Microsoft Message Queuing Archives

Winsage

December 11, 2024

Microsoft closes 2024 with 72 fixes on final Patch Tuesday

Microsoft's Patch Tuesday update addressed 72 vulnerabilities, with CVE-2024-49138 being actively exploited, affecting the Windows Common Log File System Driver and allowing privilege escalation on Windows 10, 11, and Server 2019 and later. The most critical vulnerability, CVE-2024-49112, has a CVSS score of 9.8 but is challenging to exploit, related to the Windows Lightweight Directory Access Protocol (LDAP). Microsoft recommends blocking inbound RPCs from untrusted networks as a workaround. CVE-2024-49093, with a CVSS score of 8.8, poses risks from malicious low-privilege AppContainers. Other significant vulnerabilities include CVE-2024-49088, CVE-2024-49090, and CVE-2024-49114, all related to privilege escalation. Additionally, CVE-2024-49070 and CVE-2024-49122 involve code execution flaws. Adobe released a patch for 167 vulnerabilities, including 91 in Adobe Experience Manager, with one critical flaw. Adobe Connect fixed 22 vulnerabilities, six rated critical, while Adobe Acrobat addressed six vulnerabilities, none exceeding a CVSS score of seven. Adobe Animate had 13 vulnerabilities, all rated 7.8, and InDesign and Substance 3D Modeler each had nine issues, none surpassing a CVSS score of 7.8. Adobe Media Encoder fixed four vulnerabilities, three allowing arbitrary code execution.

Winsage

June 28, 2024

Windows: Insecure by design

In June 2023, Chinese hacking group Storm-0558 stole US government "secure" messages from Microsoft's Exchange Online.

Winsage

June 21, 2024

Update Your Windows PC to Avoid This Wifi Security Flaw | Lifehacker

Microsoft's latest Patch Tuesday update addresses 49 security flaws, including a critical vulnerability in wifi drivers (CVE-2024-30078) that could allow hackers to execute arbitrary code on Windows PCs within wifi range.

Winsage

June 13, 2024

Microsoft June Patch Tuesday has fixes for Windows, Outlook and SharePoint

Microsoft released security updates for critical vulnerabilities, including fixes for 18 remote code execution flaws. One of the critical vulnerabilities is in Microsoft Message Queuing (MSMQ), allowing attackers to take control of a user's system remotely.

Winsage

June 12, 2024

Windows security hole allows attackers to install malware via Wi-Fi — new patch plugs gaping vulnerability | Tom’s Hardware

Microsoft recently patched a security vulnerability in the Windows Wi-Fi driver that could allow attackers to execute malicious code on vulnerable systems over Wi-Fi. The vulnerability impacts all modern versions of Windows and Windows Server, does not require prior access to the target computer, and is identified as CVE-2024-30078 with a severity level of "Important."

Winsage

June 12, 2024

Microsoft fixes hack-me-via-Wi-Fi Windows security hole

Microsoft released updates for 49 CVE-tagged security flaws in its products, including a critical bug in wireless networking and one publicly disclosed vulnerability in Windows Server related to DNSSEC implementations.

Winsage

June 11, 2024

The Windows Security Updates of June 2024 are now available – gHacks Tech News

Microsoft released security patches for 49 unique vulnerabilities and republished 9 non-Microsoft CVEs.