Microsoft June 2024 Patch Fixes Critical RCE Vulnerability - 20240612001¶
Overview¶
Microsoft's June 2024 Patch Tuesday addresses a number of serious vulnerabilities, including 18 remote code execution (RCE) vulnerabilities, with one being a critical RCE vulnerability in Microsoft Message Queuing (MSMQ).
The Windows message queuing service, which is a Windows component, needs to be enabled for a system to be exploitable by this vulnerability. An attacker would need to send a specially crafted malicious MSMQ packet to a MSMQ server. This could result in remote code execution on the server side.
What is vulnerable?¶
| CVE | Severity | CVSS | Product(s) Affected | Summary | Dated |
|---|---|---|---|---|---|
| CVE-2024-30080 | Critical | 9.8 | Comprehensive list available here. | A specially crafted malicious MSMQ packet to a MSMQ server could result in remote code execution on the server side. | 11/06/2024 |
What has been observed?¶
There is no evidence of exploitation affecting Western Australian Government networks at the time of publishing.
Recommendation¶
The WA SOC recommends administrators apply the solutions as per vendor instructions to all affected devices within expected timeframe of two weeks (refer Patch Management):