Phone : +91 95 8290 7788 | Email : sales@itmonteur.net

Register & Request Quote | Submit Support Ticket

Home » Cyber Security News » Vulnerabilities & Exploits » Microsoft Issues Patches for 51 Flaws, Including Critical MSMQ Vulnerability

Microsoft Issues Patches for 51 Flaws, Including Critical MSMQ Vulnerability

Microsoft Issues Patches for 51 Flaws, Including Critical MSMQ Vulnerability

https://firewall.firm.in/wp-content/uploads/2024/06/ms.png

Jun 12, 2024NewsroomPatch Tuesday / Vulnerability

Microsoft's June Patch Tuesday

Microsoft has released security updates to address 51 flaws as part of its Patch Tuesday updates for June 2024.

Of the 51 vulnerabilities, one is rated Critical and 50 are rated Important. This is in addition to 17 vulnerabilities resolved in the Chromium-based Edge browser over the past month.

None of the security flaws have been actively exploited in the wild, with one of them listed as publicly known at the time of the release.

This concerns a third-party advisory tracked as CVE-2023-50868 (CVSS score: 7.5), a denial-of-service issue impacting the DNSSEC validation process that could cause CPU exhaustion on a DNSSEC-validating resolver.

Cybersecurity

It was reported by researchers from the National Research Center for Applied Cybersecurity (ATHENE) in Darmstadt back in February, alongside KeyTrap (CVE-2023-50387, CVSS score: 7.5).

“NSEC3 is an improved version of NSEC (Next Secure) that provides authenticated denial of existence,” Tyler Reguly, associate director of Security R&D at Fortra, said in a statement. “By proving that a record doesn’t exist (with evidence of the surrounding records), you can help to prevent against DNS Cache poisoning against non-existent domains.”

“Since this is a protocol level vulnerability, products other than Microsoft are affected with well-known DNS servers like bind, powerdns, dnsmasq, and others also releasing updates to resolve this issue.”

The most severe of the flaws fixed in this month’s update is a critical remote code execution (RCE) flaw in the Microsoft Message Queuing (MSMQ) service (CVE-2024-30080, CVSS score: 9.8).

“To exploit this vulnerability, an attacker would need to send a specially crafted malicious MSMQ packet to a MSMQ server,” Microsoft said. “This could result in remote code execution on the server side.”

Also resolved by Redmond are several other RCE bugs affecting Microsoft Outlook (CVE-2024-30103), Windows Wi-Fi Driver (CVE-2024-30078), and numerous privilege escalation flaws in Windows Win32 Kernel Subsystem (CVE-2024-30086), Windows Cloud Files Mini Filter Driver (CVE-2024-30085), and Win32k (CVE-2024-30082), among others.

Cybersecurity firm Morphisec, which discovered CVE-2024-30103, said the flaw could be used to trigger code execution without requiring users to click or interact with the email content.

“This lack of required user interaction, combined with the straightforward nature of the exploit, increases the likelihood that adversaries will leverage this vulnerability for initial access,” security researcher Michael Gorelik said.

Cybersecurity

“Once an attacker successfully exploits this vulnerability, they can execute arbitrary code with the same privileges as the user, potentially leading to a full system compromise.”

Software Patches from Other Vendors

In addition to Microsoft, security updates have also been released by other vendors over the past several weeks to rectify several vulnerabilities, including —

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.


Information Security - InfoSec - Cyber Security - Firewall Providers Company in India

 

 

 

 

 

 

 

 

 

 

 

 

What is Firewall? A Firewall is a network security device that monitors and filters incoming and outgoing network traffic based on an organization's previously established security policies. At its most basic, a firewall is essentially the barrier that sits between a private internal network and the public Internet.

 

Secure your network at the gateway against threats such as intrusions, Viruses, Spyware, Worms, Trojans, Adware, Keyloggers, Malicious Mobile Code (MMC), and other dangerous applications for total protection in a convenient, affordable subscription-based service. Modern threats like web-based malware attacks, targeted attacks, application-layer attacks, and more have had a significantly negative effect on the threat landscape. In fact, more than 80% of all new malware and intrusion attempts are exploiting weaknesses in applications, as opposed to weaknesses in networking components and services. Stateful firewalls with simple packet filtering capabilities were efficient blocking unwanted applications as most applications met the port-protocol expectations. Administrators could promptly prevent an unsafe application from being accessed by users by blocking the associated ports and protocols.

 

Firewall Firm is an IT Monteur Firewall Company provides Managed Firewall Support, Firewall providers , Firewall Security Service Provider, Network Security Services, Firewall Solutions India , New Delhi - India's capital territory , Mumbai - Bombay , Kolkata - Calcutta , Chennai - Madras , Bangaluru - Bangalore , Bhubaneswar, Ahmedabad, Hyderabad, Pune, Surat, Jaipur, Firewall Service Providers in India

Sales Number : +91 95 8290 7788 | Support Number : +91 94 8585 7788
Sales Email : sales@itmonteur.net | Support Email : support@itmonteur.net

Register & Request Quote | Submit Support Ticket