HomeVulnerabilityMicrosoft Might 2024 Patch Tuesday fixes 3 zero-days, 61 flaws

Microsoft Might 2024 Patch Tuesday fixes 3 zero-days, 61 flaws

Immediately is Microsoft’s Might 2024 Patch Tuesday, which incorporates security updates for 61 flaws and three actively exploited or publicly disclosed zero days.

This Patch Tuesday solely fixes one crucial vulnerability, a Microsoft SharePoint Server Distant Code Execution Vulnerability.

The variety of bugs in every vulnerability class is listed under:

  • 17 Elevation of Privilege Vulnerabilities
  • 2 Safety Characteristic Bypass Vulnerabilities
  • 27 Distant Code Execution Vulnerabilities
  • 7 Data Disclosure Vulnerabilities
  • 3 Denial of Service Vulnerabilities
  • 4 Spoofing Vulnerabilities

The entire depend of 61 flaws doesn’t embrace 2 Microsoft Edge flaws fastened on Might 2nd and 4 fastened on Might tenth.

To study extra in regards to the non-security updates launched in the present day, you may evaluate our devoted articles on the brand new Home windows 11 KB5037771 cumulative replace and the Home windows 10 KB5037768 replace.

Three zero-days fastened

This month’s Patch Tuesday fixes two actively exploited and one publicly disclosed zero-day vulnerabilities.

Microsoft classifies a zero-day as a flaw publicly disclosed or actively exploited with no official repair out there.

The 2 actively exploited zero-day vulnerabilities in in the present day’s updates are:

CVE-2024-30040 – Home windows MSHTML Platform Safety Characteristic Bypass Vulnerability

Microsoft has fastened an actively exploited bypass to OLE mitigations, which had been added to Microsoft 365 and Microsoft Workplace to guard customers from weak COM/OLE controls.

“An attacker must persuade the person to load a malicious file onto a weak system, usually by the use of an enticement in an E mail or On the spot Messenger message, after which persuade the person to control the specifically crafted file, however not essentially click on or open the malicious file,” explains Microsoft.

“An unauthenticated attacker who efficiently exploited this vulnerability may achieve code execution via convincing a person to open a malicious doc at which level the attacker may execute arbitrary code within the context of the person,” continued Microsoft.

It just isn’t recognized how the flaw was abused in assaults or who found it.

CVE-2024-30051 – Home windows DWM Core Library Elevation of Privilege Vulnerability

Microsoft has fastened an actively exploited Home windows DWM Core Library flaw that gives SYSTEM privileges.

“An attacker who efficiently exploited this vulnerability may achieve SYSTEM privileges,” explains Microsoft.

Kaspersky states that current Qakbot malware phishing assaults used malicious paperwork to take advantage of the flaw and achieve SYSTEM privileges on Home windows gadgets.

Microsoft mentioned the flaw was disclosed by the next researchers: Mert Degirmenci and Boris Larin with Kaspersky, Quan Jin with DBAPPSecurity WeBin Lab Guoxian Zhong with DBAPPSecurity WeBin Lab, and Vlad Stolyarov and Benoit Sevens of Google Menace Evaluation Group Bryce Abdo and Adam Brunner of Google Mandiant.

See also  China-Linked Group Breaches Networks by way of Connectwise, F5 Software program Flaws

Microsoft states that the CVE-2024-30051 was additionally publicly disclosed, nevertheless it’s unclear the place that was achieved. As well as, Microsoft says a denial of service flaw in Microsoft Visible Studio tracked as CVE-2024-30046 was publicly disclosed as properly.

Current updates from different firms

Different distributors who launched updates or advisories in Might 2024 embrace:

Sadly, we are going to not be linking to SAP’s Patch Tuesday security updates as they’ve positioned them behind a buyer login.

The Might 2024 Patch Tuesday Safety Updates

Beneath is the entire listing of resolved vulnerabilities within the Might 2024 Patch Tuesday updates.

To entry the total description of every vulnerability and the programs it impacts, you may view the full report right here.

