Multiple remote code execution Vulnerabilities in Microsoft Products

Recent investigations have unveiled a series of critical vulnerabilities in various Microsoft products, posing significant security risks to organizations worldwide. These vulnerabilities, identified as CVE-2024-30080, CVE-2024-30103, and CVE-2024-30078, enable remote code execution, potentially allowing attackers to take over affected systems. The issues span across multiple Microsoft products, including Windows OS versions, Microsoft Outlook, and Windows Wi-Fi drivers, necessitating immediate attention and remediation to prevent exploitation and ensure the security of organizational infrastructure. Our Cyber Security Team has prepared an advisory detailing the nature of these vulnerabilities, the affected products, and providing guidance on mitigation strategies to safeguard against potential attacks. 

What are the different Vulnerabilities found in Microsoft Products? 

Remote Code Execution via MSMQ: 

An attacker can exploit the flaw in Microsoft Message Queuing component (MSMQ) by sending a specially crafted malicious MSMQ packet to a server with the MSMQ service enabled. Successful exploitation allows the attacker to execute arbitrary code on the server which may leads to takeover of the system. This vulnerability highlights the critical security concern for CVE-2024-30080. 

Remote Code Execution via Outlook: 

An attacker can exploit this vulnerability in Microsoft Outlook by bypassing the registry block lists to create and load malicious DLL files, which can execute without user interaction if the auto-open email feature is enabled. The vulnerability arises from improper handling of certain registry keys related to DLL handling and can be triggered by opening a specially crafted email in the Preview Pane. This vulnerability highlights the critical security concern for CVE-2024-30103.