Microsoft has issued its Patch Tuesday security updates for May 2024, addressing 59 vulnerabilities across various products, including two zero-day vulnerabilities actively exploited in the wild. VMware has also released fixes for zero-day flaws demonstrated at the Pwn2Own Vancouver 2024 event.
Microsoft’s Critical Updates
The updates from Microsoft span a broad array of products, including Windows, Office, .NET Framework, Visual Studio, Microsoft Dynamics 365, Power BI, DHCP Server, Microsoft Edge (Chromium-based), and Windows Mobile Broadband. Of the 59 vulnerabilities, one is rated Critical, 57 are rated Important, and one is rated Moderate in severity.
Two actively exploited zero-day vulnerabilities have been addressed. The first, CVE-2024-30040, is a Windows MSHTML Platform Security Feature Bypass Vulnerability. This flaw bypasses OLE mitigations in Microsoft 365 and Microsoft Office, which protect users from vulnerable COM/OLE controls. Attackers can exploit this vulnerability by tricking users into loading a malicious file, often through deceptive means like email or instant messenger messages. Once the file is manipulated, the attacker can execute arbitrary code in the context of the user.
The second zero-day, CVE-2024-30051, is a Windows DWM Core Library Elevation of Privilege Vulnerability. Exploiting this flaw allows attackers to gain SYSTEM privileges. Microsoft has not disclosed specific details about the attacks exploiting these vulnerabilities.
VMware’s Response to Pwn2Own
VMware has addressed zero-day flaws demonstrated at the Pwn2Own Vancouver 2024 event. These vulnerabilities were critical and required immediate attention to prevent potential exploitation. The company has urged users to apply the updates promptly to secure their systems.
In other security news, MITRE has released the EMB3D Threat Model for embedded devices, aiming to enhance the security of embedded systems. Google has fixed its sixth actively exploited Chrome zero-day of the year, highlighting the ongoing challenges in securing widely-used browsers.
The Phorpiex botnet has been active, sending millions of phishing emails to deliver LockBit Black ransomware, while Apple has warned that threat actors may have exploited a zero-day vulnerability in older iPhones. The City of Helsinki has suffered a data breach, and Russian hackers have defaced local British news sites. Additionally, Australian financial services firm Firstmac Limited has faced a significant security incident.
All May 2024 Patch Tuesday Fixes
CVE ID |
Tag |
CVE Title |
Severity |
.NET and Visual Studio |
.NET and Visual Studio Remote Code Execution Vulnerability |
Important |
|
Azure Migrate |
Azure Migrate Cross-Site Scripting Vulnerability |
Important |
|
Microsoft Bing |
Microsoft Bing Search Spoofing Vulnerability |
Important |
|
Microsoft Brokering File System |
Microsoft Brokering File System Elevation of Privilege Vulnerability |
Important |
|
Microsoft Dynamics 365 Customer Insights |
Dynamics 365 Customer Insights Spoofing Vulnerability |
Important |
|
Microsoft Dynamics 365 Customer Insights |
Dynamics 365 Customer Insights Spoofing Vulnerability |
Important |
|
Microsoft Edge (Chromium-based) |
Chromium: CVE-2024-4558 Use after free in ANGLE |
Unknown |
|
Microsoft Edge (Chromium-based) |
Chromium: CVE-2024-4331 Use after free in Picture In Picture |
Unknown |
|
Microsoft Edge (Chromium-based) |
Chromium: CVE-2024-4671 Use after free in Visuals |
Unknown |
|
Microsoft Edge (Chromium-based) |
Microsoft Edge (Chromium-based) Spoofing Vulnerability |
Low |
|
Microsoft Edge (Chromium-based) |
Chromium: CVE-2024-4368 Use after free in Dawn |
Unknown |
|
Microsoft Edge (Chromium-based) |
Chromium: CVE-2024-4559 Heap buffer overflow in WebAudio |
Unknown |
|
Microsoft Intune |
Microsoft Intune for Android Mobile Application Management Tampering Vulnerability |
Important |
|
Microsoft Office Excel |
Microsoft Excel Remote Code Execution Vulnerability |
Important |
|
Microsoft Office SharePoint |
Microsoft SharePoint Server Remote Code Execution Vulnerability |
Critical |
|
Microsoft Office SharePoint |
Microsoft SharePoint Server Information Disclosure Vulnerability |
Important |
|
Microsoft WDAC OLE DB provider for SQL |
Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability |
Important |
|
Microsoft Windows SCSI Class System File |
Microsoft Windows SCSI Class System File Elevation of Privilege Vulnerability |
Important |
|
Microsoft Windows Search Component |
Windows Search Service Elevation of Privilege Vulnerability |
Important |
|
Power BI |
Microsoft Power BI Client JavaScript SDK Information Disclosure Vulnerability |
Important |
|
Visual Studio |
Visual Studio Denial of Service Vulnerability |
Important |
|
Visual Studio |
GitHub: CVE-2024-32004 Remote Code Execution while cloning special-crafted local repositories |
Important |
|
Visual Studio |
CVE-2024-32002 Recursive clones on case-insensitive filesystems that support symlinks are susceptible to Remote Code Execution |
