming Service Elevation of Privilege 脆弱性 | No | No | 7.8 |
| cve - 2024 - 30072 | Microsoft Event Trace Log File Parsing Remote Code Execution 脆弱性 | No | No | 7.8 |
| cve - 2024 - 35265 | Windows Perception Service Elevation of Privilege 脆弱性 | No | No | 7 |
| cve - 2024 - 30088 | Windows Kernel Elevation of Privilege 脆弱性 | No | No | 7 |
| cve - 2024 - 30099 | Windows Kernel Elevation of Privilege 脆弱性 | No | No | 7 |
| cve - 2024 - 30076 | Windows Container 经理 Service Elevation of Privilege 脆弱性 | No | No | 6.8 |
| cve - 2024 - 30096 | Windows Cryptographic 服务 Information Disclosure 脆弱性 | No | No | 5.5 |
| cve - 2024 - 30069 | Windows Remote Access Connection 经理 Information Disclosure 脆弱性 | No | No | 4.7 |
Windows ESU漏洞
| CVE | Title | 利用? | 公开披露? | CVSSv3基本分数 |
|---|---|---|---|---|
| cve - 2024 - 30080 | Microsoft Message Queuing (MSMQ) Remote Code Execution 脆弱性 | No | No | 9.8 |
| cve - 2024 - 30078 | Windows Wi-Fi Driver Remote Code Execution 脆弱性 | No | No | 8.8 |
| cve - 2024 - 30077 | Windows OLE Remote Code Execution 脆弱性 | No | No | 8 |
| cve - 2024 - 30086 | Windows Win32 Kernel Subsystem Elevation of Privilege 脆弱性 | No | No | 7.8 |
| cve - 2024 - 30062 | Windows St和ards-Based Storage Management Service Remote Code Execution 脆弱性 | No | No | 7.8 |
| cve - 2024 - 30094 | Windows Routing 和 Remote Access Service (RRAS) Remote Code Execution 脆弱性 | No | No | 7.8 |
| cve - 2024 - 30095 | Windows Routing 和 Remote Access Service (RRAS) Remote Code Execution 脆弱性 | No | No | 7.8 |
| cve - 2024 - 35250 | Windows Kernel-Mode Driver Elevation of Privilege 脆弱性 | No | No | 7.8 |
| cve - 2024 - 30082 | Win32k Elevation of Privilege 脆弱性 | No | No | 7.8 |
| cve - 2024 - 30087 | Win32k Elevation of Privilege 脆弱性 | No | No | 7.8 |
| cve - 2024 - 30091 | Win32k Elevation of Privilege 脆弱性 | No | No | 7.8 |
| cve - 2024 - 30083 | Windows St和ards-Based Storage Management Service Denial of Service 脆弱性 | No | No | 7.5 |
| cve - 2023 - 50868 | MITRE: cve - 2023 - 50868 NSEC3 closest encloser proof can exhaust CPU | No | 是的 | 7.5 |
| cve - 2024 - 30070 | DHCP Server Service Denial of Service 脆弱性 | No | No | 7.5 |
| cve - 2024 - 30093 | Windows Storage Elevation of Privilege 脆弱性 | No | No | 7.3 |
| cve - 2024 - 30084 | Windows Kernel-Mode Driver Elevation of Privilege 脆弱性 | No | No | 7 |
| cve - 2024 - 30090 | Microsoft Streaming Service Elevation of Privilege 脆弱性 | No | No | 7 |
| cve - 2024 - 30063 | Windows Distributed File System (DFS) Remote Code Execution 脆弱性 | No | No | 6.7 |
| cve - 2024 - 30066 | Winlogon Elevation of Privilege 脆弱性 | No | No | 5.5 |
| cve - 2024 - 30067 | Winlogon Elevation of Privilege 脆弱性 | No | No | 5.5 |
| cve - 2024 - 30065 | Windows Themes Denial of Service 脆弱性 | No | No | 5.5 |
更新
- 2024-06-12: Corrected a typo in a reference to cve - 2023 - 50868.
