ION Advisory: June 2024 Microsoft Patch Tuesday 

This Microsoft June update consists of 58 patches for Microsoft products. However, only 1 of these vulnerabilities is considered critical, and 1 has been disclosed before today.

Critical Vulnerabilities

• CVE-2024-30080 – Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability

This critical vulnerability with a CVSS score of 9.8 is a Remote Code Execution exploit that requires no authentication for a threat actor to abuse. Successful exploitation would allow an attacker to execute arbitrary code on the MSMQ Server. However, for an attacker to be successful, network traffic on TCP port 1801 must be allowed and the Windows message queuing service needs to be enabled. Microsoft advises all customers to check this service is currently active by looking for a service named Message Queuing and TCP port 1801 is listening on the machine.

At the point of publication, this vulnerability has not yet been reported as actively exploited.

Publicly disclosed

• CVE-2023-50868 – NSEC3 closest encloser proof can exhaust CPU

Originally published in February, this vulnerability in DNSSEC validation is where an attacker could exploit standard DNSSEC protocols intended for DNS integrity by using excessive resources on a resolver, causing a denial of service (DOS) for legitimate users. It affects not only Microsoft’s DNS implementations but several other DNS servers. The vulnerability was made public by researchers from several German universities and research labs. They called it “KEYTRAP” and released a paper with details.

Noteworthy

• CVE-2024-30103 – Microsoft Outlook Remote Code Execution Vulnerability

This RCE is noteworthy as it is a zero click vulnerability that requires no user interaction to execute. In this exploit, an attacker abuses the preview pane in Microsoft Outlook to bypass the Outlook registry block lists and enable the creation of malicious DLL files. In reality, this means a victim just needs to open an email and the exploit will self execute, no further action is required. This lack of required user interaction, combined with the straightforward nature of the exploit, increases the likelihood that adversaries will leverage this vulnerability for initial access. Once an attacker successfully exploits this vulnerability, they can execute arbitrary code with the same privileges as the user, potentially leading to a full system compromise.

This vulnerability was discovered by Morphisec researchers and is not yet publicly disclosed. However, they have noted they will release the technical details in the coming weeks and it is recommended to update Microsoft Outlook clients immediately to mitigate the risk associated with this vulnerability.

Countermeasures and Patches

• Apply patches as soon as possible, after appropriate testing.

References

Sans Report:  https://isc.sans.edu/diary/Microsoft%20Patch%20Tuesday%20June%202024/31000