Microsoft has released security updates to address 51 vulnerabilities as part of its Patch Tuesday updates for June 2024.
Of these vulnerabilities, one is rated as Critical, and 50 are rated as Important. Additionally, 17 vulnerabilities in the Chromium-based Edge browser have been resolved over the past month.
None of the security flaws have been actively exploited in the wild, although one is publicly known at the time of release. This concerns a third-party advisory tracked as CVE-2023-50868, a denial-of-service issue impacting the DNSSEC validation process, potentially causing CPU exhaustion on a DNSSEC-validating resolver.
Microsoft fixed 51 vulnerabilities including 18 RCE vulnerabilities and one previously disclosed zero-day as part of its June 2024 Patch Tuesday.
Complete release notes here: https://t.co/1QFfWzjMMa#patchtuesday #patchmanagement #vulnerabilitymanagement #cve pic.twitter.com/zs4X1ompB9— CYRISMA (@CYRISMA_USA) June 12, 2024
The most severe flaw addressed in this update is a critical remote code execution (RCE) vulnerability in the Microsoft Message Queuing (MSMQ) service (CVE-2024-30080).
According to Microsoft, to exploit this vulnerability, an attacker would need to send a specially crafted malicious MSMQ packet to an MSMQ server, potentially resulting in remote code execution on the server side.
Several other RCE bugs affecting Microsoft Outlook, the Windows Wi-Fi Driver, and numerous privilege escalation flaws in various components such as the Windows Win32 Kernel Subsystem, Windows Cloud Files Mini Filter Driver, and Win32k, among others, have also been resolved.
Cybersecurity firm Morphisec, which discovered CVE-2024-30103, highlighted that the flaw could be exploited to trigger code execution without user interaction, increasing the likelihood of adversaries leveraging it for initial access and potentially compromising entire systems.
These updates underscore the importance of promptly applying security patches to mitigate potential risks and ensure the protection of systems and data.
Abdul Rehman
Abdul is a tech-savvy, coffee-fueled, and creatively driven marketer who loves keeping up with the latest software updates and tech gadgets. He's also a skilled technical writer who can explain complex concepts simply for a broad audience. Abdul enjoys sharing his knowledge of the Cloud industry through user manuals, documentation, and blog posts.