Third Party Patching
June 2024 Third-Party Patches
Tuukka TiainenTopics: Third Party Patching
Welcome to our monthly third-party patching roundup. This June, we’ve seen significant updates across various applications that play a crucial role in many IT environments. Here’s a comprehensive overview of June 2024 Third-Party Patches to help you stay on top of critical updates and ensure your systems remain secure.
Summary of June 2024 Third-Party Software Patches
According to Liquit Setup Store data, June 2024 brought 95 updates for vulnerable applications, addressing 101 vulnerabilities across 62 different applications. Timely application of these patches is vital for mitigating potential security risks.
Browser Security Updates
The majority of updates this month targeted popular open-source Chromium-based browsers, emphasizing their critical role in everyday operations.
- Microsoft Edge for Business: Released four security patches, addressing 46 vulnerabilities with a peak CVSS score of 8.8.
- Google Chrome for Business: Three updates resolving 26 vulnerabilities.
- Opera One: One update that remediated seven vulnerabilities.
- Mozilla Firefox and Firefox ESR: Updates addressing eight and 14 vulnerabilities respectively, both with a CVSS score of 8.8.
- Brave Browser: Four updates fixing a total of 26 vulnerabilities, maintaining parity with other Chromium-based browsers.
Notable CVEs
CVE-2024-4671: This zero-day vulnerability impacts Google Chrome, Microsoft Edge, and potentially other Chromium-based browsers. If exploited, it could enable a remote attacker to execute arbitrary code on the affected system. Given the prevalence of zero-day vulnerabilities in popular browsers, it’s crucial to stay updated with security notifications from browser vendors. Often, there are mitigations or workarounds available before a patch is released, underscoring the importance of prompt action to maintain security.
Microsoft Security Updates
Significant patches were also rolled out for Microsoft applications, enhancing security across various tools:
- Visual Studio (2017, 2019, 2022): A single update for all versions, addressing three security issues, with the most critical being CVE-2024-29187 (CVSS 7.3).
- Microsoft 365 Apps: Updates across Current, Monthly Enterprise, and Semi-Annual Enterprise channels, resolving four vulnerabilities including the high-risk CVE-2024-30103 (CVSS 8.8).
- Microsoft .NET SDK 8.0: Version 8.3.224.28002 addressed one security concern.
Third-Party Line-of-Business Application Patches
Several business-critical applications received important updates this month, including a notable vulnerability identified as CVE-2024-37051.
CVE-2024-37051: This vulnerability impacts the JetBrains GitHub plugin. Malicious content in a pull request to a GitHub project, handled by IntelliJ-based IDEs, could expose access tokens to a third-party host. While there is no confirmed evidence of active exploitation before its discovery and disclosure, it is crucial to follow JetBrains’ recommended actions to mitigate potential risks. For more details on recommended actions, please refer to JetBrains’ security update here.
- Autodesk AutoCAD 2024: An update addressing 14 high-severity vulnerabilities.
- OpenSSL and OpenSSL Light: Multiple updates across different versions (3.0 LTS, 3.1, 3.2, 3.3) addressing three vulnerabilities each.
Detailed Security Patch List
Here’s a detailed breakdown of updates for other significant software titles:
| Product | Branch | Version | Vulnerabilitiesremediated |
| Apache Tomcat 9 | Tomcat 9 | 0,376041667 | 1 |
| Autodesk AutoCAD 2024 | AutoCAD 2024 update | 2024.01.05 | 14 |
| Brave Browser | Brave Browser | 1.67.123 | 4 |
| Brave Browser | Brave Browser | 1.67.119 | 4 |
