Microsoft has released security updates addressing 51 vulnerabilities as part of its June 2024 Patch Tuesday. Of these, one is rated Critical and the remaining 50 are rated Important. The updates include fixes for several remote code execution and privilege escalation flaws affecting services such as Microsoft Message Queuing and Microsoft Outlook.
A notable flaw is a denial-of-service issue in the DNSSEC validation process, reported by researchers from the National Research Center for Applied Cybersecurity (ATHENE). This vulnerability, tracked as CVE-2023-50868, could cause CPU exhaustion on DNSSEC-validating resolvers and impacts multiple products beyond Microsoft. Updates for this flaw have been released for well-known DNS servers like bind, powerdns, and dnsmasq.
Among the most severe issues fixed is a critical remote code execution vulnerability in the Microsoft Message Queuing service, identified as CVE-2024-30080. Exploitation of this flaw could allow attackers to execute malicious code on the server by sending specially crafted packets. Microsoft has also resolved significant RCE bugs in Windows Wi-Fi Driver and several privilege escalation vulnerabilities in the Windows Win32 Kernel Subsystem.
In addition to Microsoft, other vendors have issued security updates in recent weeks. Companies such as Adobe, Google, Cisco, and VMware have released patches to fix various vulnerabilities across their products, underscoring the importance of timely updates in maintaining cybersecurity.
Reference:
