Microsoft and Adobe's June 2024 Security Update Assessment: Evaluating Patch Tuesday Fixes
In the world of cybersecurity, June 2024 was a busy month, with both Microsoft and Adobe releasing numerous updates to address a multitude of vulnerabilities.
Microsoft's June Patch Tuesday addressed a total of 58 vulnerabilities, including one critical and 50 of important severity. One of the critical vulnerabilities, CVE-2024-30080, is a Remote Code Execution (RCE) vulnerability in Microsoft Message Queuing (MSMQ). The Control IDs updated for this vulnerability include 14297, 14916, and 4030. Microsoft's recommended mitigation for this vulnerability has been supported by Qualys Policy Compliance with updated Control IDs and System Defined Controls.
Another RCE vulnerability, CVE-2024-30070, was also addressed in this Patch Tuesday. This DHCP Server Service Denial of Service Vulnerability has been assigned the Control ID 26238.
Several elevation of privilege vulnerabilities were also patched in various Microsoft products, including Win32k, Windows Kernel-Mode Driver, Windows Cloud Files Mini Filter Driver, Microsoft Streaming Service, and Win32k.
Microsoft Edge (Chromium-based) had seven vulnerabilities addressed in this month's update.
On the Adobe front, the company released 10 security advisories to address 167 vulnerabilities in various Adobe products. The updates addressed flaws in Adobe Illustrator, InCopy, Magento Commerce, and Photoshop Elements 2025 for Mac. Notably, 13 of these vulnerabilities were given critical severity ratings.
In June 2024, Adobe fixed several important vulnerabilities. For instance, three critical security flaws in Illustrator required an update to version 28.7.4 or 29.2.1. A critical vulnerability in InCopy was addressed by updating to version 19.5.2 or 20.1. Multiple critical security issues in Magento Commerce needed urgent patching. Additionally, a significant vulnerability marked as important was fixed in Photoshop Elements 2025 for Mac only.
The QQL will return a posture assessment for the CIDs related to both CVE-2024-30080 and CVE-2024-30070.
To help customers leverage Qualys Vulnerability Management Detection Response (VMDR) and Qualys Patch Management, Qualys hosts a monthly webinar series. The series discusses high-impact vulnerabilities, including those from Patch Tuesday alerts. The Qualys Research team reviews the security updates from Microsoft and Adobe in their monthly webinar series. The webinar series walks participants through the necessary steps to address key vulnerabilities using Qualys VMDR and Qualys Patch Management.
The June Patch Tuesday release notes cover multiple Microsoft product families and products/versions affected. Meanwhile, Adobe's security advisories provide detailed information about the vulnerabilities and the updates required to fix them.
In another significant development, the vulnerability CVE-2023-50868, a DNSSEC validation issue, was patched in numerous DNS implementations.
Staying updated with these security patches is crucial in maintaining a secure digital environment. As always, it's recommended to keep your software up-to-date to protect against potential threats.
The next Patch Tuesday is scheduled for July 9. Keep an eye out for more updates!
