Security News > 2024 > June > Let's kick off our summer with a pwn-me-by-Wi-Fi bug in Microsoft Windows

Patch Tuesday Microsoft kicked off our summer season with a relatively light June Patch Tuesday, releasing updates for 49 CVE-tagged security flaws in its products - including one bug deemed critical, a fairly terrifying one in wireless networking, and one listed as publicly disclosed.

It could allow a remote, unauthenticated attacker to execute arbitrary code by sending a specially crafted malicious MSMQ packet to a vulnerable Windows system, such as a Windows Server box.

Childs said: "Considering it hits every supported version of Windows, it will likely draw a lot of attention from attackers and red teams alike." Patch as soon as you can: This flaw can be abused to run malicious software on and hijack a nearby Windows PC via their Wi-Fi with no authentication needed.

The Adobe Commerce update addresses seven critical and three important vulnerabilities that could be exploited for arbitrary code execution, a security feature bypass and privilege escalation.

The patch for Audition fixes two important memory leak and application denial-of-service vulnerabilities, while the ColdFusion update fixes two important bugs that could lead to arbitrary file system read and allow an attacker to bypass security features.

Upgrade to SolarWinds Serv-U 15.4.2 HF 2 to plug the security hole.

News URL

https://go.theregister.com/feed/www.theregister.com/2024/06/12/june_patch_tuesday/