*Important note: These are not the only vulnerabilities that were recently released; however, these are the vulnerabilities RedLegg has identified as critical and require immediate attention.
VULNERABILITIES
Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability
Identifier: CVE-2024-30080
Exploit or POC: No
Update Guide: CVE-2024-30080 – Security Update Guide Description: CVE-2024-30080 allows for remote code execution. Authentication and user interaction are not required to successfully exploit this vulnerability. The successful exploitation of this vulnerability could allow an adversary to remotely execute code on unpatched endpoints. This vulnerability can be exploited by sending a malicious MSMQ packet to a MSMQ server.
Mitigation recommendation: Patching is currently the only method of mitigation. Update to the latest software versions listed in the CVE-2024-30080 – Security Update Guide.
Microsoft Dynamics 365 Business Central Remote Code Execution Vulnerability
Identifier: CVE-2024-35249
Exploit or POC: No
Update Guide: CVE-2024-35249 – Security Update Guide
Description: CVE-2024-35249 is a remote code execution vulnerability that allows for deserialization of untrusted data. Successful exploitation of this vulnerability requires that an attacker first be authenticated.
Mitigation recommendation: Patching is currently the only method of mitigation. Update to the latest software version listed in the CVE-2024-35249 – Security Update Guide.
Microsoft Outlook Remote Code Execution Vulnerability
Identifier: CVE-2024-30103
Exploit or POC: No
Update Guide: CVE-2024-30103 – Security Update Guide Description: CVE-2024-30103 allows for an attacker to bypass Outlook registry block lists and write malicious DLL’s to disk to achieve remote code execution. This vulnerability requires an attacker to be authenticated using valid Exchange user credentials.
Mitigation recommendation: Patching is currently the only method of mitigation. Update to the latest software versions listed in the CVE-2024-30103 – Security Update Guide.
Microsoft Speech Application Programming Interface (SAPI) Remote Code Execution Vulnerability
Identifier: CVE-2024-30097
Exploit or POC: No
Update Guide: CVE-2024-30097 – Security Update Guide Description: CVE-2024-30097 allows for remote code execution. Authentication and user interaction are required to successfully exploit this vulnerability. This vulnerability can be exploited by utilizing social engineering tactics to convince an unwitting user to initiate a remote connection by clicking a link to a malicious host capable of exploiting a vulnerability in SAPI.
Mitigation recommendation: Patching is currently the only method of mitigation. Update to the latest software versions listed in the CVE-2024-30097 – Security Update Guide.
Windows Wi-Fi Driver Remote Code Execution Vulnerability
Identifier: CVE-2024-30078
Exploit or POC: No
Update Guide: CVE-2024-30078 – Security Update Guide Description: CVE-2024-30078 allows for remote code execution. User interaction is not required to successfully exploit this vulnerability. The successful exploitation of this vulnerability requires an attacker to be in relatively close proximity to a target endpoint. An unauthenticated attacker can send a specially crafted packet to a target endpoint to achieve remote code execution against an endpoint utilizing a Wireless networking adapter.
Mitigation recommendation: Patching is currently the only method of mitigation. Update to the latest software versions listed in the CVE-2024-30078 – Security Update Guide.
Windows OLE Remote Code Execution Vulnerability
Identifier: CVE-2024-30077
Exploit or POC: No
Update Guide: CVE-2024-30077 – Security Update Guide Description: CVE-2024-30077 allows for remote code execution. Authentication and user interaction are required to successfully exploit this vulnerability. This vulnerability can be exploited by utilizing social engineering tactics to convince an unwitting user to connect to a malicious SQL server via OLEDB, resulting in the server sending a malicious networking packet.
Mitigation recommendation: Patching is currently the only method of mitigation. Update to the latest software versions listed in the CVE-2024-30077 – Security Update Guide.
Windows Link Layer Topology Discovery Protocol Remote Code Execution Vulnerability
Identifier: CVE-2024-30075
Exploit or POC: No
Update Guide: CVE-2024-30075 – Security Update Guide Description: CVE-2024-30075 allows for remote code execution. User interaction is not required to successfully exploit this vulnerability. The successful exploitation of this vulnerability requires an attacker to be in relatively close proximity to a target endpoint. An unauthenticated attacker can send a specially crafted packet to a target endpoint to achieve remote code execution against an endpoint utilizing a Wireless networking adapter.
Mitigation recommendation: Patching is currently the only method of mitigation. Update to the latest software versions listed in the CVE-2024-30075 – Security Update Guide.
Windows Link Layer Topology Discovery Protocol Remote Code Execution Vulnerability
Identifier: CVE-2024-30074
Exploit or POC: No
Update Guide: CVE-2024-30074 – Security Update Guide Description: CVE-2024-30074 allows for remote code execution. User interaction is not required to successfully exploit this vulnerability. The successful exploitation of this vulnerability requires an attacker to be in relatively close proximity to a target endpoint. An unauthenticated attacker can send a specially crafted packet to a target endpoint to achieve remote code execution against an endpoint utilizing a Wireless networking adapter.
Mitigation recommendation: Patching is currently the only method of mitigation. Update to the latest software versions listed in the CVE-2024-30074 – Security Update Guide.
Microsoft Event Trace Log File Parsing Remote Code Execution Vulnerability
Identifier: CVE-2024-30072
Exploit or POC: No
Update Guide: CVE-2024-30072 – Security Update Guide
Description: CVE-2024-30072 allows for remote code execution. User interaction is required to successfully exploit this vulnerability. This vulnerability can be exploited by utilizing social engineering tactics to convince an unwitting user to execute malicious code by opening a malicious file.
Mitigation recommendation: Patching is currently the only method of mitigation. Update to the latest software versions listed in the CVE-2024-30072 – Security Update Guide.
Windows Kernel Elevation of Privilege Vulnerability
Identifier: CVE-2024- 30064
Exploit or POC: No
Update Guide: CVE-2024-30064 – Security Update Guide
Description: CVE-2024-30064 allows for remote code execution. Authentication and user interaction are required to successfully exploit this vulnerability. This vulnerability can be exploited to elevate privileges and move laterally within a compromised network.
Mitigation recommendation: Patching is currently the only method of mitigation. Update to the latest software versions listed in the CVE-2024-30064 – Security Update Guide.
Windows Standards-Based Storage Management Service Remote Code Execution Vulnerability
Identifier: CVE-2024-30062
Exploit or POC: No
Update Guide: CVE-2024-30062 – Security Update Guide
Description: CVE-2024-30062 allows for remote code execution. User interaction is required to successfully exploit this vulnerability, specifically, initiating a reboot of the compromised endpoint. This vulnerability can be exploited by utilizing social engineering tactics to convince an unwitting user to execute malicious code by opening a malicious file.
Mitigation recommendation: Patching is currently the only method of mitigation. Update to the latest software versions listed in the CVE-2024-30062 – Security Update Guide.
