Today is Microsoft's May 2024 Patch Tuesday, which includes security updates for 61 flaws and three actively exploited or publicly disclosed zero days.
This Patch Tuesday only fixes one critical vulnerability, a Microsoft SharePoint Server Remote Code Execution Vulnerability.
The number of bugs in each vulnerability category is listed below:
- 17 Elevation of Privilege Vulnerabilities
- 2 Security Feature Bypass Vulnerabilities
- 27 Remote Code Execution Vulnerabilities
- 7 Information Disclosure Vulnerabilities
- 3 Denial of Service Vulnerabilities
- 4 Spoofing Vulnerabilities
The total count of 61 flaws does not include 2 Microsoft Edge flaws fixed on May 2nd and four fixed on May 10th.
To learn more about the non-security updates released today, you can review our dedicated articles on the new Windows 11 KB5037771 cumulative update and the Windows 10 KB5037768 update.
Three zero-days fixed
This month's Patch Tuesday fixes two actively exploited and one publicly disclosed zero-day vulnerabilities.
Microsoft classifies a zero-day as a flaw publicly disclosed or actively exploited with no official fix available.
The two actively exploited zero-day vulnerabilities in today's updates are:
CVE-2024-30040 - Windows MSHTML Platform Security Feature Bypass Vulnerability
Microsoft has fixed an actively exploited bypass to OLE mitigations, which were added to Microsoft 365 and Microsoft Office to protect users from vulnerable COM/OLE controls.
"An attacker would have to convince the user to load a malicious file onto a vulnerable system, typically by way of an enticement in an Email or Instant Messenger message, and then convince the user to manipulate the specially crafted file, but not necessarily click or open the malicious file," explains Microsoft.
"An unauthenticated attacker who successfully exploited this vulnerability could gain code execution through convincing a user to open a malicious document at which point the attacker could execute arbitrary code in the context of the user," continued Microsoft.
It is not known how the flaw was abused in attacks or who discovered it.
CVE-2024-30051 - Windows DWM Core Library Elevation of Privilege Vulnerability
Microsoft has fixed an actively exploited Windows DWM Core Library flaw that provides SYSTEM privileges.
"An attacker who successfully exploited this vulnerability could gain SYSTEM privileges," explains Microsoft.
Kaspersky states that recent Qakbot malware phishing attacks used malicious documents to exploit the flaw and gain SYSTEM privileges on Windows devices.
Microsoft said the flaw was disclosed by the following researchers: Mert Degirmenci and Boris Larin with Kaspersky, Quan Jin with DBAPPSecurity WeBin Lab Guoxian Zhong with DBAPPSecurity WeBin Lab, and Vlad Stolyarov and Benoit Sevens of Google Threat Analysis Group Bryce Abdo and Adam Brunner of Google Mandiant.
Microsoft states that the CVE-2024-30051 was also publicly disclosed, but it's unclear where that was done. In addition, Microsoft says a denial of service flaw in Microsoft Visual Studio tracked as CVE-2024-30046 was publicly disclosed as well.
Recent updates from other companies
Other vendors who released updates or advisories in May 2024 include:
- Adobe has released security updates for After Effects, Photoshop, Commerce, InDesign, and more.
- Apple backported an RTKit zero-day to older devices and fixed a Safari WebKit zero-day flaw exploited at Pwn2Own.
- Cisco released security updates for its IP phone products.
- Citrix urged Xencenter admins to manually fix Putty flaw, which can be used to steal an admin's private SSH key.
- F5 releases security updates for two high-severity BIG-IP Next Central Manager API flaws.
- Google released an emergency update to fix the sixth zero-day of 2024.
- TinyProxy fixes a critical remote code execution flaw that was disclosed by Cisco.
- VMware fixes three zero-day bugs exploited at Pwn2Own 2024.
Unfortunately, we will no longer be linking to SAP's Patch Tuesday security updates as they have placed them behind a customer login.
The May 2024 Patch Tuesday Security Updates
Below is the complete list of resolved vulnerabilities in the May 2024 Patch Tuesday updates.
