Adrian Johnson
TLDR:
- Microsoft released Patch Tuesday update addressing 49 vulnerabilities in its products and 9 in non-Microsoft products.
- Critical vulnerability CVE-2024-30080 in Microsoft Message Queuing allows remote code execution.
The June 2024 Patch Tuesday update from Microsoft addressed almost 49 vulnerabilities in its products and 9 vulnerabilities in non-Microsoft products. The update includes a critical vulnerability in Microsoft Message Queuing (MSMQ) that allows remote code execution to be tracked as CVE-2024-30080. Another vulnerability in Windows Server and non-Microsoft software that is publicly known but has not yet been publicly exploited is tracked as CVE-2023-50868.
The critical vulnerability CVE-2024-30080 has a CVSS score of 9.8 and allows an attacker to send a malicious MSMQ packet to an MSMQ server for remote code execution. Windows versions starting from Windows Server 2008 are impacted. Enabling the Windows message queuing service can mitigate this vulnerability.
This update also addresses significant remote code execution and privilege escalation flaws, including vulnerabilities in Microsoft Outlook, Windows Wi-Fi Driver, Microsoft Streaming Service, Windows Cloud Files Mini Filter Driver, and Win32k. A publicly known vulnerability related to DNSSEC validation in Windows Server is also patched.
Microsoft has provided a full list of patched vulnerabilities with detailed information. Users are advised to update their products to prevent exploitation by threat actors.
Source: Cyber Security News
