In the second week of June 2024, cybersecurity remained a key focus with the critical remote code execution vulnerability, CVE-2024-30080, affecting Microsoft Message Queuing. Patching trends for Microsoft Office vulnerabilities (CVE-2024-30101, CVE-2024-30102, CVE-2024-30103, CVE-2024-30104) would be interesting to analyze.
Critical Vulnerabilities POC
CVE-2024-30080 is a critical remote code execution vulnerability recently discovered in Microsoft Message Queuing (MSMQ). This means a malicious actor could potentially take control of your system remotely if it’s vulnerable.
CVE ID: CVE-2024-30080
NVD Published Date: 06/11/2024
Description: Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability
Severity: Critical (CVSS score: 9.8)
Considering the severity of CVE-2024-30080 and its possible effects, companies using MSMQ must respond quickly to neutralize the threat. The exploit involves a bug in how MSMQ handles specific messages, albeit the specifics are not yet completely public to avoid more misuse. This vulnerability, if taken advantage of, allows the attacker to compromise the machine by executing arbitrary code on the MSMQ server or client.
Fortunately, fixes and updates are usually released to fix these kinds of vulnerabilities. You have a great opportunity to safeguard your systems as a LinuxPatch customer efficiently. To find out how our patch management solutions can help you quickly install the required updates and make sure your systems are not left susceptible to attacks like this.
Reference: https://linuxpatch.com/cve/CVE-2024-30080
Critical Vulnerabilities to Patch
Other vulnerabilities addressed during this week’s Patch included:
CVE-2024-30101 (Microsoft Office Remote Code Execution Vulnerability)
CVE-2024-30101 is a high-severity vulnerability in Microsoft Office that attackers can exploit to remotely execute malicious code on your system. This means a malicious actor could potentially take full control of your computer if it’s vulnerable.
Released: Jun 11, 2024
Severity: 7.5 HIGH
Patch Status: Security patches are available from Microsoft since June 11, 2024.
Reference: https://nvd.nist.gov/vuln/detail/CVE-2024-30101
Data Breaches
There was one data breach reported during the week of June 10th to June 16th, 2024
Truist Bank: On June 14th, 2024, Truist Bank confirmed a data breach. Details are still emerging, but reports suggest a cybercriminal offered a significant amount of data for sale on the dark web around June 12th.
A well-known dark web data broker and cybercriminal acting under the name “Sp1d3r” offered a significant amount of data allegedly stolen from Truist Bank for sale.
Truist is a US bank holding company and operates 2,781 branches in 15 states and Washington DC. By assets, it is in the top 10 of US banks. In 2020, Truist provided financial services to about 12 million consumer households.
The online handle of the seller immediately raised the suspicion that this was yet another Snowflake-related data breach.
Reference: https://www.malwarebytes.com/blog/news/2024/06/truist-bank-confirms-data-breach