- 177/2024
- Critical
Microsoft has released its monthly patch of security updates, known as Patch Tuesday. The mentioned patch addressed one zero-day vulnerability.
Microsoft has fixed (51) vulnerabilities, with (1) classified as critical as they could allow the attacker to execute arbitrary code, remote code execution, and gain access to the affected products.
June’s Patch Tuesday was released to fix security flaws across several Microsoft products such as Windows Server 2019, Windows 10, Microsoft Visual Studio 2022, Azure Identity Library, Windows Server 2008, Windows Server 2012, Azure File Sync, Microsoft 365 Apps, Microsoft SharePoint and Microsoft Office.
Sample of the addressed vulnerabilities:
1. Microsoft Windows Message Queuing (MSMQ) Code Execution Vulnerability (CVE-2024-30080):
- CVSS: 9.8
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Consequences: Gain Access
2. Microsoft Windows Kernel Privilege Escalation Vulnerability (CVE-2024-30068):
- CVSS: 8.8
- Attack Vector: Local
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Consequences: Gain Privileges
Vulnerabilities
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.