Microsoft has released multiple patches for vulnerabilities covering a range of their products. These monthly releases are called “Patch Tuesday” and contain security fixes for Microsoft devices and software.

The CCB would like to point your attention to following vulnerabilities:

CVE-2024-30080: Microsoft Message Queuing (MSMQ) - Critical

Remote Code Execution Vulnerability. CVE-2024-30080 is a critical remote code execution (RCE) vulnerability in the Microsoft Message Queuing (MSMQ) component of Windows operating systems. The vulnerability was assigned a CVSSv3 score of 9.8. An unauthenticated, remote attacker could exploit this vulnerability by sending a specially crafted MSMQ packets to a vulnerable MSMQ server. This could result in remote code execution on the server side. Microsoft has classified this vulnerability as ‘Exploitation More Likely’.

For a system to be vulnerable, the MSMQ service must be added and enabled. If the service is enabled on a Windows installation, a service named "Message Queuing" will be running on TCP port 1801.

CVE-2024-30080 is the fourth RCE vulnerability affecting MSMQ patched in 2024, with two addressed in the April Patch Tuesday release (CVE-2024-26232, CVE-2024-26208) and one in February’s Patch Tuesday release (CVE-2024-21363).

CVE-2024-30082, CVE-2024-30087 and CVE-2024-30091: Win32k – Important

Elevation of Privilege Vulnerabilities. CVE-2024-30082, CVE-2024-30087 and CVE-2024-30091 are vulnerabilities in Microsoft’s Win32k, which is a core kernel-side driver used in Windows. All three vulnerabilities were assigned a CVSSv3 score of 7.8 and classified as ‘Exploitation More Likely’.

An attacker can exploit these vulnerabilities to gain the same rights as the user running the affected application, or SYSTEM rights in the case of CVE-2024-30082.

Microsoft fixed several EoP flaws in Win32k over the last years. Several of these vulnerabilities have been actively exploited in the wild. Urgent patching is advised!

CVE-2024-30085: Windows Cloud Files Mini Filter Driver – Important

Elevation of Privilege Vulnerability. This vulnerability affects the Microsoft Windows Cloud Files Mini Filter Driver. It was assigned a CVSSv3 score of 7.8 and classified as ‘Exploitation More Likely’. An attacker could exploit this vulnerability to elevate privileges to SYSTEM.

CVE-2024-30089: Microsoft Streaming Service – Important

Elevation of Privilege Vulnerability. CVE-2024-30089 is a vulnerability in Microsoft Streaming Service. It was assigned a CVSSv3 score of 7.8 and classified as ‘Exploitation More Likely’. An attacker could exploit this vulnerability to elevate privileges to SYSTEM.

CVE-2024-30103: Microsoft Outlook – Important

Remote Code Execution Vulnerability. CVE-2024-30103 is a Remote Code Execution (RCE) vulnerability in Microsoft Outlook. This vulnerability was assigned a CVSSv3 score of 8.8 but is categorized as ‘Exploitation less likely’. To exploit this vulnerability an attacker must be authenticated using valid Exchange user credentials and according to Microsoft: “An attacker who successfully exploited this vulnerability could bypass Outlook registry block lists and enable the creation of malicious DLL files.” The Cybersecurity firm Morphisec, which discovered the vulnerability said that the flaw could be used to trigger code execution without requiring users to click or interact with the email content.

CVE-2024-30078: Windows Wi-Fi driver – Important

Remote Code Execution Vulnerability. CVE-2024-30078 is a vulnerability in the Windows Wi-Fi driver. This vulnerability was assigned a CVSSv3 score of 8.8 and classified as ‘Exploitation Less Likely’. An unauthenticated attacker can exploit this vulnerability to execute code on an affected system by sending the target a specially crafted network packet. The target would need to be in Wi-Fi range of the attacker and using a Wi-Fi adapter.

CVE-2023-50868: MITRE -  DNSSEC validation process – Important

Denial of Service Vulnerability. CVE-2023-50868 is a denial-of-service issue impacting the DNSSEC validation process that could cause CPU exhaustion on a DNSSEC-validating resolver. This vulnerability was issued by Mitre and is not included in our Microsoft Patch Tuesday statistics. For more information, please see our previous advisory for this vulnerability, named KeyTrap on our website.