Peek into Monthly Vulnerabilities: June 2024

This image is about monthly vulnerabilities for June 2024.

As more and more vulnerabilities and security flaws have surfaced throughout the rapidly changing cyber landscape, the need to keep an eye on our cybersecurity has become more keenly felt than ever before.

The patching requirements of good cyber hygiene mandate that your chain is in good working order. To be effective, every security release in every security patch has to be downloaded, installed, and utilized. 

The monthly security patches are one of the best discoveries against the evil adversaries. They become victims of our inattention. Bad actors can be kept at bay. The issue isn’t the difficulty, it’s the inconvenience that prevents us from doing it.

Your June 2024 vulnerability report lists tens of thousands of software vulnerabilities across hundreds of products, all of them waiting to harm you or those around you. However, as carefully as each vulnerable component is analyzed, as closely as the numbers are cross-referenced against prior incidents, these casualties of the present are employed to better safeguard the future. 

Analysis of the Latest Security Flaws Discovered in June 2024

By June 2024, there were hundreds of them, ranging from low to high risk. Especially, ‘Patch Tuesday’ updates included vulnerabilities across various categories as follows: 

  • Elevation of Privilege: 49% 
  • Remote Code Execution: 35% 
  • Denial of Service: 10% 
  • Information Disclosure: 6%

Top 10 Vulnerabilities in June 2024

CVE-2024-30080: Critical Remote Code Execution in Microsoft Message Queuing (MSMQ)

  • Description: This is a Microsoft Message Queuing (MSMQ) remote code execution vulnerability in Microsoft Windows, assigned CVE-2024-30080 with a CVSS base score of 9.8. It was disclosed for private use on May 15, 2023. Using specially crafted packets, an attacker can execute arbitrary code on MSMQ servers.
  • Impact: An attacker capable of exploiting this vulnerability could obtain full control over an affected system. This could result in data leaks, for instance, or ransomware attacks and other malicious activity. 
  • Mitigation: Patch now. System: Administrators should make sure that all Microsoft security updates have been applied and that MSMQ servers aren’t exposed to untrusted networks.

CVE-2023-50868: Zero-Day Denial-of-Service in DNS Protocol

  • Description: DNS (Domain Name Service) is the protocol that translates ‘example.com’ websites into IP addresses for your computer to connect to. CVE-2023-50868 is a zero-day vulnerability in that protocol; specifically, it’s a denial of service vulnerability with a CVSS score of 7.5 and a severity rating of Important.
  • Impact: A successful exploitation of these vulnerabilities can be used to deface websites, falsify DNS lookup records, or completely shut down DNS services, resulting in extended periods of downtime and denial of access to internet resources.
  • Mitigation: Apply recommended configuration changes to reduce your exposure. Update DNS software. Monitor and rate-limit the volume of incoming DNS requests.

CVE-2024-30101: Remote Code Execution in Microsoft Outlook

  • Description: An issue exists in Microsoft Outlook that allows attackers to execute arbitrary commands remotely. It involves the Preview Pane feature. The attack vector for exploitation is via email. The impact of successful exploitation is Remote Code Execution on the target user’s computer system-wide.
  • Impact: Exploitation lets the attacker run arbitrary code on the target. This could lead to stealing information, infecting the system with malware, gaining entry to other systems on the same network, and other actions.
  • Mitigation: Users should apply the latest Microsoft security patches. And in the short term, they may want to disable the preview pane in Outlook. 

CVE-2024-30104: Remote Code Execution in Microsoft Office

  • Description: It allows an attacker to execute arbitrary code after enticing the user into opening a specially engineered Office document that, when viewed, causes the document to store data in memory in a way that leads to remote code execution. 
  • Impact: Successful exploitation can result in a full compromise of the operating system, loss of data, and spread of malware across an organization.
  • Mitigation: Patch Office with the latest updates, train users not to open obscure files, and possibly implement macro security settings. 