Important |
|
Windows Cloud Files Mini Filter Driver |
Windows Cloud Files Mini Filter Driver Information Disclosure Vulnerability |
Important |
|
Windows CNG Key Isolation Service |
Windows CNG Key Isolation Service Elevation of Privilege Vulnerability |
Important |
|
Windows Common Log File System Driver |
Windows Common Log File System Driver Elevation of Privilege Vulnerability |
Important |
|
Windows Common Log File System Driver |
Windows Common Log File System Driver Elevation of Privilege Vulnerability |
Important |
|
Windows Common Log File System Driver |
Windows Common Log File System Driver Elevation of Privilege Vulnerability |
Important |
|
Windows Cryptographic Services |
Windows Cryptographic Services Remote Code Execution Vulnerability |
Important |
|
Windows Cryptographic Services |
Windows Cryptographic Services Information Disclosure Vulnerability |
Important |
|
Windows Deployment Services |
Windows Deployment Services Information Disclosure Vulnerability |
Important |
|
Windows DHCP Server |
DHCP Server Service Denial of Service Vulnerability |
Important |
|
Windows DWM Core Library |
Windows DWM Core Library Information Disclosure Vulnerability |
Important |
|
Windows DWM Core Library |
Windows DWM Core Library Elevation of Privilege Vulnerability |
Important |
|
Windows DWM Core Library |
Windows DWM Core Library Elevation of Privilege Vulnerability |
Important |
|
Windows DWM Core Library |
Windows DWM Core Library Elevation of Privilege Vulnerability |
Important |
|
Windows Hyper-V |
Windows Hyper-V Denial of Service Vulnerability |
Important |
|
Windows Hyper-V |
Windows Hyper-V Remote Code Execution Vulnerability |
Important |
|
Windows Hyper-V |
Windows Hyper-V Remote Code Execution Vulnerability |
Important |
|
Windows Kernel |
Windows Kernel Elevation of Privilege Vulnerability |
Important |
|
Windows Mark of the Web (MOTW) |
Windows Mark of the Web Security Feature Bypass Vulnerability |
Moderate |
|
Windows Mobile Broadband |
Windows Mobile Broadband Driver Remote Code Execution Vulnerability |
Important |
|
Windows Mobile Broadband |
Windows Mobile Broadband Driver Remote Code Execution Vulnerability |
Important |
|
Windows Mobile Broadband |
Windows Mobile Broadband Driver Remote Code Execution Vulnerability |
Important |
|
Windows Mobile Broadband |
Windows Mobile Broadband Driver Remote Code Execution Vulnerability |
Important |
|
Windows Mobile Broadband |
Windows Mobile Broadband Driver Remote Code Execution Vulnerability |
Important |
|
Windows Mobile Broadband |
Windows Mobile Broadband Driver Remote Code Execution Vulnerability |
Important |
|
Windows Mobile Broadband |
Windows Mobile Broadband Driver Remote Code Execution Vulnerability |
Important |
|
Windows Mobile Broadband |
Windows Mobile Broadband Driver Remote Code Execution Vulnerability |
Important |
|
Windows Mobile Broadband |
Windows Mobile Broadband Driver Remote Code Execution Vulnerability |
Important |
|
Windows Mobile Broadband |
Windows Mobile Broadband Driver Remote Code Execution Vulnerability |
Important |
|
Windows Mobile Broadband |
Windows Mobile Broadband Driver Remote Code Execution Vulnerability |
Important |
|
Windows MSHTML Platform |
Windows MSHTML Platform Security Feature Bypass Vulnerability |
Important |
|
Windows NTFS |
NTFS Elevation of Privilege Vulnerability |
Important |
|
Windows Remote Access Connection Manager |
Windows Remote Access Connection Manager Information Disclosure Vulnerability |
Important |
|
Windows Routing and Remote Access Service (RRAS) |
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability |
Important |
|
Windows Routing and Remote Access Service (RRAS) |
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability |
Important |
|
Windows Routing and Remote Access Service (RRAS) |
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability |
Important |
|
Windows Routing and Remote Access Service (RRAS) |
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability |
Important |
|
Windows Routing and Remote Access Service (RRAS) |
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability |
Important |
|
Windows Routing and Remote Access Service (RRAS) |
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability |
Important |
|
Windows Routing and Remote Access Service (RRAS) |
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability |
Important |
|
Windows Task Scheduler |
Microsoft PLUGScheduler Scheduled Task Elevation of Privilege Vulnerability |
Important |
|
Windows Win32K – GRFX |
Win32k Elevation of Privilege Vulnerability |
Important |
|
Windows Win32K – ICOMP |
Win32k Elevation of Privilege Vulnerability |
Important |
|
Windows Win32K – ICOMP |
Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability |
Important |
|
Windows Win32K – ICOMP |
Win32k Elevation of Privilege Vulnerability |
Important |
Last Updated on November 7, 2024 8:24 pm CET