Microsoft Security Update : RCE, Privilege Escalation Flaws Patched

The June 2024 Patch Tuesday update from Microsoft addressed almost 49 vulnerabilities in its products and 9 vulnerabilities in non-Microsoft products. 

The update includes a critical vulnerability in Microsoft Message Queuing (MSMQ) that allows remote code execution to be tracked as CVE-2024-30080

EHA

Another vulnerability in Windows Server and non-Microsoft software that is publicly known but has not yet been publicly exploited is tracked as CVE-2023-50868. 

Critical Vulnerability Addressed

With a CVSS score of 9.8, the critical vulnerability is tracked as CVE-2024-30080. An attacker must send a malicious MSMQ packet that has been specially constructed to an MSMQ server to take advantage of this flaw. 

On the server end, this can lead to remote code execution. All Windows versions, starting with Windows Server 2008 and Windows 10, are impacted by this issue.

Looking for Full Data Breach Protection? Try Cynet's All-in-One Cybersecurity Platform for MSPs: Try Free Demo 

The Windows message queuing service, a Windows component, must be enabled as a mitigating mechanism before this vulnerability can compromise a system. Using the Control Panel, this feature can be included.

You can examine whether the machine has a service named Message Queuing running and TCP port 1801 open for listeners.

Significant RCE And Privilege Escalation Flaws Addressed 

This update includes significant remote code execution vulnerabilities, which includes CVE-2024-30103 in Microsoft Outlook, where an attacker may enable the development of malicious DLL files and bypass Outlook registry block lists; 

CVE-2024-30078 in the Windows Wi-Fi Driver where an unauthorized attacker could send a malicious networking packet to a nearby system using a Wi-Fi networking adaptor, allowing for remote code execution.

CVE-2024-30089 is an elevated privilege vulnerability in Microsoft Streaming Service. An attacker who successfully exploits this vulnerability could gain SYSTEM privileges.

CVE-2024-30085 is in the Windows Cloud Files Mini Filter Driver, where an attacker who successfully exploits this vulnerability could gain SYSTEM privileges.

A significant vulnerability in Win32k (CVE-2024-30082) results in an Elevation of Privilege Vulnerability, where an attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

Publicly Known Vulnerability Addressed

In Windows Server, a publicly known vulnerability identified as CVE-2023-50868 has not yet been publicly exploited. 

CVE-2023-50868 is a vulnerability related to DNSSEC validation. By consuming excessive resources on a resolver, an attacker might take advantage of common DNSSEC protocols meant for DNS integrity and deny service to legitimate users. 

Microsoft has published a complete list of patched vulnerabilities, which provides detailed information about the exploitation methods, vulnerability descriptions, and other information. 

All users should update their products to the latest version to prevent threat actors from exploiting these vulnerabilities.

With ANYRUN You can Analyze any URL, Files & Email for Malicious Activity : Start your Analysis

Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.