| Brave Browser | Brave Browser | 1.67.115 | 18 |
| CLion | CLion 2023.1 | 2023.01.07 | 1 |
| CLion | CLion 2023.2 | 2023.02.04 | 1 |
| CLion | CLion 2023.3 | 2023.03.05 | 1 |
| CLion | CLion 2024.1 | 2024.01.03 | 1 |
| DataGrip 2024.1 | DataGrip 2024.1 | 2024.01.04 | 1 |
| DataSpell | DataSpell 2023.3 | 2023.03.06 | 1 |
| DataSpell | DataSpell 2024.1 | 2024.01.02 | 1 |
| Devolutions Remote Desktop Manager | Remote Desktop Manager | 2024.2.12.0 | 1 |
| Docker Desktop | Docker Desktop | 4.31.0.153195 | 1 |
| EnterpriseDB Corporation PostgreSQL 14 | PostgreSQL 14 | 14.12.02 | 1 |
| EnterpriseDB Corporation PostgreSQL 15 | PostgreSQL 15 | 15.07.02 | 1 |
| EnterpriseDB Corporation PostgreSQL 16 | PostgreSQL 16 | 16.03.02 | 1 |
| GoLand 2023.1 | GoLand 2023.1 | 2023.01.06 | 1 |
| GoLand 2023.2 | GoLand 2023.2 | 2023.02.07 | 1 |
| GoLand 2023.3 | GoLand 2023.3 | 2023.03.07 | 1 |
| GoLand 2024.1 | GoLand 2024.1 | 2024.01.03 | 1 |
| Google Chrome for Business | Chrome for Business | 126.0.6478.127 | 4 |
| Google Chrome for Business | Chrome for Business | 126.0.6478.115 | 4 |
| Google Chrome for Business | Chrome for Business | 126.0.6478.57 | 18 |
| Google Go Programming Language 1.21 | Go Programming Language 1.21 | 1.21.11 | 2 |
| Google Go Programming Language 1.22 | Go Programming Language 1.22 | 1.22.04 | 2 |
| IntelliJ IDEA Community | IntelliJ IDEA Community 2023.3 | 2023.03.07 | 1 |
| IntelliJ IDEA Community | IntelliJ IDEA Community 2024.1 | 2024.01.03 | 1 |
| IntelliJ IDEA Community 2023.1 | IntelliJ IDEA Community 2023.1 | 2023.01.07 | 1 |
| IntelliJ IDEA Community 2023.2 | IntelliJ IDEA Community 2023.2 | 2023.02.07 | 1 |
| IntelliJ IDEA Ultimate | IntelliJ IDEA Ultimate 2023.3 | 2023.03.07 | 1 |
| IntelliJ IDEA Ultimate | IntelliJ IDEA Ultimate 2024.1 | 2024.01.03 | 1 |
| IntelliJ IDEA Ultimate 2023.1 | IntelliJ IDEA Ultimate 2023.1 | 2023.01.07 | 1 |
| IntelliJ IDEA Ultimate 2023.2 | IntelliJ IDEA Ultimate 2023.2 | 2023.02.07 | 1 |
| Microsoft .NET SDK 8.0 | .NET SDK 8.0 | 8.3.224.28002 | 1 |
| Microsoft 365 Apps | Microsoft 365 Apps – Business Retail Current Channel – Danish | 2405 (Build 16.0.17628.20144) | 4 |
| Microsoft 365 Apps | Microsoft 365 Apps – Business Retail Monthly Enterprise Channel – Dutch | 2404 (Build 16.0.17531.20190) | 4 |
| Microsoft 365 Apps | Microsoft 365 Apps – Business Retail Semi-Annual Enterprise Channel – Dutch | 2308 (Build 16.0.16731.20716) | 4 |
| Microsoft Edge Beta | Microsoft Edge Beta | 126.0.2592.68 | 6 |
| Microsoft Edge Beta | Microsoft Edge Beta | 126.0.2592.56 | 32 |
| Microsoft Edge for Business | Microsoft Edge for Business | 126.0.2592.81 | 5 |
| Microsoft Edge for Business | Microsoft Edge for Business | 126.0.2592.68 | 6 |
| Microsoft Edge for Business | Microsoft Edge for Business | 126.0.2592.56 | 32 |
| Microsoft Edge for Business | Microsoft Edge for Business | 125.0.2535.85 | 7 |
| Microsoft Edge Webview2 Runtime | Microsoft Edge Webview2 Runtime | 126.0.2592.81 | 5 |
| Microsoft Edge Webview2 Runtime | Microsoft Edge Webview2 Runtime | 125.0.2535.85 | 7 |
| Microsoft Visual Studio 2017 Enterprise | Microsoft Visual Studio 2017 Enterprise | 15.9.34930.103 | 3 |
| Microsoft Visual Studio 2019 Community | Microsoft Visual Studio 2019 Community | 16.11.34931.43 | 3 |
| Microsoft Visual Studio 2019 Enterprise | Microsoft Visual Studio 2019 Enterprise | 16.11.34931.43 | 6 |
| Microsoft Visual Studio 2019 Enterprise | Microsoft Visual Studio 2019 Enterprise | 16.11.34931.43 | 6 |
| Microsoft Visual Studio 2019 Professional | Microsoft Visual Studio 2019 Professional | 16.11.34931.43 | 6 |
| Microsoft Visual Studio 2019 Professional | Microsoft Visual Studio 2019 Professional | 16.11.34931.43 | 6 |
