MicrosoftKB5023058Azure File Sync Agent v18.1 Release - June 2024 (Security-only update)
4.4 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N
6.7 Medium
AI Score
Confidence
Low
0.0005 Low
EPSS
Percentile
17.7%
Azure File Sync Agent v18.1 Release - June 2024 (Security-only update)
This article describes the improvements and issues that are fixed in the Azure File Sync Agent v18.1 release that is dated June 2024. Additionally, this article contains installation instructions for this release.
Improvements and issues that are fixed
- Fixes an issue that might allow unauthorized users to delete files in locations they donβt have access. This is a security-only update. For more information about this vulnerability, see CVE-2024-35253.
Note: This security update is specifically for servers that have Azure File Sync Agent version 18.0 installed. The forthcoming version 18.2, slated for release in the next few weeks, will be applicable to all prior versions of Azure File Sync agents.
More information about the Azure File Sync Agent v18.1 release
- This security update is available for Windows Server 2016, Windows Server 2019, and Windows Server 2022 installations.
- The agent version for this release is 18.1.0.0.
How to obtain and install the Azure File Sync Agent
The Azure File Sync agent is available from Microsoft Update & Microsoft Update Catalog.Notes
- Agent v18.1 version is only for upgrades for existing agent installations with agent version v18.0 and will not be available in Microsoft Download Center.
- To update existing agent installations, download and install the update from Microsoft Update or Microsoft Update Catalog.
- AfsUpdater.exe will not work for v18.1 agent installation.
Microsoft Update
To obtain and install from Microsoft Update, follow these steps on a server that has Azure File Sync agent installed:Windows Server 2022, Server 2019 and Server 2016
- Click Start, and then click Settings.
- In Settings, click Update & security.
- In the Windows Update window, click Check online for updates from Microsoft Update.
- Verify the Azure File Sync agent update is listed and then click Install now.
Microsoft Update Catalog
Go to the following website to manually download this update from the Microsoft Update Catalog:Azure File Sync Agent v18.1 release: June 2024 (KB5023058)To manually install the update package, extract the cab file and run the following command from an elevated command prompt:msiexec.exe /p packagename.msp REINSTALLMODE=OMUS REINSTALL=StorageSyncAgent,StorageSyncAgentAzureFileSync,StorageSyncAgentGuardFilter,StorageSyncAgentUpdater /qb /lv KB5023058.logFor example, to install the Azure File Sync agent update for Server 2016, run the following command:msiexec.exe /p StorageSyncAgent_WS2016_KB5023058.msp REINSTALLMODE=OMUS REINSTALL=StorageSyncAgent,StorageSyncAgentAzureFileSync,StorageSyncAgentGuardFilter,StorageSyncAgentUpdater /qb /lv KB5023058.log
Related
4.4 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N
6.7 Medium
AI Score
Confidence
Low
0.0005 Low
EPSS
Percentile
17.7%