Microsoft Tuesday fixes 51 flaws, 18 RCEs June 2024 Patch

The CVE-2024-30080 vulnerability has a severity score of 9.8/10 and can be exploited by an attacker who sends manipulated malicious MSMQ packets to a MSMQ server.

“This could result in remote code execution on the server side,” Redmond’s security response team warned in an advisory.

Microsoft informed that the Windows message queuing service needs to be enabled for a system to be vulnerable to this exploit. They advised customers to check if a service named Message Queuing is running and if TCP port 1801 is listening on the machine.

A serious flaw in MSMQ is the main focus of the latest Patch Tuesday, which addresses a total of 51 security issues in various Windows OS components and services.

The company found several code execution issues in Microsoft Office, as well as bugs in the Windows Link Layer Topology Discovery Protocol and Windows Event Trace Log File Parsing.

Security experts are also calling attention to CVE-2024-30078, a Windows WiFi driver remote code execution vulnerability with a CVSS severity score of 8.8/10.

“Exploiting this vulnerability requires an attacker to be within proximity of the target system to send and receive radio transmissions. An unauthenticated attacker could send a malicious networking packet to an adjacent system that is employing a Wi-Fi networking adapter, which could enable remote code execution,” Microsoft warned. click here to read the full report.