Jump to content
  • Sign Up
×
×
  • Create New...
New feature: 1 Vote = 0.10€ for server Owner!

RCE flaw and DNS zero-day top list of Patch Tuesday bugs

Pelican Press

By Pelican Press,
in World News

 Share

Recommended Posts

  • Diamond Member
Pelican Press Warlord

Pelican Press 0

Posted
  • Diamond Member
Posted



RCE flaw and DNS zero-day top list of Patch Tuesday bugs

A critical remote code ********** (RCE) vulnerability in

This is the hidden content, please
Message Queuing (MSMQ) stands out as the most serious issue patched by
This is the hidden content, please
in its June
This is the hidden content, please
update, amid another lighter-than-usual drop comprising just over 50 issues.

Tracked as

This is the hidden content, please
, and attributed to China-based researcher
This is the hidden content, please
, the flaw enables a remote, unauthenticated party to ******** arbitrary code with elevated privileges by sending a specially-crafted malicious packet to an MSMQ server.

According to

This is the hidden content, please
, the vulnerability is only exploitable if the MSMQ service – which is a Windows component – is enabled, which can be toggled via the Control Panel. Users are also advised to check and see if there is a service running named Message Queuing, and if TCP port 1801 is listening on the machine.

Tyler Reguly,

This is the hidden content, please
associate director of security research and development, said CVE-2024-30080 would be the most talked about vulnerability disclosed this month.

This is the hidden content, please
has given the vulnerability a CVSS score of 9.8 and said that exploitation is more likely.
This is the hidden content, please
has also recommended disabling the service until a time at which you can install the update,” he said.

“A couple of quick Shodan searches reveal over a million hosts running with port 1801 open and over 3500 results for ‘msmq’. Given this is a remote code **********, I would expect to see this vulnerability included in exploit frameworks in the near future.”

This is the hidden content, please
has also listed this month a third-party zero-day vulnerability tracked as
This is the hidden content, please
, which is also drawing the attention of the cyber community. Credited to Elias Heftrig, Haya Schulmann, Niklas Vogel, and Michael Waidner of the
This is the hidden content, please
(ATHENE), this vulnerability was assigned by the MITRE Corporation
This is the hidden content, please
.

CVE-2023-50868 exists in the

This is the hidden content, please
(DNSSEC) feature of the Domain Name System (DNS), which authenticates responses to domain name lookups. If exploited, a malicious actor can exploit standard DNSSEC protocols by using excessive resources on a resolver, causing legitimate users to experience a denial of service (DoS).

This is a serious issue, and affects many more suppliers than just

This is the hidden content, please
. Tom Marsland, technology vice president at
This is the hidden content, please
, said: “According to [the] researchers that found the vulnerability, which had been present in DNSSEC for the better part of two decades, an attacker ‘could completely disable large parts of the worldwide internet’.”

All in all, the June Patch Tuesday update includes five DoS vulnerabilities, 25 elevation of privilege (EoP) vulnerabilities, three information disclosure vulnerabilities, and 18 RCE vulnerabilities – all rated as important save for the critical flaw highlighted above.

The good news, said Chris Goettl, vice president of security products at

This is the hidden content, please
, is that dealing with the most pressing issues should not cause a significant headache for security administrators this time round.

“[The] Windows OS update is the most urgent,” said Goettl. “Between the critical CVE and the publicly disclosed CVE, the most significant risks can be resolved with the OS update.”







This is the hidden content, please

#RCE #flaw #DNS #zeroday #top #list #Patch #Tuesday #bugs

This is the hidden content, please

For verified travel tips and real support, visit: https://hopzone.eu/
0

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Unfortunately, your content contains terms that we do not allow. Please edit your content to remove the highlighted words below.
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing

  • Vote for the server

    To vote for this server you must login.

    Jim Carrey Flirting GIF

  • Recently Browsing   0 members

    • No registered users viewing this page.

Important Information

Privacy Notice: We utilize cookies to optimize your browsing experience and analyze website traffic. By consenting, you acknowledge and agree to our Cookie Policy, ensuring your privacy preferences are respected.

  I accept