Security News > 2024 > June > Microsoft fixes RCE vulnerabilities in MSMQ, Outlook (CVE-2024-30080, CVE-2024-30103)
June 2024 Patch Tuesday is here and Microsoft has delivered fixes for a critical MSMQ flaw and a RCE vulnerability in Microsoft Outlook.
CVE-2024-30080 is a use after free flaw affecting Microsoft Message Queuing and can be exploited by unauthenticated attackers by sending a specially crafted malicious MSMQ packet to a MSMQ server.
CVE-2024-30103, a Microsoft Outlook vulnerability that can also lead to RCE, should also be fixed sooner rather than later.
"An attacker who successfully exploited this vulnerability could bypass Outlook registry block lists and enable the creation of malicious DLL files," Microsoft says.
CVE-2024-30072 is another interesting RCE vulnerability that can be triggered by opening a malicious Microsoft Event Trace Log file.
Microsoft labeled this vulnerability as 'Exploitation More Likely', he pointed out, and it was disclosed to Microsoft by the same security researcher that disclosed CVE-2023-36802, another Microsoft Streaming Service elevation of privilege flaw that was patched in the September 2023 Patch Tuesday.
News URL
https://www.helpnetsecurity.com/2024/06/11/cve-2024-30080-cve-2024-30103/
Related news
- Microsoft Outlook workaround fixes freezes when copying text (source)
- Microsoft SharePoint RCE bug exploited to breach corporate network (source)
- Microsoft fixes actively exploited zero-days (CVE-2024-43451, CVE-2024-49039) (source)
- PoC exploit for critical WhatsUp Gold RCE vulnerability released (CVE-2024-8785) (source)
- Microsoft fixes exploited zero-day (CVE-2024-49138) (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-06-11 | CVE-2024-30103 | Unspecified vulnerability in Microsoft 365 Apps, Office and Outlook Microsoft Outlook Remote Code Execution Vulnerability | 0.0 |
2024-06-11 | CVE-2024-30080 | Use After Free vulnerability in Microsoft products Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability | 0.0 |
2024-06-11 | CVE-2024-30072 | Unspecified vulnerability in Microsoft Windows 11 22H2 Microsoft Event Trace Log File Parsing Remote Code Execution Vulnerability | 0.0 |
2023-09-12 | CVE-2023-36802 | Use After Free vulnerability in Microsoft products Microsoft Streaming Service Proxy Elevation of Privilege Vulnerability | 0.0 |