Microsoft May 2024 Patch Tuesday fixes 3 zero-days, 61 flaws

6 months ago 61
BOOK THIS SPACE FOR AD
ARTICLE AD

Patch Tuesday

Today is Microsoft's May 2024 Patch Tuesday, which includes security updates for 61 flaws and three actively exploited or publicly disclosed zero days.

This Patch Tuesday only fixes one critical vulnerability, a Microsoft SharePoint Server Remote Code Execution Vulnerability.

The number of bugs in each vulnerability category is listed below:

17 Elevation of Privilege Vulnerabilities 2 Security Feature Bypass Vulnerabilities 27 Remote Code Execution Vulnerabilities 7 Information Disclosure Vulnerabilities 3 Denial of Service Vulnerabilities 4 Spoofing Vulnerabilities

The total count of 61 flaws does not include 2 Microsoft Edge flaws fixed on May 2nd and four fixed on May 10th.

To learn more about the non-security updates released today, you can review our dedicated articles on the new Windows 11 KB5037771 cumulative update.

Three zero-days fixed

This month's Patch Tuesday fixes two actively exploited and one publicly disclosed zero-day vulnerabilities.

Microsoft classifies a zero-day as a flaw publicly disclosed or actively exploited with no official fix available.

The two actively exploited zero-day vulnerabilities in today's updates are:

CVE-2024-30040 - Windows MSHTML Platform Security Feature Bypass Vulnerability

Microsoft has fixed an actively exploited bypass to OLE mitigations, which were added to Microsoft 365 and Microsoft Office to protect users from vulnerable COM/OLE controls.

"An attacker would have to convince the user to load a malicious file onto a vulnerable system, typically by way of an enticement in an Email or Instant Messenger message, and then convince the user to manipulate the specially crafted file, but not necessarily click or open the malicious file," explains Microsoft.

"An unauthenticated attacker who successfully exploited this vulnerability could gain code execution through convincing a user to open a malicious document at which point the attacker could execute arbitrary code in the context of the user," continued Microsoft.

It is not known how the flaw was abused in attacks or who discovered it.

CVE-2024-30051 - Windows DWM Core Library Elevation of Privilege Vulnerability

Microsoft has fixed an actively exploited Windows DWM Core Library flaw that provides SYSTEM privileges.

"An attacker who successfully exploited this vulnerability could gain SYSTEM privileges," explains Microsoft.

A short report from Kaspersky states that recent Qakbot malware phishing attacks used malicious documents to exploit the flaw and gain SYSTEM privileges on Windows devices.

Microsoft said the flaw was disclosed by the following researchers: Mert Degirmenci and Boris Larin with Kaspersky, Quan Jin with DBAPPSecurity WeBin Lab Guoxian Zhong with DBAPPSecurity WeBin Lab, and Vlad Stolyarov and Benoit Sevens of Google Threat Analysis Group Bryce Abdo and Adam Brunner of Google Mandiant.

Microsoft states that the CVE-2024-30051 was also publicly disclosed, but it's unclear where that was done. In addition, Microsoft says a denial of service flaw in Microsoft Visual Studio tracked as CVE-2024-30046 was publicly disclosed as well.

Recent updates from other companies

Other vendors who released updates or advisories in May 2024 include:

Adobe has released security updates for After Effects, Photoshop, Commerce, InDesign, and more. Apple backported an RTKit zero-day to older devices and fixed a Safari WebKit zero-day flaw exploited at Pwn2Own. Cisco released security updates for its IP phone products. Citrix urged Xencenter admins to manually fix Putty flaw, which can be used to steal an admin's private SSH key. F5 releases security updates for two high-severity BIG-IP Next Central Manager API flaws. Google released an emergency update to fix the sixth zero-day of 2024. TinyProxy fixes a critical remote code execution flaw that was disclosed by Cisco. VMware fixes three zero-day bugs exploited at Pwn2Own 2024.

Unfortunately, we will no longer be linking to SAP's Patch Tuesday security updates as they have placed them behind a customer login.

The May 2024 Patch Tuesday Security Updates

Below is the complete list of resolved vulnerabilities in the May 2024 Patch Tuesday updates.

To access the full description of each vulnerability and the systems it affects, you can view the full report here.

Tag CVE ID CVE Title Severity
.NET and Visual Studio CVE-2024-30045 .NET and Visual Studio Remote Code Execution Vulnerability Important
Azure Migrate CVE-2024-30053 Azure Migrate Cross-Site Scripting Vulnerability Important
Microsoft Bing CVE-2024-30041 Microsoft Bing Search Spoofing Vulnerability Important
Microsoft Brokering File System CVE-2024-30007 Microsoft Brokering File System Elevation of Privilege Vulnerability Important
Microsoft Dynamics 365 Customer Insights CVE-2024-30048 Dynamics 365 Customer Insights Spoofing Vulnerability Important
Microsoft Dynamics 365 Customer Insights CVE-2024-30047 Dynamics 365 Customer Insights Spoofing Vulnerability Important
Microsoft Edge (Chromium-based) CVE-2024-4558 Chromium: CVE-2024-4558 Use after free in ANGLE Unknown
Microsoft Edge (Chromium-based) CVE-2024-4331 Chromium: CVE-2024-4331 Use after free in Picture In Picture Unknown
Microsoft Edge (Chromium-based) CVE-2024-4671 Chromium: CVE-2024-4671 Use after free in Visuals Unknown
Microsoft Edge (Chromium-based) CVE-2024-30055 Microsoft Edge (Chromium-based) Spoofing Vulnerability Low
Microsoft Edge (Chromium-based) CVE-2024-4368 Chromium: CVE-2024-4368 Use after free in Dawn Unknown
Microsoft Edge (Chromium-based) CVE-2024-4559 Chromium: CVE-2024-4559 Heap buffer overflow in WebAudio Unknown
Microsoft Intune CVE-2024-30059 Microsoft Intune for Android Mobile Application Management Tampering Vulnerability Important
Microsoft Office Excel CVE-2024-30042 Microsoft Excel Remote Code Execution Vulnerability Important
Microsoft Office SharePoint CVE-2024-30044 Microsoft SharePoint Server Remote Code Execution Vulnerability Critical
Microsoft Office SharePoint CVE-2024-30043 Microsoft SharePoint Server Information Disclosure Vulnerability Important
Microsoft WDAC OLE DB provider for SQL CVE-2024-30006 Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability Important
Microsoft Windows SCSI Class System File CVE-2024-29994 Microsoft Windows SCSI Class System File Elevation of Privilege Vulnerability Important
Microsoft Windows Search Component CVE-2024-30033 Windows Search Service Elevation of Privilege Vulnerability Important
Power BI CVE-2024-30054 Microsoft Power BI Client JavaScript SDK Information Disclosure Vulnerability Important
Visual Studio CVE-2024-30046 Visual Studio Denial of Service Vulnerability Important
Visual Studio CVE-2024-32004 GitHub: CVE-2024-32004 Remote Code Execution while cloning special-crafted local repositories Important
Visual Studio CVE-2024-32002 CVE-2024-32002 Recursive clones on case-insensitive filesystems that support symlinks are susceptible to Remote Code Execution Important
Windows Cloud Files Mini Filter Driver CVE-2024-30034 Windows Cloud Files Mini Filter Driver Information Disclosure Vulnerability Important
Windows CNG Key Isolation Service CVE-2024-30031 Windows CNG Key Isolation Service Elevation of Privilege Vulnerability Important
Windows Common Log File System Driver CVE-2024-29996 Windows Common Log File System Driver Elevation of Privilege Vulnerability Important
Windows Common Log File System Driver CVE-2024-30037 Windows Common Log File System Driver Elevation of Privilege Vulnerability Important
Windows Common Log File System Driver CVE-2024-30025 Windows Common Log File System Driver Elevation of Privilege Vulnerability Important
Windows Cryptographic Services CVE-2024-30020 Windows Cryptographic Services Remote Code Execution Vulnerability Important
Windows Cryptographic Services CVE-2024-30016 Windows Cryptographic Services Information Disclosure Vulnerability Important
Windows Deployment Services CVE-2024-30036 Windows Deployment Services Information Disclosure Vulnerability Important
Windows DHCP Server CVE-2024-30019 DHCP Server Service Denial of Service Vulnerability Important
Windows DWM Core Library CVE-2024-30008 Windows DWM Core Library Information Disclosure Vulnerability Important
