Microsoft Patch Update – June

Microsoft Zero Patch Cybersafe Update
At Cybersafe.co.uk, we are always looking to keep businesses up to date on the latest Microsoft patch update, which make their software much more usable and secure for businesses and users. As noted in Infosecurity Magazine, system administrators experienced a relatively calm June Microsoft Patch Update Tuesday as Microsoft released updates for just 51 vulnerabilities, with only one deemed “critical.”

Critical Vulnerability Patched

This critical vulnerability, CVE-2024-30080, is a remote code execution (RCE) flaw in Microsoft Message Queuing (MSMQ) with a CVSS score of 9.8. Microsoft has indicated that the likelihood of exploitation is high.

Microsoft has recommended turning off the MSMQ service until the update can be applied. The analysis shows that over a million hosts have port 1801 open, and more than 3,500 instances of ‘msmq’ are detectable via Shodan searches, suggesting that exploit frameworks might soon target this vulnerability.

Zero-Day Vulnerability Disclosed in February

A significant zero-day vulnerability disclosed in February, CVE-2023-50868, impacting DNSSEC validation, has been patched. This protocol-level bug allows attackers to exploit DNSSEC protocols, causing a denial of service by overloading a resolver with excessive resource usage. This vulnerability has already been addressed in various DNS implementations, including BIND, PowerDNS, and Unbound.

Furthermore, this update cycle also covered two notable “RCE-via-malicious-file” vulnerabilities. CVE-2024-30101 in Outlook requires specific user actions to trigger the vulnerability, which involves a race condition despite the Preview Pane being a vector. In contrast, CVE-2024-30104, which does not involve the Preview Pane, has a higher CVSS base score of 7.8 and requires that the user only open a malicious file.

Be Cybersafe

At Cybersafe.co.uk, we stress the importance of promptly applying these updates to ensure your systems remain secure. Our team can always provide support and guidance to help you navigate these security challenges. It is vital that your business is on a journey that will help it be Cybersafe – and this is why we are here as an educational resource.

Send us an email at enquiries@cybersafe.co.uk, and we’ll put you in touch with the right people.

Share the article:

More Posts:

11 July Cybersafe Threats - Covering Data Breaches

Cybersafe Threats – 11th July

Each week, Cybersafe.co.uk will be updating you on the latest cyber attacks and cyber criminal activity threatening the private and sensitive data of businesses all

Cyber Criminal activity in the week leading up to the 4th July

Cybersafe Threats – 4th July

Each week, Cybersafe.co.uk will be updating you on the latest cyber attacks and cyber criminal activity threatening the private and sensitive data of businesses all

Listen to our Podcast:

Stay Cybersafe

with our weekly updates