CVE Radar Logo
CVERadar
CVE Radar Logo
CVERadar

CVE-2024-30090

High Severity
SVRS
40/100
CVSSv3
NA/10
EPSS
0.16327/1

CVE-2024-30090 is a Microsoft Streaming Service Elevation of Privilege vulnerability. This vulnerability allows an attacker to gain elevated privileges on a system. The CVE-2024-30090 vulnerability impacts the Microsoft Streaming Service, potentially allowing attackers to perform actions with higher-level permissions than intended. Although the CVSS score is 0, indicating minimal inherent risk based on the standard metric, the SVRS score of 40 coupled with the "In The Wild" and "Exploit Available" tags, suggests a higher level of real-world threat because active exploits are being used. An attacker who successfully exploits this vulnerability could potentially take control of the affected system. Immediate patching is recommended, despite the low CVSS score, to mitigate the risk posed by active exploitation of the vulnerability. The availability of active exploits elevates the urgency.

TAGS
In The Wild
Exploit Avaliable
VECTOR STRING
PUBLICATION DATE2024-06-11
LAST MODIFIED2024-06-13

Indicators of Compromise

No IOCs found for this CVE

Exploits

TitleSoftware LinkDate
Dor00tkit/CVE-2024-30090https://github.com/Dor00tkit/CVE-2024-300902024-10-17
Enhance Your CVE Management with SOCRadar Vulnerability Intelligence
Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.
CREATE FREE ACCOUNT
CVE Details
Access comprehensive CVE information instantly
Real-time Tracking
Subscribe to CVEs and get instant updates
Exploit Analysis
Monitor related APT groups and threats
IOC Tracking
Analyze and track CVE-related IOCs

News

The June 2024 Security Update Review
Dustin Childs2024-06-11
The June 2024 Security Update Review | Somehow, we’ve made it to the sixth patch Tuesday of 2024, and Microsoft and Adobe have released their regularly scheduled updates. Take a break from your regular activities and join us as we review the details of their latest security alerts. If you’d rather watch the full video recap covering the entire release, you can check it out here: Adobe Patches for June 2024For June, Adobe released
zerodayinitiative.com
rss
forum
news
Critical RCE Bug Opens Microsoft Servers to Takeover - Dark Reading
2024-06-11
Critical RCE Bug Opens Microsoft Servers to Takeover - Dark Reading | News Content: Microsoft has issued fixes for a total of 49 vulnerabilities in its Patch Tuesday security update for June, including a critical bug in Microsoft Message Queuing (MSMQ) technology that could open vast swathes of companies to remote code execution (RCE) and server takeover. The issue (CVE-2024-30080, CVSS score of 9.8 out of 10) is remotely exploitable, with low attack complexity, requires no privileges, and takes no user interaction; and it carries high impacts on confidentiality, integrity, and availability, according to Microsoft. Attackers can use it to
cve-2024-30084
cve-2024-30101
cve-2024-30090
cve-2023-36036
1.689
2024-06-12
1.689 | Newly Added (45)Security Vulnerabilities fixed in VideoLAN VideoLAN-SB-VLC-3021QEMU CVE-2024-3567 VulnerabilityMicrosoft Windows Remote Access Connection Manager CVE-2024-30069 Information Disclosure VulnerabilityMicrosoft DHCP Server
fortiguard.com
rss
forum
news
Patch Tuesday - June 2024
Adam Barnett2024-06-11
Patch Tuesday - June 2024 | MSMQ RCE again. Office malicious file RCEs. SharePoint RCE. DNSSEC NSEC3 DoS.It’s June 2024 Patch Tuesday. Microsoft is addressing 51 vulnerabilities today, and has evidence of public disclosure for just a single one of those. At time of writing, none of the vulnerabilities published today are listed on CISA KEV, although this is always subject to change. Microsoft is
rapid7.com
rss
forum
news
Only one critical issue disclosed as part of Microsoft Patch Tuesday
Chetan Raghuprasad2024-06-11
Only one critical issue disclosed as part of Microsoft Patch Tuesday | The lone critical security issue is a remote code execution vulnerability due to a use-after-free issue in the HTTP handling function of Microsoft Message Queuing.Microsoft released its monthly security update Tuesday, disclosing 49 vulnerabilities across its suite of products and software.  Of those there is only one critical vulnerability. Every other security issues disclosed this month
feedburner.com
rss
forum
news
CVE-2024-30090 | Microsoft Windows up to Server 2022 23H2 Streaming Service untrusted pointer dereference
vuldb.com2024-06-11
CVE-2024-30090 | Microsoft Windows up to Server 2022 23H2 Streaming Service untrusted pointer dereference | A vulnerability was found in Microsoft Windows. It has been classified as critical. This affects an unknown part of the component Streaming Service. The manipulation leads to untrusted pointer dereference. This vulnerability is uniquely identified as CVE-2024-30090. The attack needs to be approached locally. There is no
vuldb.com
rss
forum
news

Social Media

Our experts regularly update Core Impact's certified #exploit library. Get details on the latest additions, including CVE-2023-43208, CVE-2024-35250, CVE-2024-5910, CVE-2024-9474, CVE-2024-1403, CVE-2024-30090 and more. https://t.co/qGRZlRlgBh https://t.co/FROsBl5ps8
0
0
0

Affected Software

No affected software found for this CVE

References

ReferenceLink
[email protected]https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30090

CWE Details

CWE IDCWE NameDescription
CWE-822Untrusted Pointer DereferenceThe program obtains a value from an untrusted source, converts this value to a pointer, and dereferences the resulting pointer.

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence