"Microsoft Patches One Critical and One Zero-Day Vulnerability"
Microsoft recently revealed updates for 51 vulnerabilities, only one of which was rated "critical." Microsoft noted that the bug, CVE-2024-30080, is a remote code execution (RCE) flaw in Microsoft Message Queuing (MSMQ) and has been assigned a CVSS score of 9.8, with exploitation rated as "more likely." Microsoft has recommended disabling the service until a time at which you can install the update. The zero-day vulnerability, made public in February, is a protocol-level bug impacting DNSSEC validation. Microsoft noted that the vulnerability exists in DNSSEC validation that may allow an attacker to exploit standard DNSSEC protocols intended for DNS integrity by using excessive resources on a resolver, causing a denial of service for legitimate users. It has already been patched in various DNS implementations, including BIND, PowerDNS, and Unbound.
Infosecurity Magazine reports: "Microsoft Patches One Critical and One Zero-Day Vulnerability"