Latest Cyber Security News

You are here: Home / General Cyber Security News / Microsoft Issues Patches for 51 Flaws, Including Critical MSMQ Vulnerability
June 12, 2024

Microsoft has introduced security updates to handle 51 flaws as element of its Patch Tuesday updates for June 2024.

Of the 51 vulnerabilities, 1 is rated Critical and 50 are rated Essential. This is in addition to 17 vulnerabilities solved in the Chromium-based Edge browser above the previous month.

None of the security flaws have been actively exploited in the wild, with a single of them listed as publicly recognized at the time of the launch.

✔ Approved Seller From Our Partners
Mullvad VPN Discount

Protect your privacy by Mullvad VPN. Mullvad VPN is one of the famous brands in the security and privacy world. With Mullvad VPN you will not even be asked for your email address. No log policy, no data from you will be saved. Get your license key now from the official distributor of Mullvad with discount: SerialCart® (Limited Offer).

➤ Get Mullvad VPN with 12% Discount


This problems a 3rd-party advisory tracked as CVE-2023-50868 (CVSS score: 7.5), a denial-of-company issue impacting the DNSSEC validation process that could trigger CPU exhaustion on a DNSSEC-validating resolver.

Cybersecurity

It was noted by researchers from the National Study Middle for Utilized Cybersecurity (ATHENE) in Darmstadt again in February, alongside KeyTrap (CVE-2023-50387, CVSS rating: 7.5).

“NSEC3 is an enhanced variation of NSEC (Upcoming Safe) that presents authenticated denial of existence,” Tyler Reguly, affiliate director of Security R&D at Fortra, claimed in a statement. “By proving that a report does not exist (with evidence of the surrounding records), you can enable to avert towards DNS Cache poisoning against non-existent domains.”

“Since this is a protocol degree vulnerability, items other than Microsoft are affected with very well-recognized DNS servers like bind, powerdns, dnsmasq, and other folks also releasing updates to take care of this issue.”

The most extreme of the flaws set in this month’s update is a critical distant code execution (RCE) flaw in the Microsoft Concept Queuing (MSMQ) provider (CVE-2024-30080, CVSS rating: 9.8).

“To exploit this vulnerability, an attacker would want to send a specially crafted destructive MSMQ packet to a MSMQ server,” Microsoft stated. “This could outcome in distant code execution on the server facet.”

Also fixed by Redmond are many other RCE bugs influencing Microsoft Outlook (CVE-2024-30103), Windows Wi-Fi Driver (CVE-2024-30078), and many privilege escalation flaws in Windows Acquire32 Kernel Subsystem (CVE-2024-30086), Windows Cloud Documents Mini Filter Driver (CVE-2024-30085), and Acquire32k (CVE-2024-30082), among other individuals.

Cybersecurity business Morphisec, which learned CVE-2024-30103, reported the flaw could be made use of to trigger code execution without the need of requiring consumers to click or interact with the email information.

“This deficiency of necessary consumer interaction, merged with the straightforward character of the exploit, improves the chance that adversaries will leverage this vulnerability for first entry,” security researcher Michael Gorelik explained.

Cybersecurity

“The moment an attacker effectively exploits this vulnerability, they can execute arbitrary code with the exact privileges as the user, possibly primary to a full system compromise.”

Software Patches from Other Sellers

In addition to Microsoft, security updates have also been produced by other distributors above the earlier many weeks to rectify numerous vulnerabilities, which includes —

  • Adobe
  • Amazon Web Expert services
  • AMD
  • Apple visionOS
  • Arm
  • ASUS
  • Atlassian
  • AutomationDirect
  • Bosch
  • Broadcom (like VMware)
  • Cisco
  • Citrix
  • Cox
  • D-Link
  • Dell
  • Drupal
  • F5
  • Fortinet
  • Fortra Tripwire Company
  • GitLab
  • Google Android
  • Google Chrome
  • Google Cloud
  • Google Put on OS
  • Hitachi Electricity
  • HP
  • HP Business
  • HP Organization Aruba Networks
  • IBM
  • Ivanti
  • Jenkins
  • Juniper Networks
  • Lenovo
  • Linux distributions Debian, Oracle Linux, Crimson Hat,
  • SUSE, and Ubuntu
  • MediaTek
  • Mitsubishi Electric
  • Mozilla Firefox and Firefox ESR
  • NETGEAR
  • NVIDIA
  • PHP
  • Development Software program
  • QNAP
  • Qualcomm
  • Samsung
  • SAP
  • Schneider Electric powered
  • Siemens
  • SolarWinds
  • Sophos
  • Synology
  • TP-Backlink
  • Trend Micro
  • Veeam
  • Veritas
  • Zoho ManageEngine ServiceDesk Furthermore
  • Zoom, and
  • Zyxel

Discovered this article attention-grabbing? Adhere to us on Twitter  and LinkedIn to read a lot more exceptional written content we submit.


Some sections of this report are sourced from:
thehackernews.com

Reader Interactions

Leave a Reply

Your email address will not be published. Required fields are marked *