Microsoft patch tuesday June 2024
Microsoft Patch Tuesday
This month’s Patch Tuesday has security updates to fix 1 actively exploited zero-days and a total of 51 vulnerabilities. The exploited zero day is regarding the remote code execution vulnerability in Microsoft Message Queuing (MSMQ).
The most important patches are:
CVE-2023-50868, CVSS 3.1: 7.5 (High): DOS (denial of service) issue impacting the DNSSEC validation process that could cause CPU exhaustion of a DNSSEC-validating resolver.
CVE-2024-30080, CVSS 3.1: 9.8 (Critical): this vulnerability is regarding the remote code execution flaw in the Microsoft Message Queuing (MSMQ) Microsoft states: To exploit this vulnerability, an attacker would need to send a specially crafted malicious MSMQ packet to a MSMQ server,” Microsoft said. “This could result in remote code execution on the server side.”
The patches this month break down as follows:
- 25 Privilege Escalation
- 18 Remote Code Execution
- 5 Denial of Service
- 3 Information Disclosure