InfoSecBulletin Cybersecurity for mankind
Microsoft has released updates for 49 security vulnerabilities in its Patch Tuesday update for June. One of the fixes addresses a critical bug in Microsoft Message Queuing (MSMQ) technology that could allow remote code execution (RCE) and server takeover.
The number of bugs in each vulnerability category is listed below:
YouTube geo-blocks at least 4 Bangladeshi TV channels in India
Microsoft Patches Four Critical Azure and Power Apps Vulns
Qilin Ransomware topped April 2025 with 45+ data leak disclosures
SonicWall Patches 3 Flaws in SMA 100 Devices
Top Ransomware Actively Attacking Financial Sector: 406 Incidents Disclosed
Critical (CVSS 10) Flaw in Cisco IOS XE WLCs Allows RRA
CVE-2025-29824
Play Ransomware Exploited Windows CVE-2025-29824 as Zero-Day
Hacker exploited Samsung MagicINFO 9 Server RCE flaw
CISA adds Langflow flaw to its KEV catalog
Google Fixes Android Flaw (CVE-2025-27363) Exploited by Attackers
25 Elevation of Privilege Vulnerabilities
18 Remote Code Execution Vulnerabilities
3 Information Disclosure Vulnerabilities
5 Denial of Service Vulnerabilities
The CVE-2024-30080 vulnerability has a severity score of 9.8/10 and can be exploited by an attacker who sends manipulated malicious MSMQ packets to a MSMQ server.
“This could result in remote code execution on the server side,” Redmond’s security response team warned in an advisory.
Microsoft informed that the Windows message queuing service needs to be enabled for a system to be vulnerable to this exploit. They advised customers to check if a service named Message Queuing is running and if TCP port 1801 is listening on the machine.
A serious flaw in MSMQ is the main focus of the latest Patch Tuesday, which addresses a total of 51 security issues in various Windows OS components and services.
The company found several code execution issues in Microsoft Office, as well as bugs in the Windows Link Layer Topology Discovery Protocol and Windows Event Trace Log File Parsing.
Security experts are also calling attention to CVE-2024-30078, a Windows WiFi driver remote code execution vulnerability with a CVSS severity score of 8.8/10.
“Exploiting this vulnerability requires an attacker to be within proximity of the target system to send and receive radio transmissions. An unauthenticated attacker could send a malicious networking packet to an adjacent system that is employing a Wi-Fi networking adapter, which could enable remote code execution,” Microsoft warned. click here to read the full report.
