Security News > 2024 > June > Microsoft fixes RCE vulnerabilities in MSMQ, Outlook (CVE-2024-30080, CVE-2024-30103)
June 2024 Patch Tuesday is here and Microsoft has delivered fixes for a critical MSMQ flaw and a RCE vulnerability in Microsoft Outlook.
CVE-2024-30080 is a use after free flaw affecting Microsoft Message Queuing and can be exploited by unauthenticated attackers by sending a specially crafted malicious MSMQ packet to a MSMQ server.
CVE-2024-30103, a Microsoft Outlook vulnerability that can also lead to RCE, should also be fixed sooner rather than later.
"An attacker who successfully exploited this vulnerability could bypass Outlook registry block lists and enable the creation of malicious DLL files," Microsoft says.
CVE-2024-30072 is another interesting RCE vulnerability that can be triggered by opening a malicious Microsoft Event Trace Log file.
Microsoft labeled this vulnerability as 'Exploitation More Likely', he pointed out, and it was disclosed to Microsoft by the same security researcher that disclosed CVE-2023-36802, another Microsoft Streaming Service elevation of privilege flaw that was patched in the September 2023 Patch Tuesday.
News URL
https://www.helpnetsecurity.com/2024/06/11/cve-2024-30080-cve-2024-30103/
Related news
- Why cloud vulnerabilities need CVEs (source)
- Four Critical Vulnerabilities Expose HPE Aruba Devices to RCE Attacks (source)
- Microsoft Outlook Flaw Exploited by Russia's APT28 to Hack Czech, German Entities (source)
- Veeam fixes RCE flaw in backup management platform (CVE-2024-29212) (source)
- May 2024 Patch Tuesday: Microsoft fixes exploited zero-days (CVE-2024-30051, CVE-2024-30040) (source)
- Critical Git vulnerability allows RCE when cloning repositories with submodules (CVE-2024-32002) (source)
- Microsoft shares temp fix for Outlook encrypted email reply issues (source)
- High-risk Atlassian Confluence RCE fixed, PoC available (CVE-2024-21683) (source)
- PoC for Progress Telerik RCE chain released (CVE-2024-4358, CVE-2024-1800) (source)
- Microsoft June 2024 Patch Tuesday fixes 51 flaws, 18 RCEs (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-06-11 | CVE-2024-30103 | Unspecified vulnerability in Microsoft 365 Apps, Office and Outlook Microsoft Outlook Remote Code Execution Vulnerability | 8.8 |
| 2024-06-11 | CVE-2024-30080 | Use After Free vulnerability in Microsoft products Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability | 9.8 |
| 2024-06-11 | CVE-2024-30072 | Unspecified vulnerability in Microsoft Windows 11 22H2 Microsoft Event Trace Log File Parsing Remote Code Execution Vulnerability | 7.8 |
| 2023-09-12 | CVE-2023-36802 | Unspecified vulnerability in Microsoft products Microsoft Streaming Service Proxy Elevation of Privilege Vulnerability | 7.8 |