To access the full description of each vulnerability and the systems it affects, you can view the full report here.
| Tag | CVE ID | CVE Title | Severity |
|---|---|---|---|
| .NET and Visual Studio | CVE-2024-30045 | .NET and Visual Studio Remote Code Execution Vulnerability | Important |
| Azure Migrate | CVE-2024-30053 | Azure Migrate Cross-Site Scripting Vulnerability | Important |
| Microsoft Bing | CVE-2024-30041 | Microsoft Bing Search Spoofing Vulnerability | Important |
| Microsoft Brokering File System | CVE-2024-30007 | Microsoft Brokering File System Elevation of Privilege Vulnerability | Important |
| Microsoft Dynamics 365 Customer Insights | CVE-2024-30048 | Dynamics 365 Customer Insights Spoofing Vulnerability | Important |
| Microsoft Dynamics 365 Customer Insights | CVE-2024-30047 | Dynamics 365 Customer Insights Spoofing Vulnerability | Important |
| Microsoft Edge (Chromium-based) | CVE-2024-4558 | Chromium: CVE-2024-4558 Use after free in ANGLE | Unknown |
| Microsoft Edge (Chromium-based) | CVE-2024-4331 | Chromium: CVE-2024-4331 Use after free in Picture In Picture | Unknown |
| Microsoft Edge (Chromium-based) | CVE-2024-4671 | Chromium: CVE-2024-4671 Use after free in Visuals | Unknown |
| Microsoft Edge (Chromium-based) | CVE-2024-30055 | Microsoft Edge (Chromium-based) Spoofing Vulnerability | Low |
| Microsoft Edge (Chromium-based) | CVE-2024-4368 | Chromium: CVE-2024-4368 Use after free in Dawn | Unknown |
| Microsoft Edge (Chromium-based) | CVE-2024-4559 | Chromium: CVE-2024-4559 Heap buffer overflow in WebAudio | Unknown |
| Microsoft Intune | CVE-2024-30059 | Microsoft Intune for Android Mobile Application Management Tampering Vulnerability | Important |
| Microsoft Office Excel | CVE-2024-30042 | Microsoft Excel Remote Code Execution Vulnerability | Important |
| Microsoft Office SharePoint | CVE-2024-30044 | Microsoft SharePoint Server Remote Code Execution Vulnerability | Critical |
| Microsoft Office SharePoint | CVE-2024-30043 | Microsoft SharePoint Server Information Disclosure Vulnerability | Important |
| Microsoft WDAC OLE DB provider for SQL | CVE-2024-30006 | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | Important |
| Microsoft Windows SCSI Class System File | CVE-2024-29994 | Microsoft Windows SCSI Class System File Elevation of Privilege Vulnerability | Important |
| Microsoft Windows Search Component | CVE-2024-30033 | Windows Search Service Elevation of Privilege Vulnerability | Important |
| Power BI | CVE-2024-30054 | Microsoft Power BI Client JavaScript SDK Information Disclosure Vulnerability | Important |
| Visual Studio | CVE-2024-30046 | Visual Studio Denial of Service Vulnerability | Important |
| Visual Studio | CVE-2024-32004 | GitHub: CVE-2024-32004 Remote Code Execution while cloning special-crafted local repositories | Important |
| Visual Studio | CVE-2024-32002 | CVE-2024-32002 Recursive clones on case-insensitive filesystems that support symlinks are susceptible to Remote Code Execution | Important |
| Windows Cloud Files Mini Filter Driver | CVE-2024-30034 | Windows Cloud Files Mini Filter Driver Information Disclosure Vulnerability | Important |
| Windows CNG Key Isolation Service | CVE-2024-30031 | Windows CNG Key Isolation Service Elevation of Privilege Vulnerability | Important |
| Windows Common Log File System Driver | CVE-2024-29996 | Windows Common Log File System Driver Elevation of Privilege Vulnerability | Important |
| Windows Common Log File System Driver | CVE-2024-30037 | Windows Common Log File System Driver Elevation of Privilege Vulnerability | Important |
| Windows Common Log File System Driver | CVE-2024-30025 | Windows Common Log File System Driver Elevation of Privilege Vulnerability | Important |
| Windows Cryptographic Services | CVE-2024-30020 | Windows Cryptographic Services Remote Code Execution Vulnerability | Important |
| Windows Cryptographic Services | CVE-2024-30016 | Windows Cryptographic Services Information Disclosure Vulnerability | Important |
| Windows Deployment Services | CVE-2024-30036 | Windows Deployment Services Information Disclosure Vulnerability | Important |
| Windows DHCP Server | CVE-2024-30019 | DHCP Server Service Denial of Service Vulnerability | Important |
| Windows DWM Core Library | CVE-2024-30008 | Windows DWM Core Library Information Disclosure Vulnerability | Important |
| Windows DWM Core Library | CVE-2024-30051 | Windows DWM Core Library Elevation of Privilege Vulnerability | Important |
