Patch Tuesday Comment: Tenable

Exposure Management | Reports & Predictions | Threat Intelligence

Microsoft addressed 49 CVEs in its June 2024 Patch Tuesday release with one rated as critical and no zero-day or publicly disclosed vulnerabilities. Tenable’s counts omitted two CVEs that were not issued by Microsoft, which include CVE-2023-50868 (issued by MITRE) and CVE-2024-29187 (issued by GitHub). Please find below commentary from Satnam Narang, sr. staff research engineer […]

Posted: Wednesday, Jun 12

KBI.Media
$
Patch Tuesday Comment: Tenable

Patch Tuesday Comment: Tenable

Microsoft addressed 49 CVEs in its June 2024 Patch Tuesday release with one rated as critical and no zero-day or publicly disclosed vulnerabilities. Tenable’s counts omitted two CVEs that were not issued by Microsoft, which include CVE-2023-50868 (issued by MITRE) and CVE-2024-29187 (issued by GitHub).

Please find below commentary from Satnam Narang, sr. staff research engineer at Tenable and further analysis in this blog.

“Microsoft patched 49 CVEs in its June 2024 Patch Tuesday release, another sub-60 CVE release for the second month in a row. This month, Microsoft did not patch any zero-day vulnerabilities exploited in the wild. Typically, Microsoft Patch Tuesday releases skew towards being mostly remote code execution vulnerabilities.

“In 2023, remote code execution flaws accounted for over one-third (35.1%) of all CVEs patched. However, this Patch Tuesday release was dominated by elevation of privilege flaws, accounting for nearly half of the CVEs patched (49%) this month. Microsoft patched CVE-2024-30089, an elevation of privilege flaw in the Microsoft Streaming Service. Like many of the elevation of privilege flaws patched as part of Patch Tuesday, Microsoft labelled this one as “Exploitation More Likely.”

“These types of flaws are notoriously useful for cybercriminals seeking to elevate privileges on a compromised system. When exploited in the wild as a zero-day, they are typically associated with more advanced persistent threat actors or as part of targeted attacks. This vulnerability was disclosed to Microsoft by the same security researcher that disclosed CVE-2023-36802, another Microsoft Streaming Service elevation of privilege flaw, which was patched in the September 2023 Patch Tuesday. Curiously, that flaw was disclosed by the researcher, but it was Microsoft themselves that noted it as being exploited in the wild. Another Microsoft Streaming Service flaw was patched this month (CVE-2024-30090), but unlike CVE-2024-30089, this one is labeled as “Exploitation Less Likely”.” – Satnam Narang, sr. staff research engineer, Tenable.

Independent Cyber News.

In Other News…

Teresa Anania Joins Sophos as Chief Customer Officer

Check Point Software Announces New CEO & Reports Strong 2024 Second Quarter Results

Secure Code Warrior Introduces Industry-first Solution that Measures Developers’ Security Competencies for Code Commits

Recent Articles

Rethinking how to engage Australian directors in security budget discussions

The Future of VPNs? No Where.

Unveiling the Future of Cybersecurity: A Conversation with Cisco’s Jeetu Patel

AUKUS: Transforming Security Through Technology Sharing and Cybersecurity

Business News

Tech News

Global News

Our Podcasts

Partner With KBI

Content Production

Business News

Tech News

Global News

KBI.FM - The Cyber Podcast Network

Threats & Reports