Latest Cyber Security News

You are here: Home / General Cyber Security News / Microsoft Issues Patches for 51 Flaws, Including Critical MSMQ Vulnerability
June 12, 2024

Microsoft has introduced security updates to handle 51 flaws as element of its Patch Tuesday updates for June 2024.

Of the 51 vulnerabilities, 1 is rated Critical and 50 are rated Essential. This is in addition to 17 vulnerabilities solved in the Chromium-based Edge browser above the previous month.

None of the security flaws have been actively exploited in the wild, with a single of them listed as publicly recognized at the time of the launch.

✔ Approved From Our Partners
AOMEI Backupper Lifetime

Protect and backup your data using AOMEI Backupper. AOMEI Backupper takes secure and encrypted backups from your Windows, hard drives or partitions. With AOMEI Backupper you will never be worried about loosing your data anymore.

Get AOMEI Backupper with 72% discount from an authorized distrinutor of AOMEI: SerialCart® (Limited Offer).

➤ Activate Your Coupon Code


This problems a 3rd-party advisory tracked as CVE-2023-50868 (CVSS score: 7.5), a denial-of-company issue impacting the DNSSEC validation process that could trigger CPU exhaustion on a DNSSEC-validating resolver.

Cybersecurity

It was noted by researchers from the National Study Middle for Utilized Cybersecurity (ATHENE) in Darmstadt again in February, alongside KeyTrap (CVE-2023-50387, CVSS rating: 7.5).

“NSEC3 is an enhanced variation of NSEC (Upcoming Safe) that presents authenticated denial of existence,” Tyler Reguly, affiliate director of Security R&D at Fortra, claimed in a statement. “By proving that a report does not exist (with evidence of the surrounding records), you can enable to avert towards DNS Cache poisoning against non-existent domains.”

“Since this is a protocol degree vulnerability, items other than Microsoft are affected with very well-recognized DNS servers like bind, powerdns, dnsmasq, and other folks also releasing updates to take care of this issue.”

The most extreme of the flaws set in this month’s update is a critical distant code execution (RCE) flaw in the Microsoft Concept Queuing (MSMQ) provider (CVE-2024-30080, CVSS rating: 9.8).

“To exploit this vulnerability, an attacker would want to send a specially crafted destructive MSMQ packet to a MSMQ server,” Microsoft stated. “This could outcome in distant code execution on the server facet.”

Also fixed by Redmond are many other RCE bugs influencing Microsoft Outlook (CVE-2024-30103), Windows Wi-Fi Driver (CVE-2024-30078), and many privilege escalation flaws in Windows Acquire32 Kernel Subsystem (CVE-2024-30086), Windows Cloud Documents Mini Filter Driver (CVE-2024-30085), and Acquire32k (CVE-2024-30082), among other individuals.

Cybersecurity business Morphisec, which learned CVE-2024-30103, reported the flaw could be made use of to trigger code execution without the need of requiring consumers to click or interact with the email information.

“This deficiency of necessary consumer interaction, merged with the straightforward character of the exploit, improves the chance that adversaries will leverage this vulnerability for first entry,” security researcher Michael Gorelik explained.

Cybersecurity

“The moment an attacker effectively exploits this vulnerability, they can execute arbitrary code with the exact privileges as the user, possibly primary to a full system compromise.”

Software Patches from Other Sellers

In addition to Microsoft, security updates have also been produced by other distributors above the earlier many weeks to rectify numerous vulnerabilities, which includes —

  • Adobe
  • Amazon Web Expert services
  • AMD
  • Apple visionOS
  • Arm
  • ASUS
  • Atlassian
  • AutomationDirect
  • Bosch
  • Broadcom (like VMware)
  • Cisco
  • Citrix
  • Cox
  • D-Link
  • Dell
  • Drupal
  • F5
  • Fortinet
  • Fortra Tripwire Company
  • GitLab
  • Google Android
  • Google Chrome
  • Google Cloud
  • Google Put on OS
  • Hitachi Electricity
  • HP
  • HP Business
  • HP Organization Aruba Networks
  • IBM
  • Ivanti
  • Jenkins
  • Juniper Networks
  • Lenovo
  • Linux distributions Debian, Oracle Linux, Crimson Hat,
  • SUSE, and Ubuntu
  • MediaTek
  • Mitsubishi Electric
  • Mozilla Firefox and Firefox ESR
  • NETGEAR
  • NVIDIA
  • PHP
  • Development Software program
  • QNAP
  • Qualcomm
  • Samsung
  • SAP
  • Schneider Electric powered
  • Siemens
  • SolarWinds
  • Sophos
  • Synology
  • TP-Backlink
  • Trend Micro
  • Veeam
  • Veritas
  • Zoho ManageEngine ServiceDesk Furthermore
  • Zoom, and
  • Zyxel

Discovered this article attention-grabbing? Adhere to us on Twitter  and LinkedIn to read a lot more exceptional written content we submit.


Some sections of this report are sourced from:
thehackernews.com

Reader Interactions

Leave a Reply

Your email address will not be published. Required fields are marked *