June 2024 Patch Tuesday: 51 Vulnerabilities Addressed Including One Critical and One Zero-Day

Microsoft released security updates for 51 vulnerabilities in its June 2024 Patch Tuesday rollout. These patches address one previously disclosed zero-day vulnerability affecting the DNS protocol (CVE-2023-50868) and one Critical vulnerability (CVE-2024-30080) affecting Microsoft Message Queuing (MSMQ).

June 2024 Risk Analysis

This month’s leading risk type is elevation of privilege (49%) followed by remote code execution (35%), denial of service (10%) and information disclosure (6%).

Figure 1. Breakdown of June 2024 Patch Tuesday attack types

 

Microsoft Windows received the most patches this month with 33, followed by Extended Security Update (ESU) with 23.

 

Figure 2. Breakdown of product families affected by June 2024 Patch Tuesday

Zero-Day Affecting DNS Protocol Patched

CVE-2023-50868, a denial-of-service (DoS) vulnerability affecting the DNS protocol with a severity rating of Important and a CVSS score of 7.5, is a previously disclosed zero-day patched in this month’s update. A denial-of-service condition can flood the target website or service until it crashes, preventing access for legitimate users. 

SeverityCVSS ScoreCVEDescription
Important7.5CVE-2023-50868DNS protocol — Denial of Service vulnerability

Table 1. Zero-day vulnerability in DNS protocol

Critical Vulnerability Affecting Microsoft Message Queuing 

CVE-2024-30080 is a Critical remote code execution (RCE) vulnerability affecting Microsoft Message Queuing and has a CVSS score of 9.8. The Windows message queuing service needs to be enabled, and network traffic allowed on TCP port 1801, for an attacker to successfully exploit this vulnerability on a target system. The attacker does not need to be authenticated to take advantage of this vulnerability. Paired with its low attack complexity, this vulnerability is a particularly severe issue. Successful exploitation would allow an attacker to execute arbitrary code on the MSMQ Server. Microsoft urges customers to check whether they are potentially vulnerable by looking to see if the service named Message Queuing is enabled and TCP port 1801 is listening on the machine.

SeverityCVSS ScoreCVEDescription
Critical9.8CVE-2024-30080Microsoft Message Queuing Remote Code Execution Vulnerability

Table 2. Critical vulnerability in MSMQ

Not All Relevant Vulnerabilities Have Patches: Consider Mitigation Strategies

As we have learned with other notable vulnerabilities, such as Log4j, not every highly exploitable vulnerability can be easily patched. As is the case for the ProxyNotShell vulnerabilities, it’s critically important to develop a response plan for how to defend your environments when no patching protocol exists. 

Regular review of your patching strategy should still be a part of your program, but you should also look more holistically at your organization’s methods for cybersecurity and improve your overall security posture. 

The CrowdStrike Falcon® platform regularly collects and analyzes trillions of endpoint events every day from millions of sensors deployed across 176 countries. Watch this demo to see the Falcon platform in action.

Learn More

Learn more about how CrowdStrike Falcon® Exposure Management can help you quickly and easily discover and prioritize vulnerabilities and other types of exposures here.

About CVSS Scores

The Common Vulnerability Scoring System (CVSS) is a free and open industry standard that CrowdStrike and many other cybersecurity organizations use to assess and communicate software vulnerabilities’ severity and characteristics. The CVSS Base Score ranges from 0.0 to 10.0, and the National Vulnerability Database (NVD) adds a severity rating for CVSS scores. Learn more about vulnerability scoring in this article.

Additional Resources

 
Breaches Stop Here