On June 11, 2024, Microsoft published their June 2024 security update with patches for 49 vulnerabilities. Among these vulnerabilities, Arctic Wolf is highlighting CVE-2024-30080 as the highest severity vulnerability in this Patch Tuesday release which was categorized as critical. There has not been a proof of concept (PoC) exploit or active exploitation of CVE-2024-30080 identified at this time.?
Impacted Product: Windows?
Vulnerabilities Impacting Windows:?
| ? | CVSS: 9.8 – Critical?
MS Severity: Critical? |
No Exploitation Detected? |
| Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability – A threat actor can exploit this vulnerability by sending a malicious MSMQ packet to a MSMQ server to achieve Remote Code Execution (RCE).? | ||
Recommendations?
Recommendation #1: Apply Security Updates to Impacted Products?
Arctic Wolf strongly recommends applying the available security updates to all impacted products to prevent potential exploitation.?
Note: Please follow your organizations patching and testing guidelines to avoid operational impact.?
| Product? | Vulnerability? | Article? | Download? |
| Windows 10 for 32-bit Systems? | CVE-2024-30080? | ? | ? |
| Windows 10 for x64-based Systems? | CVE-2024-30080? | ? | ? |
| Windows 10 Version 1607 for 32-bit Systems? | CVE-2024-30080? | ? | ? |
| Windows 10 Version 1607 for x64-based Systems? | CVE-2024-30080? | ? | ? |
| Windows 10 Version 1809 for 32-bit Systems? | CVE-2024-30080? | ? | ? |
| Windows 10 Version 1809 for ARM64-based Systems? | CVE-2024-30080? | ? | ? |
| Windows 10 Version 1809 for x64-based Systems? | CVE-2024-30080? | ? | ? |
| Windows 10 Version 21H2 for 32-bit Systems? | CVE-2024-30080? | ? | ? |
| Windows 10 Version 21H2 for ARM64-based Systems? | CVE-2024-30080? | ? | ? |
| Windows 10 Version 21H2 for x64-based Systems? | CVE-2024-30080? | ? | ? |
| Windows 10 Version 22H2 for 32-bit Systems? | CVE-2024-30080? | ? | ? |
| Windows 10 Version 22H2 for ARM64-based Systems? | CVE-2024-30080? | ? | ? |
| Windows 10 Version 22H2 for x64-based Systems? | CVE-2024-30080? | ? | ? |
| Windows 11 version 21H2 for ARM64-based Systems? | CVE-2024-30080? | ? | ? |
| Windows 11 version 21H2 for x64-based Systems? | CVE-2024-30080? | ? | ? |
| Windows 11 Version 22H2 for ARM64-based Systems? | CVE-2024-30080? | ? | ? |
| Windows 11 Version 22H2 for x64-based Systems? | CVE-2024-30080? | ? | ? |
| Windows 11 Version 23H2 for ARM64-based Systems? | CVE-2024-30080? | ? | ? |
| Windows 11 Version 23H2 for x64-based Systems? | CVE-2024-30080? | ? | ? |
| Windows Server 2008 for 32-bit Systems Service Pack 2? | CVE-2024-30080? | , ? | , ? |
| Windows Server 2008 for x64-based Systems Service Pack 2? | CVE-2024-30080? | , ? | , ? |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1? | CVE-2024-30080? | , ? | , ? |
| Windows Server 2012? | CVE-2024-30080? | ? | ? |
| Windows Server 2012 R2? | CVE-2024-30080? | ? | ? |
| Windows Server 2016? | CVE-2024-30080? | ? | ? |
| Windows Server 2019? | CVE-2024-30080? | ? | ? |
| Windows Server 2022? | CVE-2024-30080? | , ? | , ? |
| Windows Server 2022, 23H2 Edition?? | CVE-2024-30080? | ? | ? |
Recommendation #2: Disable Message Queuing Service (MSMQ) if not Required
To be vulnerable, CVE-2024-30080 requires the Message Queuing (MSMQ) service to be enabled. Consider disabling MSMQ if the service is not required in your environment to prevent exploitation.?
Note: You can check by looking for a service running named ¡°Message Queuing¡± and for TCP port 1801 listening on the system.?
If disabling MSMQ is not feasible, consider blocking inbound connections to TCP port 1801 from suspicious sources.?
References?
?
