Microsoft Patch Tuesday security updates for June 2024 addressed 49 vulnerabilities in Windows and Windows Components; Office and Office Components; Azure; Dynamics Business Central; and Visual Studio. Eight of these bugs were reported through the ZDI program.<\/p>\n\n\n\n
Only one of these issues is rated Critical and 48 are rated Important in severity.<\/p>\n\n\n\n
Only one of these vulnerabilities is listed as publicly known. Fortunately, none are being actively exploited in the wild.<\/p>\n\n\n\n
The most severe issue is a Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability tracked as CVE-2024-30080<\/a> (CVSS score 9.8).
Remote, unauthenticated attackers can exploit this issue to execute arbitrary code with elevated privileges of systems where MSMQ is enabled. The flaw is wormable between those servers where MSMQ is disabled. <\/p>\n\n\n\n
“To exploit this vulnerability, an attacker would need to send a specially crafted malicious MSMQ packet to a MSMQ server. This could result in remote code execution on the server side.” reads<\/strong><\/a> the advisory.<\/em><\/p>\n\n\n\n
The publicly disclosed zero-day vulnerability, tracked as CVE-2023-50868<\/a> (CVSS score 7.5), is regarding a vulnerability in DNSSEC validation. An attacker could exploit standard DNSSEC protocols intended for DNS integrity by using excessive resources on a resolver, causing a denial of service for legitimate users. MITRE created this CVE on their behalf.<\/p>\n\n\n\n
Another interesting issue addressed by Microsoft Patch Tuesday security updates for June 2024 is a Windows Wi-Fi Driver Remote Code Execution vulnerability tracked as CVE-2024-30078<\/strong><\/a> (CVSS score 8.8). An unauthenticated attacker can exploit this vulnerability to execute code on an affected system by sending the target a specially crafted network packet. The target would need to be in Wi-Fi range of the attacker and using a Wi-Fi adapter. <\/p>\n\n\n\n
Follow me on Twitter: @securityaffairs<\/strong><\/a> and Facebook<\/strong><\/a> and Mastodon<\/strong><\/a><\/p>\n\n\n\n
Pierluigi Paganini<\/strong><\/a><\/p>\n\n\n\n
(<\/strong>SecurityAffairs<\/strong><\/a>\u00a0\u2013<\/strong>\u00a0hacking,\u00a0Microsoft Patch Tuesday)<\/strong><\/p>\n","protected":false},"excerpt":{"rendered":"