InfoSecBulletin Cybersecurity for mankind
Microsoft has released updates for 49 security vulnerabilities in its Patch Tuesday update for June. One of the fixes addresses a critical bug in Microsoft Message Queuing (MSMQ) technology that could allow remote code execution (RCE) and server takeover.
The number of bugs in each vulnerability category is listed below:
Check Point said BreachForum post old data
Apple Warns of 3 Zero Day Vulns Actively Exploited
24,000 unique IP attempted to access Palo Alto GlobalProtect portals
CVE-2025-1268
Patch urgently! Canon Fixes Critical Printer Driver Flaw
Within Minute, RamiGPT To Escalate Privilege Gaining Root Access
Australian fintech database exposed in 27000 records
Over 200 Million Info Leaked Online Allegedly Belonging to X
FBI investigating cyberattack at Oracle, Bloomberg News reports
OpenAI Offering $100K Bounties for Critical Vulns
Splunk Alert User RCE and Data Leak Vulns
25 Elevation of Privilege Vulnerabilities
18 Remote Code Execution Vulnerabilities
3 Information Disclosure Vulnerabilities
5 Denial of Service Vulnerabilities
The CVE-2024-30080 vulnerability has a severity score of 9.8/10 and can be exploited by an attacker who sends manipulated malicious MSMQ packets to a MSMQ server.
“This could result in remote code execution on the server side,” Redmond’s security response team warned in an advisory.
Microsoft informed that the Windows message queuing service needs to be enabled for a system to be vulnerable to this exploit. They advised customers to check if a service named Message Queuing is running and if TCP port 1801 is listening on the machine.
A serious flaw in MSMQ is the main focus of the latest Patch Tuesday, which addresses a total of 51 security issues in various Windows OS components and services.
The company found several code execution issues in Microsoft Office, as well as bugs in the Windows Link Layer Topology Discovery Protocol and Windows Event Trace Log File Parsing.
Security experts are also calling attention to CVE-2024-30078, a Windows WiFi driver remote code execution vulnerability with a CVSS severity score of 8.8/10.
“Exploiting this vulnerability requires an attacker to be within proximity of the target system to send and receive radio transmissions. An unauthenticated attacker could send a malicious networking packet to an adjacent system that is employing a Wi-Fi networking adapter, which could enable remote code execution,” Microsoft warned. click here to read the full report.
