Critical Vulnerability in Microsoft’s June 2024 Patch Tuesday Update

Share :

On June 11, 2024, Microsoft published their June 2024 security update with patches for 49 vulnerabilities. Among these vulnerabilities, Arctic Wolf is highlighting CVE-2024-30080 as the highest severity vulnerability in this Patch Tuesday release which was categorized as critical. There has not been a proof of concept (PoC) exploit or active exploitation of CVE-2024-30080 identified at this time. 

Impacted Product: Windows 

Vulnerabilities Impacting Windows: 

CVE-2024-30080  CVSS: 9.8 – Critical 

MS Severity: Critical 

No Exploitation Detected 
Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability – A threat actor can exploit this vulnerability by sending a malicious MSMQ packet to a MSMQ server to achieve Remote Code Execution (RCE). 

Recommendations 

Recommendation #1: Apply Security Updates to Impacted Products 

Arctic Wolf strongly recommends applying the available security updates to all impacted products to prevent potential exploitation. 

Note: Please follow your organizations patching and testing guidelines to avoid operational impact. 

Product  Vulnerability  Article  Download 
Windows 10 for 32-bit Systems  CVE-2024-30080  5039225  Security Update 
Windows 10 for x64-based Systems  CVE-2024-30080  5039225  Security Update 
Windows 10 Version 1607 for 32-bit Systems  CVE-2024-30080  5039214  Security Update 
Windows 10 Version 1607 for x64-based Systems  CVE-2024-30080  5039214  Security Update 
Windows 10 Version 1809 for 32-bit Systems  CVE-2024-30080  5039217  Security Update 
Windows 10 Version 1809 for ARM64-based Systems  CVE-2024-30080  5039217  Security Update 
Windows 10 Version 1809 for x64-based Systems  CVE-2024-30080  5039217  Security Update 
Windows 10 Version 21H2 for 32-bit Systems  CVE-2024-30080  5039211  Security Update 
Windows 10 Version 21H2 for ARM64-based Systems  CVE-2024-30080  5039211  Security Update 
Windows 10 Version 21H2 for x64-based Systems  CVE-2024-30080  5039211  Security Update 
Windows 10 Version 22H2 for 32-bit Systems  CVE-2024-30080  5039211  Security Update 
Windows 10 Version 22H2 for ARM64-based Systems  CVE-2024-30080  5039211  Security Update 
Windows 10 Version 22H2 for x64-based Systems  CVE-2024-30080  5039211  Security Update 
Windows 11 version 21H2 for ARM64-based Systems  CVE-2024-30080  5039213  Security Update 
Windows 11 version 21H2 for x64-based Systems  CVE-2024-30080  5039213  Security Update 
Windows 11 Version 22H2 for ARM64-based Systems  CVE-2024-30080  5039212  Security Update 
Windows 11 Version 22H2 for x64-based Systems  CVE-2024-30080  5039212  Security Update 
Windows 11 Version 23H2 for ARM64-based Systems  CVE-2024-30080  5039212  Security Update 
Windows 11 Version 23H2 for x64-based Systems  CVE-2024-30080  5039212  Security Update 
Windows Server 2008 for 32-bit Systems Service Pack 2  CVE-2024-30080  5039245, 5039266  Monthly Rollup, Security Only 
Windows Server 2008 for x64-based Systems Service Pack 2  CVE-2024-30080  5039245, 5039266  Monthly Rollup, Security Only 
Windows Server 2008 R2 for x64-based Systems Service Pack 1  CVE-2024-30080  5039289, 5039274  Monthly Rollup, Security Only 
Windows Server 2012  CVE-2024-30080  5039260  Monthly Rollup 
Windows Server 2012 R2  CVE-2024-30080  5039294  Monthly Rollup 
Windows Server 2016  CVE-2024-30080  5039214  Security Update 
Windows Server 2019  CVE-2024-30080  5039217  Security Update 
Windows Server 2022  CVE-2024-30080  5039227, 5039330  Security Update, Security Hotpatch Update 
Windows Server 2022, 23H2 Edition   CVE-2024-30080  5039236  Security Update 

Recommendation #2: Disable Message Queuing Service (MSMQ) if not Required

To be vulnerable, CVE-2024-30080 requires the Message Queuing (MSMQ) service to be enabled. Consider disabling MSMQ if the service is not required in your environment to prevent exploitation. 

Note: You can check by looking for a service running named “Message Queuing” and for TCP port 1801 listening on the system. 

If disabling MSMQ is not feasible, consider blocking inbound connections to TCP port 1801 from suspicious sources. 

References 

 

Picture of Andres Ramos

Andres Ramos

Andres Ramos is a Threat Intelligence Researcher at Arctic Wolf with a strong background in tracking emerging threats and producing actionable intelligence for both technical and non-technical stakeholders. He has a diverse background encompassing various domains of cyber security, holds a degree in Cybersecurity Engineering, and is a CISSP.
Share :
Table of Contents
Categories
Subscribe to our Monthly Newsletter