Windows DWM Core Library CVE-2024-30051 Windows DWM Core Library Elevation of Privilege Vulnerability Important
Windows DWM Core Library CVE-2024-30035 Windows DWM Core Library Elevation of Privilege Vulnerability Important
Windows DWM Core Library CVE-2024-30032 Windows DWM Core Library Elevation of Privilege Vulnerability Important
Windows Hyper-V CVE-2024-30011 Windows Hyper-V Denial of Service Vulnerability Important
Windows Hyper-V CVE-2024-30017 Windows Hyper-V Remote Code Execution Vulnerability Important
Windows Hyper-V CVE-2024-30010 Windows Hyper-V Remote Code Execution Vulnerability Important
Windows Kernel CVE-2024-30018 Windows Kernel Elevation of Privilege Vulnerability Important
Windows Mark of the Web (MOTW) CVE-2024-30050 Windows Mark of the Web Security Feature Bypass Vulnerability Moderate
Windows Mobile Broadband CVE-2024-30002 Windows Mobile Broadband Driver Remote Code Execution Vulnerability Important
Windows Mobile Broadband CVE-2024-29997 Windows Mobile Broadband Driver Remote Code Execution Vulnerability Important
Windows Mobile Broadband CVE-2024-30003 Windows Mobile Broadband Driver Remote Code Execution Vulnerability Important
Windows Mobile Broadband CVE-2024-30012 Windows Mobile Broadband Driver Remote Code Execution Vulnerability Important
Windows Mobile Broadband CVE-2024-29999 Windows Mobile Broadband Driver Remote Code Execution Vulnerability Important
Windows Mobile Broadband CVE-2024-29998 Windows Mobile Broadband Driver Remote Code Execution Vulnerability Important
Windows Mobile Broadband CVE-2024-30000 Windows Mobile Broadband Driver Remote Code Execution Vulnerability Important
Windows Mobile Broadband CVE-2024-30005 Windows Mobile Broadband Driver Remote Code Execution Vulnerability Important
Windows Mobile Broadband CVE-2024-30004 Windows Mobile Broadband Driver Remote Code Execution Vulnerability Important
Windows Mobile Broadband CVE-2024-30021 Windows Mobile Broadband Driver Remote Code Execution Vulnerability Important
Windows Mobile Broadband CVE-2024-30001 Windows Mobile Broadband Driver Remote Code Execution Vulnerability Important
Windows MSHTML Platform CVE-2024-30040 Windows MSHTML Platform Security Feature Bypass Vulnerability Important
Windows NTFS CVE-2024-30027 NTFS Elevation of Privilege Vulnerability Important
Windows Remote Access Connection Manager CVE-2024-30039 Windows Remote Access Connection Manager Information Disclosure Vulnerability Important
Windows Routing and Remote Access Service (RRAS) CVE-2024-30009 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability Important
Windows Routing and Remote Access Service (RRAS) CVE-2024-30024 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability Important
Windows Routing and Remote Access Service (RRAS) CVE-2024-30015 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability Important
Windows Routing and Remote Access Service (RRAS) CVE-2024-30029 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability Important
Windows Routing and Remote Access Service (RRAS) CVE-2024-30023 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability Important
Windows Routing and Remote Access Service (RRAS) CVE-2024-30014 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability Important
Windows Routing and Remote Access Service (RRAS) CVE-2024-30022 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability Important
Windows Task Scheduler CVE-2024-26238 Microsoft PLUGScheduler Scheduled Task Elevation of Privilege Vulnerability Important
Windows Win32K - GRFX CVE-2024-30030 Win32k Elevation of Privilege Vulnerability Important
Windows Win32K - ICOMP CVE-2024-30038 Win32k Elevation of Privilege Vulnerability Important
Windows Win32K - ICOMP CVE-2024-30049 Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability Important
Windows Win32K - ICOMP CVE-2024-30028 Win32k Elevation of Privilege Vulnerability Important
Read Entire Article