top of page

Security Update: Microsoft has just released patches for 61 vulnerabilities.




Every second Tuesday of the month, Microsoft releases updates as part of its Patch Tuesday schedule. This month wasn't an exception.


As we all know, keeping your operating system patched is a crucial defense against the threats posed by malware and other security vulnerabilities. For detailed guidance on managing patches within your organization, please get in touch with us at sales@syngent.com or call 888-811-1555.


The Patch Tuesday updates for May 2024 from Microsoft address 61 security flaws, including three that are either actively being exploited or have been disclosed publicly.

This month's updates rectify a single critical issue, identified as a Remote Code Execution Vulnerability within Microsoft SharePoint Server.


Here's a breakdown of the vulnerabilities addressed this month:

  • 17 Elevation of Privilege Vulnerabilities

  • 2 Security Feature Bypass Vulnerabilities

  • 27 Remote Code Execution Vulnerabilities

  • 7 Information Disclosure Vulnerabilities

  • 3 Denial of Service Vulnerabilities

  • 4 Spoofing Vulnerabilities


It’s important to note that this total of 61 vulnerabilities excludes two issues in Microsoft Edge resolved on May 2nd and another four addressed on May 10th.


Today's updates include patches for two critical zero-day vulnerabilities: CVE-2024-30040 - A Security Feature Bypass Vulnerability in the Windows MSHTML Platform Microsoft has patched a Security Feature Bypass in OLE mitigations originally designed to enhance security in Microsoft 365 and Office applications by safeguarding against compromised COM/OLE controls.


Microsoft stated that: "An attacker would need to persuade a user to download a malicious file and interact with it, possibly through misleading links sent via Email or Instant Messaging. The user would not need to open the file for the attack to be successful."


"Should an attacker exploit this flaw successfully, they could execute code under the user’s profile by manipulating them to open a malicious document, thereby allowing the execution of arbitrary code," Microsoft adds.


Details regarding the exploitation of this vulnerability or its discoverer are not disclosed.


CVE-2024-30051 - An Elevation of Privilege Vulnerability in the Windows DWM Core Library This vulnerability, which was being actively exploited, allowed attackers to obtain SYSTEM privileges on affected machines.


"Exploitation of this flaw would result in an attacker gaining SYSTEM privileges," Microsoft describes. Kaspersky has identified that recent phishing campaigns associated with Qakbot malware have leveraged malicious documents exploiting this vulnerability to obtain SYSTEM privileges on Windows systems.


This flaw was reported by researchers Mert Degirmenci and Boris Larin from Kaspersky, Quan Jin from DBAPPSecurity WeBin Lab, Guoxian Zhong from DBAPPSecurity WeBin Lab, Vlad Stolyarov and Benoit Sevens from Google Threat Analysis Group, along with Bryce Abdo and Adam Brunner from Google Mandiant.


Microsoft also notes that the vulnerability CVE-2024-30051 was publicly disclosed, although it remains unclear where the disclosure took place. Additionally, Microsoft mentions that a denial of service vulnerability in Microsoft Visual Studio, catalogued as CVE-2024-30046, was also publicly disclosed.


If you have any questions or concerns about any of these issues - contact us today!

7 views0 comments

Recent Posts

See All

Mitigating the Follina Zero-Day Vulnerability

On May 27th, 2022, a new zero-day remote code execution (RCE) vulnerability was discovered in the Microsoft Support Diagnostic Tool (MSDT). This CVE-2022-30190P vulnerability allows an attacker to run

Follina Vulnerability Information and Workaround

As of June 7, 2022, there is still no patch for this vulnerability. Please ensure that you are reasonably confident when you open MS documents. ----------------------------- The internet is abuzz wit

Comments


bottom of page