Critical Exploit (Remote Code Execution) in Microsoft Message Queuing (MSMQ) Among 49 Vulnerabilities This Month in Microsoft Windows – But Thankfully No Zero-Days

“Patch Tuesday” is an unofficial term used to refer to the second Tuesday of each month, when Microsoft, Adobe, Oracle and others regularly release software patches for their software products. Critical security updates are occasionally released outside of the normal Patch Tuesday cycle, but these are known as “Out-of-band” releases.

You can access the Microsoft list of Security Updates for June 2024 directly at msrc.microsoft.com/update-guide/releaseNote/2024-Jun

Critical (CVSS 9+) Patches to Prioritise

The list of “Critical” vulnerabilities below are all those with a “CVSS” score of 9 or greater. This generally reflects a vulnerability that is critical risk, being both trivial to exploit, likely to be exploited, and which could cause great harm and damage if exploited:

Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability (CVE-2024-30080)

Only one critical vulnerability has been reported; a remote code execution vulnerability in the Microsoft Message Queuing (MSMQ) component of Windows. This vulnerability can be exploited by an unauthenticated, remote attacker via specially crafted packet being sent to a vulnerable target. CVE-2024-30080 was assigned a CVSSv3 score of 9.8 and rated critical, with Microsoft rating the vulnerability as ‘Exploitation More Likely’.

CVE-2024-30080 marks the fourth remote code execution (RCE) vulnerability in MSMQ that has been patched in 2024. Two of these vulnerabilities were resolved during the April Patch Tuesday update (CVE-2024-26232 and CVE-2024-26208), while another was addressed in the February Patch Tuesday release (CVE-2024-21363).

See full details of the above vulnerability online via our Detections Service at https://detections.appcheck-ng.com/vulnerabilities/view/302955.

‘Highly Exploitable’ Vulnerabilities

The list of “Highly Exploitable” vulnerabilities below are all those which Microsoft has determined are relatively trivial to exploit:

Other Critical Patches

In addition to the above, Microsoft released 49 important security patches in total.

Products affected by this Patch Tuesday’s updates include:

• Windows Win32K – GRFX
• Visual Studio
• Windows Server Service
• Windows Kernel
• Winlogon
• Windows Link Layer Topology Discovery Protocol
• Windows Kernel-Mode Drivers
• Windows NT OS Kernel
• Microsoft Streaming Service
• Windows Routing and Remote Access Service (RRAS)

You can see the full list on Microsoft’s Security Update Guide page (https://msrc.microsoft.com/update-guide/en-us), along with the associated KB articles and security vulnerability details.

Statistics

Total Microsoft CVEs: 49

Currently exploited: 0

Highly Exploitable: 11

By Severity:

1. Critical: 1
2. Important: 48
3. Moderate: 0

How to Protect Your Organisation

As with every month, if you don’t want to wait for your system to download Microsoft critical updates on pre-determined schedule, you can download them immediately from the Windows Update Catalog website at https://www.catalog.update.microsoft.com/Home.aspx and searching by Microsoft KB ID.

We also recommend scanning your entire estate using the AppCheck vulnerability scanner regularly – including end-user machines running desktop operating systems. Contact your account manager now if you are not already licensed for internal scan hubs to cover your end-user estate and find out how to delivery holistic, whole-estate coverage for your organisation.

Next Patch Tuesday

The next Patch Tuesday will be on 9th July 2024 – add it to your calendar now!

About AppCheck

AppCheck is a software security vendor based in the UK, offering a leading security scanning platform that automates the discovery of security flaws within organisations websites, applications, network, and cloud infrastructure. AppCheck are authorized by the Common Vulnerabilities and Exposures (CVE) Program as a CVE Numbering Authority (CNA).