REDLEGG BLOG

Patch Tuesday -  June 2024

6/11/24 7:29 PM  |  by RedLegg Blog

*Important note: These are not the only vulnerabilities that were recently released; however, these are the vulnerabilities RedLegg has identified as critical and require immediate attention.

VULNERABILITIES

Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability 

Identifier: CVE-2024-30080
Exploit or POC: No 
Update Guide: CVE-2024-30080 – Security Update Guide Description: CVE-2024-30080 allows for remote code execution. Authentication and user interaction are not required to successfully exploit this vulnerability. The successful exploitation of this vulnerability could allow an adversary to remotely execute code on unpatched endpoints. This vulnerability can be exploited by sending a malicious MSMQ packet to a MSMQ server.  
Mitigation recommendation: Patching is currently the only method of mitigation. Update to the latest software versions listed in the CVE-2024-30080 – Security Update Guide.  


Microsoft Dynamics 365 Business Central Remote Code Execution Vulnerability 

Identifier: CVE-2024-35249 
Exploit or POC: No 
Update Guide: CVE-2024-35249 – Security Update Guide 
Description: CVE-2024-35249 is a remote code execution vulnerability that allows for deserialization of untrusted data. Successful exploitation of this vulnerability requires that an attacker first be authenticated.  
Mitigation recommendation: Patching is currently the only method of mitigation. Update to the latest software version listed in the CVE-2024-35249 – Security Update Guide


Microsoft Outlook Remote Code Execution Vulnerability  

Identifier: CVE-2024-30103 
Exploit or POC: No 
Update Guide: CVE-2024-30103 – Security Update Guide  Description: CVE-2024-30103 allows for an attacker to bypass Outlook registry block lists and write malicious DLL’s to disk to achieve remote code execution. This vulnerability requires an attacker to be authenticated using valid Exchange user credentials. 
Mitigation recommendation: Patching is currently the only method of mitigation. Update to the latest software versions listed in the CVE-2024-30103 – Security Update Guide


Microsoft Speech Application Programming Interface (SAPI) Remote Code Execution Vulnerability 

Identifier: CVE-2024-30097 
Exploit or POC: No 
Update Guide: CVE-2024-30097 – Security Update Guide Description: CVE-2024-30097 allows for remote code execution. Authentication and user interaction are required to successfully exploit this vulnerability. This vulnerability can be exploited by utilizing social engineering tactics to convince an unwitting user to initiate a remote connection by clicking a link to a malicious host capable of exploiting a vulnerability in SAPI. 
Mitigation recommendation: Patching is currently the only method of mitigation. Update to the latest software versions listed in the CVE-2024-30097 – Security Update Guide.  


Windows Wi-Fi Driver Remote Code Execution Vulnerability 

Identifier: CVE-2024-30078 
Exploit or POC: No 
Update Guide: CVE-2024-30078 – Security Update Guide Description: CVE-2024-30078 allows for remote code execution. User interaction is not required to successfully exploit this vulnerability. The successful exploitation of this vulnerability requires an attacker to be in relatively close proximity to a target endpoint. An unauthenticated attacker can send a specially crafted packet to a target endpoint to achieve remote code execution against an endpoint utilizing a Wireless networking adapter. 
Mitigation recommendation: Patching is currently the only method of mitigation. Update to the latest software versions listed in the CVE-2024-30078 – Security Update Guide


Windows OLE Remote Code Execution Vulnerability 

Identifier: CVE-2024-30077 
Exploit or POC: No 
Update Guide: CVE-2024-30077 – Security Update Guide  Description: CVE-2024-30077 allows for remote code execution. Authentication and user interaction are required to successfully exploit this vulnerability. This vulnerability can be exploited by utilizing social engineering tactics to convince an unwitting user to connect to a malicious SQL server via OLEDB, resulting in the server sending a malicious networking packet.  
Mitigation recommendation: Patching is currently the only method of mitigation. Update to the latest software versions listed in the CVE-2024-30077 – Security Update Guide


Windows Link Layer Topology Discovery Protocol Remote Code Execution Vulnerability 

Identifier: CVE-2024-30075 
Exploit or POC: No 
Update Guide: CVE-2024-30075 – Security Update Guide  Description: CVE-2024-30075 allows for remote code execution. User interaction is not required to successfully exploit this vulnerability. The successful exploitation of this vulnerability requires an attacker to be in relatively close proximity to a target endpoint. An unauthenticated attacker can send a specially crafted packet to a target endpoint to achieve remote code execution against an endpoint utilizing a Wireless networking adapter. 
Mitigation recommendation: Patching is currently the only method of mitigation. Update to the latest software versions listed in the CVE-2024-30075 – Security Update Guide


Windows Link Layer Topology Discovery Protocol Remote Code Execution Vulnerability 

Identifier: CVE-2024-30074 
Exploit or POC: No 
Update Guide: CVE-2024-30074 – Security Update Guide  Description: CVE-2024-30074 allows for remote code execution. User interaction is not required to successfully exploit this vulnerability. The successful exploitation of this vulnerability requires an attacker to be in relatively close proximity to a target endpoint. An unauthenticated attacker can send a specially crafted packet to a target endpoint to achieve remote code execution against an endpoint utilizing a Wireless networking adapter. 
Mitigation recommendation: Patching is currently the only method of mitigation. Update to the latest software versions listed in the CVE-2024-30074 – Security Update Guide


Microsoft Event Trace Log File Parsing Remote Code Execution Vulnerability 

Identifier: CVE-2024-30072 
Exploit or POC: No 
Update Guide: CVE-2024-30072 – Security Update Guide  
Description: CVE-2024-30072 allows for remote code execution. User interaction is required to successfully exploit this vulnerability. This vulnerability can be exploited by utilizing social engineering tactics to convince an unwitting user to execute malicious code by opening a malicious file. 
Mitigation recommendation: Patching is currently the only method of mitigation. Update to the latest software versions listed in the CVE-2024-30072 – Security Update Guide


Windows Kernel Elevation of Privilege Vulnerability 

Identifier: CVE-2024- 30064 
Exploit or POC: No 
Update Guide: CVE-2024-30064 – Security Update Guide 
Description: CVE-2024-30064 allows for remote code execution. Authentication and user interaction are required to successfully exploit this vulnerability. This vulnerability can be exploited to elevate privileges and move laterally within a compromised network. 
Mitigation recommendation: Patching is currently the only method of mitigation. Update to the latest software versions listed in the CVE-2024-30064 – Security Update Guide


Windows Standards-Based Storage Management Service Remote Code Execution Vulnerability 

Identifier: CVE-2024-30062 
Exploit or POC: No 
Update Guide: CVE-2024-30062 – Security Update Guide  
Description: CVE-2024-30062 allows for remote code execution. User interaction is required to successfully exploit this vulnerability, specifically, initiating a reboot of the compromised endpoint. This vulnerability can be exploited by utilizing social engineering tactics to convince an unwitting user to execute malicious code by opening a malicious file. 
Mitigation recommendation: Patching is currently the only method of mitigation. Update to the latest software versions listed in the CVE-2024-30062 – Security Update Guide

.

Get Blog Updates

Related Articles

Patch Tuesday -  May 2024 Bulletin, Vulnerability Bulletins

Patch Tuesday - May 2024

*Important note: These are not the only vulnerabilities that were recently released; however, these are the ...
Critical Security Vulnerabilities Bulletin