In the latest Patch Tuesday security update for June, Microsoft has addressed a total of 49 vulnerabilities, with one critical bug standing out in particular. This bug, identified as CVE-2024-30080, carries a high severity rating with a CVSS score of 9.8 out of 10. The vulnerability exists in Microsoft Message Queuing (MSMQ) technology and can potentially lead to remote code execution (RCE) and server takeover.
The exploit for CVE-2024-30080 is remotely accessible, with low attack complexity and requires no special privileges or user interaction. Attackers can exploit this vulnerability by sending a specially crafted malicious MSMQ packet, allowing them to take full control of an affected server. This bug impacts all versions of Windows from Windows Server 2008 to Windows 10. To check for vulnerability, users are advised to ensure that the ‘Message Queuing’ service is running and that TCP port 1801 is open on the system.
Security experts warn that the consequences of this critical vulnerability could be significant. Tyler Reguly, associate director of security R&D at Fortra, highlighted the urgency of patching, noting that a large number of hosts are running with port 1801 open, making them potential targets for exploitation. Reguly also expressed concerns about the likelihood of this vulnerability being incorporated into exploit frameworks in the near future.
While CVE-2024-30080 is the only bug rated as critical in this month’s update, there are several other vulnerabilities that demand immediate attention. Among these high-priority bugs are CVE-2024-30103 in Microsoft Outlook, CVE-2024-30089 in Microsoft Streaming Services, CVE-2024-30085 in Windows Cloud Files Mini Filter Driver, and CVE-2024-30099 in Windows Kernel Driver. Microsoft has identified 11 of the 49 vulnerabilities in this month’s update as more likely to be exploited due to factors like low attack complexity and the lack of special privileges required.
In addition to the critical bug, researchers have highlighted several other RCE vulnerabilities that organizations should prioritize for patching. These include CVE-2024-30101 and CVE-2024-30104 in Microsoft Office, along with the previously mentioned CVE-2024-30103 in Microsoft Outlook. The ease of exploitation associated with some of these vulnerabilities, particularly in Microsoft Outlook, poses a significant threat as attackers can bypass security measures and execute malicious code without user interaction.
Furthermore, the update also addresses a notable increase in elevation-of-privilege (EoP) vulnerabilities, accounting for nearly half of the CVEs patched. Experts emphasize the importance of addressing EoP flaws, such as CVE-2024-30089 in Microsoft Streaming Services and CVE-2024-30085 in Windows Cloud Mini Files Driver, which could enable attackers to gain system-level privileges and perform malicious actions on compromised systems.
Overall, the June 2024 Patch Tuesday update underscores the critical importance of promptly applying security patches to mitigate the risks posed by potentially exploitable vulnerabilities in Microsoft products. Organizations are advised to prioritize the patching of these vulnerabilities to prevent potential security breaches and safeguard their systems from cyber threats.