Microsoft has released its June 2024 batch of security updates, addressing 51 vulnerabilities across its products. One vulnerability is rated Critical, while the remaining 50 are rated Important in severity. These patches are essential for protecting systems against potential cyber threats and should be applied promptly.
The most severe vulnerability fixed this month is a critical remote code execution (RCE) flaw in the Microsoft Message Queuing (MSMQ) service, tracked as CVE-2024-30080 with a CVSS score of 9.8. An attacker could exploit this flaw by sending a specially crafted malicious MSMQ packet to an MSMQ server, potentially allowing remote code execution on the server.
Another significant vulnerability patched is CVE-2024-30103, an RCE flaw in Microsoft Outlook. Discovered by cyber security firm Morphisec, this vulnerability could enable code execution without requiring user interaction with the email content, making it an attractive target for adversaries seeking initial access to systems.
Notably, one of the vulnerabilities addressed, CVE-2023-50868 (CVSS 7.5), was previously publicly disclosed. This denial-of-service issue affects the DNSSEC validation process and could cause CPU exhaustion on DNSSEC-validating resolvers, potentially disrupting DNS services.
In addition to the critical MSMQ and Outlook RCE flaws, Microsoft has addressed several other RCE vulnerabilities in various components, including the Windows Wi-Fi Driver (CVE-2024-30078) and numerous privilege escalation flaws affecting the Windows Kernel.
While none of the patched vulnerabilities were known to be actively exploited in the wild at the time of release, their severity and potential impact underscores the importance of promptly applying these security updates.
Users and organisations are strongly advised to review the details provided by Microsoft and prioritise the deployment of these patches across their environments. Keeping systems up-to-date with the latest security updates is crucial for mitigating the risk of cyber attacks and protecting sensitive data.
For more information and guidance on these vulnerabilities and the associated updates, users should refer to the Microsoft Security Response Center and follow best practices for secure software deployment and patch management.
Further reading on this month’s updates available at:
Microsoft has recently disclosed a significant security vulnerability affecting multiple versions of its Office suite, including Office 2016, Office 2019, Office LTSC 2021 and Microsoft…
Microsoft has issued an important reminder that multiple editions of Windows 11 will reach the end of their support lifecycle on 8 October 2024. This…
In recent weeks, Scotland has seen a rise in sophisticated phishing attacks exploiting SharePoint servers to deceive unsuspecting victims. Attackers are using legitimate SharePoint servers…
