Security News > 2024 > June > Microsoft fixes RCE vulnerabilities in MSMQ, Outlook (CVE-2024-30080, CVE-2024-30103)
June 2024 Patch Tuesday is here and Microsoft has delivered fixes for a critical MSMQ flaw and a RCE vulnerability in Microsoft Outlook.
CVE-2024-30080 is a use after free flaw affecting Microsoft Message Queuing and can be exploited by unauthenticated attackers by sending a specially crafted malicious MSMQ packet to a MSMQ server.
CVE-2024-30103, a Microsoft Outlook vulnerability that can also lead to RCE, should also be fixed sooner rather than later.
"An attacker who successfully exploited this vulnerability could bypass Outlook registry block lists and enable the creation of malicious DLL files," Microsoft says.
CVE-2024-30072 is another interesting RCE vulnerability that can be triggered by opening a malicious Microsoft Event Trace Log file.
Microsoft labeled this vulnerability as 'Exploitation More Likely', he pointed out, and it was disclosed to Microsoft by the same security researcher that disclosed CVE-2023-36802, another Microsoft Streaming Service elevation of privilege flaw that was patched in the September 2023 Patch Tuesday.
News URL
https://www.helpnetsecurity.com/2024/06/11/cve-2024-30080-cve-2024-30103/
Related news
- CUPS vulnerabilities affecting Linux, Unix systems can lead to RCE (source)
- Microsoft fixes Outlook email sending issue for users with many folders (source)
- Critical Zimbra RCE vulnerability under mass exploitation (CVE-2024-45519) (source)
- Microsoft patches two zero-days exploited in the wild (CVE-2024-43573, CVE-2024-43572) (source)
- Microsoft Outlook bug blocks email logins, causes app crashes (source)
- VMware fixes critical vCenter Server RCE bug – again! (CVE-2024-38812) (source)
- CISA Warns of Active Exploitation of Microsoft SharePoint Vulnerability (CVE-2024-38094) (source)
- Microsoft SharePoint RCE flaw exploits in the wild – you've had 3 months to patch (source)
- Microsoft Outlook workaround fixes freezes when copying text (source)
- Microsoft SharePoint RCE bug exploited to breach corporate network (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-06-11 | CVE-2024-30103 | Unspecified vulnerability in Microsoft 365 Apps, Office and Outlook Microsoft Outlook Remote Code Execution Vulnerability | 8.8 |
| 2024-06-11 | CVE-2024-30080 | Use After Free vulnerability in Microsoft products Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability | 9.8 |
| 2024-06-11 | CVE-2024-30072 | Unspecified vulnerability in Microsoft Windows 11 22H2 Microsoft Event Trace Log File Parsing Remote Code Execution Vulnerability | 7.8 |
| 2023-09-12 | CVE-2023-36802 | Use After Free vulnerability in Microsoft products Microsoft Streaming Service Proxy Elevation of Privilege Vulnerability | 7.8 |