Black Arrow Cyber Advisory 13 June 2024 – Microsoft Patches Critical RCE Flaw and Zero-Click Vulnerability
Executive summary
Microsoft have released patches for a ‘critical’ remote code execution vulnerability (CVE-2024-30080) and a ‘high’ zero-click vulnerability (CVE-2024-30103) this week. The critical vulnerability allows an attacker to perform remote code execution by sending a specially crafted malicious Microsoft Message Queuing (MSMQ) technology packet to an MSMQ server. The zero-click vulnerability allows an attacker to bypass Outlook registry block lists and enable the creation of malicious files, which is initiated when an affected email is previewed in Outlook or opened.
What’s the risk to me or my business?
If the vulnerabilities are successfully exploited this will allow an attacker to perform arbitrary remote code execution, and the other will allow for malicious DLL files to be created. Both vulnerabilities if exploited could have a high impact on the confidentiality, integrity and availability of the organisations data on affected systems.
What can I do?
Black Arrow recommends applying the available patches for the vulnerability as soon as possible following their organisations update policies due to the severity.
Technical Summary
CVE-2024-30080 – This vulnerability allows an attacker to completely take over an affected server by sending a specially crafted malicious MSMQ packet to a MSMQ server, performing arbitrary remote code execution on the server side.
CVE-2024-30103 – This vulnerability allows an authenticated malicious actor using valid Exchange user credentials to bypass the Outlook registry block lists and enable the creation of malicious DLL files, allowing them to perform other malicious activities.
Further information on Microsoft Patches released this week can be found here:
https://msrc.microsoft.com/update-guide/releaseNote/2024-Jun
Further information on the RCE vulnerability can be found here:
https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2024-30080
Further information on the Zero-Click vulnerability can be found here:
https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2024-30103
Need help understanding your gaps, or just want some advice? Get in touch with us.
#threatadvisory #threatintelligence #cybersecurity