Microsoft released its monthly security update on Tuesday, addressing 138 vulnerabilities across its software ecosystem. The bundle includes patches for critical Remote Code Execution (RCE) flaws in Windows DNS and Netlogon, though the company confirmed that none of the vulnerabilities have been publicly disclosed or exploited in active attacks.

The update covers a wide range of products, including Windows, Office, Edge, and various server platforms. Of the total flaws, 30 are classified as Critical, 104 as Important, three as Moderate, and one as Low in severity. A significant portion of the patches, 61 vulnerabilities, target privilege escalation issues, which could allow an attacker to gain higher level system access.

Critical Vulnerabilities in DNS and Netlogon

Among the most notable patches are two Critical RCE flaws. One vulnerability resides in the Windows Domain Name System (DNS) server, which could enable an unauthenticated attacker to execute arbitrary code remotely. The other flaw affects the Netlogon Remote Protocol, a component that handles authentication for domain joined devices. Exploitation of the Netlogon flaw could allow an attacker to impersonate any computer on a network, including domain controllers.

Both flaws are considered highly dangerous due to their potential for network wide compromise. The DNS vulnerability in particular has drawn attention because DNS servers are central to network operations and are frequently targeted in advanced cyberattacks.

Other Notable Patches

The update also addresses vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted file. Additionally, patches were included for the Microsoft Edge browser, which were released separately in the Chromium project update.

Several flaws in Windows Remote Desktop Services were also fixed. These could enable an attacker to execute code remotely without authentication, marking them as critical for organizations that rely on remote access.

Implications for Enterprise Security

For enterprise networks, the sheer volume of privilege escalation bugs (61 total) is a significant concern. These flaws often serve as the second or third step in a multi stage attack chain, where an attacker first gains a foothold and then escalates privileges to move laterally across a network or steal sensitive data. Administrators are advised to prioritize the deployment of patches that address both the critical RCE flaws and the privilege escalation vulnerabilities.

Patching Guidance

Microsoft recommends that customers apply the updates as soon as possible through Windows Update, Microsoft Update, or Windows Server Update Services (WSUS). The patches are cumulative, meaning they include all previous fixes for the affected components. No workarounds or mitigations have been provided for the most critical flaws, making patching the primary defense.

Looking Ahead

Microsoft’s next scheduled Patch Tuesday update is expected on July 9, 2024. In the interim, security researchers will likely analyze the patched vulnerabilities to determine if they can be reverse engineered to create proof of concept exploits, a common practice that underscores the urgency for organizations to apply patches now.

Source: Microsoft Security Response Center