June 11, 2024 at 08:33PM
Microsoft’s June Patch Tuesday addressed 49 CVE-tagged security flaws, including a critical bug in wireless networking and a publicly disclosed DNS vulnerability (CVE-2023-50868). It also included an RCE issue in Microsoft Message Queuing (CVE-2024-30080) and a Wi-Fi driver remote code execution hole (CVE-2024-30078). Adobe, SAP, PHP, Arm, Apple, Google, SolarWinds, Fortinet, and Cisco also released security updates this month.
From the meeting notes, I have gathered the following key takeaways:
1. Microsoft’s June Patch Tuesday included updates for 49 CVE-tagged security flaws, with one critical bug in wireless networking (CVE-2023-50868) and a remote code execution issue in Microsoft Message Queuing (MSMQ) (CVE-2024-30080).
2. Adobe released ten patches covering 166 CVEs, with one critical vulnerability in Photoshop and two in FrameMaker Publishing Server.
3. SAP released a dozen new and updated security notes, including high-priority alerts for bugs affecting NetWeaver AS Java and Financial Consolidation on S/4HANA.
4. PHP 8.2.20 fixed a critical bug (CVE-2024-4577) under active exploit, and Arm addressed a flaw in its Bitfrost and Valhall GPU kernel drivers that has already been exploited.
5. Apple’s visionOS 1.2 release addressed 21 bugs, and Google’s June security update for Android patched 37 holes across its Android services.
6. SolarWinds fixed an 8.6-CVSS-rated directory transversal flaw (CVE-2024-28995) in its managed file transfer tool Serv-U.
7. Fortinet fixed multiple stack-based buffer overflow vulnerabilities in the command line interpreter of FortiOS, and Cisco released security updates for Webex and Cisco Finesse.
These are the major security highlights from the meeting notes. Let me know if you need further details on any specific topic.