Security News > 2024 > June > Microsoft fixes RCE vulnerabilities in MSMQ, Outlook (CVE-2024-30080, CVE-2024-30103)

Microsoft fixes RCE vulnerabilities in MSMQ, Outlook (CVE-2024-30080, CVE-2024-30103)
2024-06-11 19:49

June 2024 Patch Tuesday is here and Microsoft has delivered fixes for a critical MSMQ flaw and a RCE vulnerability in Microsoft Outlook.

CVE-2024-30080 is a use after free flaw affecting Microsoft Message Queuing and can be exploited by unauthenticated attackers by sending a specially crafted malicious MSMQ packet to a MSMQ server.

CVE-2024-30103, a Microsoft Outlook vulnerability that can also lead to RCE, should also be fixed sooner rather than later.

"An attacker who successfully exploited this vulnerability could bypass Outlook registry block lists and enable the creation of malicious DLL files," Microsoft says.

CVE-2024-30072 is another interesting RCE vulnerability that can be triggered by opening a malicious Microsoft Event Trace Log file.

Microsoft labeled this vulnerability as 'Exploitation More Likely', he pointed out, and it was disclosed to Microsoft by the same security researcher that disclosed CVE-2023-36802, another Microsoft Streaming Service elevation of privilege flaw that was patched in the September 2023 Patch Tuesday.


News URL

https://www.helpnetsecurity.com/2024/06/11/cve-2024-30080-cve-2024-30103/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2024-06-11 CVE-2024-30103 Unspecified vulnerability in Microsoft 365 Apps, Office and Outlook
Microsoft Outlook Remote Code Execution Vulnerability
0.0
2024-06-11 CVE-2024-30080 Use After Free vulnerability in Microsoft products
Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability
0.0
2024-06-11 CVE-2024-30072 Unspecified vulnerability in Microsoft Windows 11 22H2
Microsoft Event Trace Log File Parsing Remote Code Execution Vulnerability
0.0
2023-09-12 CVE-2023-36802 Use After Free vulnerability in Microsoft products
Microsoft Streaming Service Proxy Elevation of Privilege Vulnerability
0.0

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Microsoft 365 50 1369 2816 161 4396