CVE-2024-5499: Out of Bounds Write in Chromium’s Streams API

  • Description: CVE-2024-5499Impact: Out of bounds write in Chromium’s Streams APIDescription: A vulnerability in Chromium’s Streams API could allow attackers to execute arbitrary code or cause a denial of service.
  • Impact: Exploitation can lead to browser crashes, data corruption, and potentially arbitrary code execution.
  • Mitigation: Upgrade to the latest version of the Chromium-based browser and ensure that security patches are promptly applied. 

Start your free Subscription today

CVE-2024-5498: Use After Free in Chromium’s Presentation API

  • Description: Use after free in Chromium’s Presentation API allows an attacker who manages to trigger use after free in Chromium’s Presentation API to execute arbitrary code or crash a browser.
  • Impact: Case­-by­-case exploitation leads to bypassing secure connections, potentially causing data and system compromises.
  • Mitigation: Users of Chromium-based browsers should ensure that they update to the latest versions in order to protect against this vulnerability. 

CVE-2024-5497: Out-of-Bounds Memory Access in Chromium’s Keyboard Inputs

  • Description: Out-of-Bounds Memory Access within Chromium’s ‘Keyboard Inputs.’ This flaw allows users to read and write outside the intended memory space. 
  • Impact: Exploitation may lead to arbitrary code execution, information disclosure, or denial of service.
  • Mitigation: All popular Chromium-based browsers are now patched. Everyone should make sure to update the browser to the latest version to prevent any future risks. 

CVE-2024-5496: Use After Free in Chromium’s Media Session

  • Description: Use After Free in Chromium’s Media SessionDescription: An attacker could leverage this use after the free bug in Chromium’s media session component to execute arbitrary code or cause the browser to crash.
  • Impact: This vulnerability leads to arbitrary code execution and can add up to compromise user data and browser stability. 
  • Mitigation: Users should update their Chromium-based browsers and apply all available security patches.

CVE-2024-29187: Binary Hijack in GitHub WiX Burn-Based Bundles

  • Description: on GitHub, a vulnerability CVE-2024-29187 in WiX Burn-based bundles may allow a non-elevated user to perform a binary hijack, which means that an application may be tricked into running a malicious binary that hides itself. The affected package is at https://github.com/wixtoolset/wix-novice/blob/master/library/release/wixtoolset-wix-novice.msi. It will run as a SYSTEM. 
  • Impact: Successful exploitation may allow for arbitrary code execution with SYSTEM-level privileges, resulting in a complete compromise of the system.
  • Mitigation: Developers and users of bundles built with the WiX Burn framework should upgrade them to the latest versions and follow GitHub’s security recommendations. 

CVE-2024-29060: Elevation of Privilege in Visual Studio

  • Description: Elevation of privilege vulnerability in Visual Studio (CVE-2024-29060) with the following vector: Attackers can use this flaw to escalate their privileges and take control of the dev environment, thus gaining unauthorized access to it.
  • Impact: Exploitation can grant administrative access, disrupt development projects, and cause malicious code insertion. 
  • Mitigation: Install the latest updates for Visual Studio and follow best security practices and restrictions to mitigate the risk of exploitation.

Recommendations

  • Prioritize patching the critical MSMQ vulnerability (CVE-2024-30080) and the zero-day DNS flaw (CVE-2023-50868).
  • Review and apply relevant patches for Microsoft Office, browser components, and developer tools.
  • Conduct a thorough assessment of your systems to identify any enabled MSMQ services and exposed TCP port 1801.
  • Implement a comprehensive vulnerability management strategy to address both patchable and non-patchable vulnerabilities.
  • Stay informed about potential additions to the CISA Known Exploited Vulnerabilities (KEV) catalog related to these patches.
  • Secure your systems with ease. Track your security vulnerabilities and stay protected. Use ThreatMon, the ideal vendor-neutral solution. 

Start your free Subscription today

More posts

This image is about monthly vulnerabilities for September 2024.
This image is about the ServiceNow data leak.
This image is about monthly vulnerabilities for July 2024.
This image is about cyber strategies for the Paris Olympics 2024.
This image is about Russian influence operations targeting the Paris Olympics 2024.
advanced divider

Share this article

Found it interesting? Don’t hesitate to share it to wow your friends or colleagues
advanced divider
Subscribe to our blog newsletter to follow the latest posts