| Windows DWM Core Library | CVE-2024-30035 | Windows DWM Core Library Elevation of Privilege Vulnerability | Important |
| Windows DWM Core Library | CVE-2024-30032 | Windows DWM Core Library Elevation of Privilege Vulnerability | Important |
| Windows Hyper-V | CVE-2024-30011 | Windows Hyper-V Denial of Service Vulnerability | Important |
| Windows Hyper-V | CVE-2024-30017 | Windows Hyper-V Remote Code Execution Vulnerability | Important |
| Windows Hyper-V | CVE-2024-30010 | Windows Hyper-V Remote Code Execution Vulnerability | Important |
| Windows Kernel | CVE-2024-30018 | Windows Kernel Elevation of Privilege Vulnerability | Important |
| Windows Mark of the Web (MOTW) | CVE-2024-30050 | Windows Mark of the Web Security Feature Bypass Vulnerability | Moderate |
| Windows Mobile Broadband | CVE-2024-30002 | Windows Mobile Broadband Driver Remote Code Execution Vulnerability | Important |
| Windows Mobile Broadband | CVE-2024-29997 | Windows Mobile Broadband Driver Remote Code Execution Vulnerability | Important |
| Windows Mobile Broadband | CVE-2024-30003 | Windows Mobile Broadband Driver Remote Code Execution Vulnerability | Important |
| Windows Mobile Broadband | CVE-2024-30012 | Windows Mobile Broadband Driver Remote Code Execution Vulnerability | Important |
| Windows Mobile Broadband | CVE-2024-29999 | Windows Mobile Broadband Driver Remote Code Execution Vulnerability | Important |
| Windows Mobile Broadband | CVE-2024-29998 | Windows Mobile Broadband Driver Remote Code Execution Vulnerability | Important |
| Windows Mobile Broadband | CVE-2024-30000 | Windows Mobile Broadband Driver Remote Code Execution Vulnerability | Important |
| Windows Mobile Broadband | CVE-2024-30005 | Windows Mobile Broadband Driver Remote Code Execution Vulnerability | Important |
| Windows Mobile Broadband | CVE-2024-30004 | Windows Mobile Broadband Driver Remote Code Execution Vulnerability | Important |
| Windows Mobile Broadband | CVE-2024-30021 | Windows Mobile Broadband Driver Remote Code Execution Vulnerability | Important |
| Windows Mobile Broadband | CVE-2024-30001 | Windows Mobile Broadband Driver Remote Code Execution Vulnerability | Important |
| Windows MSHTML Platform | CVE-2024-30040 | Windows MSHTML Platform Security Feature Bypass Vulnerability | Important |
| Windows NTFS | CVE-2024-30027 | NTFS Elevation of Privilege Vulnerability | Important |
| Windows Remote Access Connection Manager | CVE-2024-30039 | Windows Remote Access Connection Manager Information Disclosure Vulnerability | Important |
| Windows Routing and Remote Access Service (RRAS) | CVE-2024-30009 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | Important |
| Windows Routing and Remote Access Service (RRAS) | CVE-2024-30024 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | Important |
| Windows Routing and Remote Access Service (RRAS) | CVE-2024-30015 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | Important |
| Windows Routing and Remote Access Service (RRAS) | CVE-2024-30029 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | Important |
| Windows Routing and Remote Access Service (RRAS) | CVE-2024-30023 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | Important |
| Windows Routing and Remote Access Service (RRAS) | CVE-2024-30014 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | Important |
| Windows Routing and Remote Access Service (RRAS) | CVE-2024-30022 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | Important |
| Windows Task Scheduler | CVE-2024-26238 | Microsoft PLUGScheduler Scheduled Task Elevation of Privilege Vulnerability | Important |
| Windows Win32K - GRFX | CVE-2024-30030 | Win32k Elevation of Privilege Vulnerability | Important |
| Windows Win32K - ICOMP | CVE-2024-30038 | Win32k Elevation of Privilege Vulnerability | Important |
| Windows Win32K - ICOMP | CVE-2024-30049 | Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability | Important |
| Windows Win32K - ICOMP | CVE-2024-30028 | Win32k Elevation of Privilege Vulnerability | Important |
Comments
Rohit_Ghosal - 1 week ago
Hi team first the heading of the advisory making confusion with zero day fixes. Even in the body it is mentioned about 2 zero day vulnerabilities. There is no clarification in the blog. Kindly check and update
Rohit_Ghosal - 1 week ago
As per Microsoft there are 2 zero-day patch
Lawrence Abrams - 1 week ago
CVE-2024-30046 was publicly disclosed but not exploited. Still a zero-day.