Table of Contents
On June 11, 2024, Microsoft addressed 58 vulnerabilities in its June 2024 Patch Tuesday update, including one zero-day vulnerability. This Patch Tuesday also fixes one critical vulnerability, a Microsoft Message Queuing (MSMQ) Remote Code Execution vulnerability.
Microsoft Patch Tuesday - June 2024
Microsoft Patch Tuesday - June 2024
Summary
On June 11, 2024, Microsoft released their Patch Tuesday update addressing a total of 58 vulnerabilities, including one zero-day vulnerability. The update also includes a critical fix for a Microsoft Message Queuing (MSMQ) remote code execution vulnerability.
Technical Details
The critical vulnerability, known as CVE-2024-30080, affects Microsoft Message Queuing (MSMQ) and has a CVSS score of 9.8. Exploiting this vulnerability allows an attacker to execute arbitrary code on an affected server, potentially gaining control of the system. This can be achieved by sending a specially crafted malicious MSMQ packet to the server.
Another vulnerability, identified as CVE-2023-50868 and rated with a CVSS score of 6.5, is a zero-day vulnerability in DNSSEC validation. This vulnerability allows an attacker to exploit standard DNSSEC protocols, causing a denial of service for legitimate users by overwhelming the resolver with excessive resources.
Affected Products
The vulnerabilities impact various Microsoft products, including but not limited to Microsoft Windows, Microsoft Server, Microsoft Office, and Microsoft SharePoint.
Recommendations
It is strongly recommended to apply the available updates to affected assets as soon as possible to protect against these vulnerabilities.
References
- Microsoft Security Bulletin - June 2024
- BleepingComputer - Microsoft Patch Tuesday June 2024
- CVE-2023-50868 Details
- CVE-2024-30080 Details
```htmlMITRE ATT&CK Matrix - Microsoft June 2024 Advisory Summary
MITRE ATT&CK Matrix - Microsoft June 2024 Advisory Summary
Enterprise Layer
| Tactic | Technique/Sub-Technique | Potential Attacker Groups | Mitigation |
|---|---|---|---|
| Initial Access | T1190 - Exploit Public-Facing Application | APT groups, Cybercriminals | Update software (CVE-2024-30080) |
| Execution | T1203 - Exploitation for Client Execution | APT groups, Cybercriminals | Update software (CVE-2024-30080) |
| Impact | T1499 - Endpoint Denial of Service - .004: Network Denial of Service |
APT groups, Cybercriminals | Update software (CVE-2023-50868) |
Mobile Layer
No mobile-specific techniques were indicated in the advisory summary for the reported vulnerabilities.
ICS Layer
No ICS-specific techniques were indicated in the advisory summary for the reported vulnerabilities.
Mitigation Techniques References
For detailed mitigation guidelines, refer to the official Microsoft security bulletins [1].
```
This post was generated entirely by an AI language model. Source: CERT EU
