Microsoft Patch Tuesday security updates June 2024: Critical MSMQ and Wi-Fi driver vulnerabilities fixed

Microsoft Patch Tuesday security updates June 2024: Critical MSMQ and Wi-Fi driver vulnerabilities fixed

User avatar placeholder
Written by Dave W. Shanahan

June 12, 2024

Microsoft Patch Tuesday security updates were released for June 2024, addressing a total of 51 security vulnerabilities across its products. This month’s update includes fixes for one critical vulnerability in Microsoft Message Queuing (MSMQ) and another in the Windows Wi-Fi driver, both of which pose significant security risks.

Microsoft Patch Tuesday security updates: Critical MSMQ, Wi-Fi driver, and DNSSEC vulnerabilities

Microsoft Patch Tuesday security updates June 2024: Critical MSMQ and Wi-Fi driver vulnerabilities fixed

1. Critical MSMQ vulnerability (CVE-2024-30080)

  • Severity: Rated 9.8 out of 10 on the CVSS scale.
  • Description: This remote code execution (RCE) flaw allows an unauthenticated attacker to execute arbitrary code by sending a specially crafted MSMQ packet to a vulnerable Windows system.
  • Impact: The vulnerability is considered “wormable” between servers with MSMQ enabled, potentially allowing malware to spread rapidly.
  • Mitigation: Users are advised to audit their networks to ensure TCP port 1801 is not reachable and to apply the patch immediately.

2. Wi-Fi driver vulnerability (CVE-2024-30078)

  • Severity: Rated 8.8 out of 10 on the CVSS scale.
  • Description: This RCE flaw can be exploited by an unauthenticated attacker sending a malicious networking packet to an adjacent system using a Wi-Fi adapter.
  • Impact: The flaw affects all supported versions of Windows and could allow attackers to remotely execute malware or spyware on nearby systems.
  • Mitigation: Users should apply the patch as soon as possible to prevent potential exploitation.

3. DNSSEC Vulnerability (CVE-2023-50868)

  • Severity: Rated 7.5 out of 10 on the CVSS scale.
  • Description: This denial-of-service (DoS) vulnerability in DNSSEC validation can cause CPU exhaustion on a DNSSEC-validating resolver.
  • Impact: The flaw could lead to a denial of service for legitimate users.
  • Mitigation: Microsoft has provided updates to address this issue, and users are encouraged to apply the patch promptly.

Additional Updates

Microsoft also addressed several other RCE vulnerabilities in Outlook (CVE-2024-30103) and numerous privilege escalation flaws in the Windows Win32 Kernel Subsystem and other components. In addition, Adobe released updates addressing critical vulnerabilities that could lead to arbitrary code execution and privilege escalation for the following products:

This month’s Patch Tuesday highlights the importance of timely updates to protect against critical vulnerabilities that could be exploited by cyber attackers. Users and administrators are urged to apply these patches immediately to safeguard their systems.

Discover more from Microsoft News Today

Subscribe to get the latest posts sent to your email.

, , , , , , ,
Image placeholder

I'm Dave W. Shanahan, a Microsoft enthusiast with a passion for Windows 11, Xbox, Microsoft 365 Copilot, Azure, and more. After OnMSFT.com closed, I started MSFTNewsNow.com to keep the world updated on Microsoft news. Based in Massachusetts, you can find me on Twitter @Dav3Shanahan or email me at davewshanahan@gmail.com.

Microsoft releases June 2024 Patch Tuesday cumulative updates KB5039212, KB5039213, and KB5039211 on Windows 11 and Windows 10

Xbox June 2024 Update brings enhanced personalization, improved wireless settings, and more