| Microsoft Visual Studio 2022 Community | Microsoft Visual Studio 2022 Community | 17.10.35004.147 | 3 |
| Microsoft Visual Studio 2022 Enterprise | Microsoft Visual Studio 2022 Enterprise (Current) | 17.10.35004.147 | 3 |
| Microsoft Visual Studio 2022 Enterprise | Microsoft Visual Studio 2022 Enterprise (LTSC 17.4) | 17.4.34931.60 | 3 |
| Microsoft Visual Studio 2022 Enterprise | Microsoft Visual Studio 2022 Enterprise (LTSC 17.6) | 17.6.34931.59 | 3 |
| Microsoft Visual Studio 2022 Enterprise | Microsoft Visual Studio 2022 Enterprise (LTSC 17.8) | 17.8.34931.61 | 3 |
| Microsoft Visual Studio 2022 Professional | Microsoft Visual Studio 2022 Professional (Current) | 17.10.35004.147 | 3 |
| Microsoft Visual Studio 2022 Professional | Microsoft Visual Studio 2022 Professional (LTSC 17.4) | 17.4.34931.60 | 3 |
| Microsoft Visual Studio 2022 Professional | Microsoft Visual Studio 2022 Professional (LTSC 17.6) | 17.6.34931.59 | 3 |
| Microsoft Visual Studio 2022 Professional | Microsoft Visual Studio 2022 Professional (LTSC 17.8) | 17.8.34931.61 | 3 |
| Microsoft Visual Studio Feedback Client 2017 | Microsoft Visual Studio Feedback Client 2017 | 15.9.34930.103 | 3 |
| Microsoft Visual Studio Team Explorer 2017 | Microsoft Visual Studio Team Explorer 2017 | 15.9.34930.103 | 3 |
| Microsoft Visual Studio Team Explorer 2019 | Microsoft Visual Studio Team Explorer 2019 | 16.11.34931.43 | 3 |
| Microsoft Visual Studio Team Explorer 2022 | Microsoft Visual Studio Team Explorer 2022 | 17.10.35004.147 | 3 |
| Mozilla Firefox | Firefox (African) | 127.00.00 | 14 |
| Mozilla Firefox ESR 115 | Firefox ESR 115 (African) | 115.12.00 | 8 |
| Mozilla Thunderbird | Thunderbird (African) | 115.12.00 | 8 |
| Obsidian | Obsidian (Device) | 1.06.02 | 1 |
| Obsidian | Obsidian (User) | 1.06.02 | 1 |
| OpenSSL | OpenSSL 3.0 LTS | 3.00.14 | 3 |
| OpenSSL | OpenSSL 3.1 | 3.01.06 | 3 |
| OpenSSL | OpenSSL 3.2 | 3.02.02 | 3 |
| OpenSSL Light | OpenSSL Light 3.0 LTS | 3.00.14 | 3 |
| OpenSSL Light | OpenSSL Light 3.1 | 3.01.06 | 3 |
| OpenSSL Light | OpenSSL Light 3.2 | 3.02.02 | 3 |
| OpenSSL Light | OpenSSL Light 3.3 | 3.03.01 | 2 |
| OpenVPN | OpenVPN | 2.6.11 (2.6.1101) | 3 |
| Opera One | Opera One | 111.0.5168.25 | 7 |
| Pale Moon | Pale Moon | 33.02.00 | 6 |
| pgAdmin 4 | pgAdmin 4 | 8.09 | 1 |
| PhpStorm | PhpStorm | 2024.01.03 | 1 |
| PyCharm Community | PyCharm Community 2023 | 2023.03.06 | 1 |
| PyCharm Community | PyCharm Community 2024 | 2024.01.03 | 1 |
| PyCharm Professional | PyCharm Professional 2023 | 2023.03.06 | 1 |
| PyCharm Professional | PyCharm Professional 2024 | 2024.01.03 | 1 |
| Python 3.12 | Python 3.12 | 3.12.4150.0 | 1 |
| RubyMine 2023 | RubyMine 2023.1 | 2023.01.07 | 1 |
| RubyMine 2023 | RubyMine 2023.2 | 2023.02.07 | 1 |
| RubyMine 2023 | RubyMine 2023.3 | 2023.03.07 | 1 |
| RubyMine 2024 | RubyMine 2024.1 | 2024.01.03 | 1 |
| TeamCity | TeamCity | 2024.03.03 | 2 |
| Waterfox | Waterfox | G6.0.16 | 8 |
| Webstorm 2023.1 | WebStorm 2023.1 | 2023.01.06 | 1 |
| Webstorm 2023.2 | WebStorm 2023.2 | 2023.02.07 | 1 |
| WebStorm 2023.3 | WebStorm 2023.3 | 2023.03.07 | 1 |
| WebStorm 2024.1 | WebStorm 2024.1 | 2024.01.04 | 1 |
Conclusion: June 2024 Third-Party Patches
Staying up to date with your third-party patches is essential for safeguarding your IT environment against threats. These updates address critical vulnerabilities across a wide range of applications, ensuring your systems remain both secure and stable. Prioritize applying these patches to maintain the integrity and security of your network.
Learn more about the importance of third-party patching by reading the eBook Reduce Your Attack Footprint. Also, check out our July 2024 Microsoft Patch Tuesday post here.