Tag CVE ID CVE Title Severity
.NET and Visible Studio CVE-2024-30045 .NET and Visible Studio Distant Code Execution Vulnerability Necessary
Azure Migrate CVE-2024-30053 Azure Migrate Cross-Web site Scripting Vulnerability Necessary
Microsoft Bing CVE-2024-30041 Microsoft Bing Search Spoofing Vulnerability Necessary
Microsoft Brokering File System CVE-2024-30007 Microsoft Brokering File System Elevation of Privilege Vulnerability Necessary
Microsoft Dynamics 365 Buyer Insights CVE-2024-30048 Dynamics 365 Buyer Insights Spoofing Vulnerability Necessary
Microsoft Dynamics 365 Buyer Insights CVE-2024-30047 Dynamics 365 Buyer Insights Spoofing Vulnerability Necessary
Microsoft Edge (Chromium-based) CVE-2024-4558 Chromium: CVE-2024-4558 Use after free in ANGLE Unknown
Microsoft Edge (Chromium-based) CVE-2024-4331 Chromium: CVE-2024-4331 Use after free in Image In Image Unknown
Microsoft Edge (Chromium-based) CVE-2024-4671 Chromium: CVE-2024-4671 Use after free in Visuals Unknown
Microsoft Edge (Chromium-based) CVE-2024-30055 Microsoft Edge (Chromium-based) Spoofing Vulnerability Low
Microsoft Edge (Chromium-based) CVE-2024-4368 Chromium: CVE-2024-4368 Use after free in Daybreak Unknown
Microsoft Edge (Chromium-based) CVE-2024-4559 Chromium: CVE-2024-4559 Heap buffer overflow in WebAudio Unknown
Microsoft Intune CVE-2024-30059 Microsoft Intune for Android Cellular Software Administration Tampering Vulnerability Necessary
Microsoft Workplace Excel CVE-2024-30042 Microsoft Excel Distant Code Execution Vulnerability Necessary
Microsoft Workplace SharePoint CVE-2024-30044 Microsoft SharePoint Server Distant Code Execution Vulnerability Essential
Microsoft Workplace SharePoint CVE-2024-30043 Microsoft SharePoint Server Data Disclosure Vulnerability Necessary
Microsoft WDAC OLE DB supplier for SQL CVE-2024-30006 Microsoft WDAC OLE DB supplier for SQL Server Distant Code Execution Vulnerability Necessary
Microsoft Home windows SCSI Class System File CVE-2024-29994 Microsoft Home windows SCSI Class System File Elevation of Privilege Vulnerability Necessary
Microsoft Home windows Search Element CVE-2024-30033 Home windows Search Service Elevation of Privilege Vulnerability Necessary
Energy BI CVE-2024-30054 Microsoft Energy BI Shopper JavaScript SDK Data Disclosure Vulnerability Necessary
Visible Studio CVE-2024-30046 Visible Studio Denial of Service Vulnerability Necessary
Visible Studio CVE-2024-32004 GitHub: CVE-2024-32004 Distant Code Execution whereas cloning special-crafted native repositories Necessary
Visible Studio CVE-2024-32002 CVE-2024-32002 Recursive clones on case-insensitive filesystems that assist symlinks are vulnerable to Distant Code Execution Necessary
Home windows Cloud Recordsdata Mini Filter Driver CVE-2024-30034 Home windows Cloud Recordsdata Mini Filter Driver Data Disclosure Vulnerability Necessary
Home windows CNG Key Isolation Service CVE-2024-30031 Home windows CNG Key Isolation Service Elevation of Privilege Vulnerability Necessary
Home windows Widespread Log File System Driver CVE-2024-29996 Home windows Widespread Log File System Driver Elevation of Privilege Vulnerability Necessary
Home windows Widespread Log File System Driver CVE-2024-30037 Home windows Widespread Log File System Driver Elevation of Privilege Vulnerability Necessary
Home windows Widespread Log File System Driver CVE-2024-30025 Home windows Widespread Log File System Driver Elevation of Privilege Vulnerability Necessary
Home windows Cryptographic Providers CVE-2024-30020 Home windows Cryptographic Providers Distant Code Execution Vulnerability Necessary
Home windows Cryptographic Providers CVE-2024-30016 Home windows Cryptographic Providers Data Disclosure Vulnerability Necessary
Home windows Deployment Providers CVE-2024-30036 Home windows Deployment Providers Data Disclosure Vulnerability Necessary
Home windows DHCP Server CVE-2024-30019 DHCP Server Service Denial of Service Vulnerability Necessary
Home windows DWM Core Library CVE-2024-30008 Home windows DWM Core Library Data Disclosure Vulnerability Necessary
Home windows DWM Core Library CVE-2024-30051 Home windows DWM Core Library Elevation of Privilege Vulnerability Necessary
Home windows DWM Core Library CVE-2024-30035 Home windows DWM Core Library Elevation of Privilege Vulnerability Necessary
Home windows DWM Core Library CVE-2024-30032 Home windows DWM Core Library Elevation of Privilege Vulnerability Necessary
Home windows Hyper-V CVE-2024-30011 Home windows Hyper-V Denial of Service Vulnerability Necessary
Home windows Hyper-V CVE-2024-30017 Home windows Hyper-V Distant Code Execution Vulnerability Necessary
Home windows Hyper-V CVE-2024-30010 Home windows Hyper-V Distant Code Execution Vulnerability Necessary
Home windows Kernel CVE-2024-30018 Home windows Kernel Elevation of Privilege Vulnerability Necessary
Home windows Mark of the Internet (MOTW) CVE-2024-30050 Home windows Mark of the Internet Safety Characteristic Bypass Vulnerability Average
Home windows Cellular Broadband CVE-2024-30002 Home windows Cellular Broadband Driver Distant Code Execution Vulnerability Necessary
Home windows Cellular Broadband CVE-2024-29997 Home windows Cellular Broadband Driver Distant Code Execution Vulnerability Necessary
Home windows Cellular Broadband CVE-2024-30003 Home windows Cellular Broadband Driver Distant Code Execution Vulnerability Necessary
Home windows Cellular Broadband CVE-2024-30012 Home windows Cellular Broadband Driver Distant Code Execution Vulnerability Necessary
Home windows Cellular Broadband CVE-2024-29999 Home windows Cellular Broadband Driver Distant Code Execution Vulnerability Necessary
Home windows Cellular Broadband CVE-2024-29998 Home windows Cellular Broadband Driver Distant Code Execution Vulnerability Necessary
Home windows Cellular Broadband CVE-2024-30000 Home windows Cellular Broadband Driver Distant Code Execution Vulnerability Necessary
Home windows Cellular Broadband CVE-2024-30005 Home windows Cellular Broadband Driver Distant Code Execution Vulnerability Necessary
Home windows Cellular Broadband CVE-2024-30004 Home windows Cellular Broadband Driver Distant Code Execution Vulnerability Necessary
Home windows Cellular Broadband CVE-2024-30021 Home windows Cellular Broadband Driver Distant Code Execution Vulnerability Necessary
Home windows Cellular Broadband CVE-2024-30001 Home windows Cellular Broadband Driver Distant Code Execution Vulnerability Necessary
Home windows MSHTML Platform CVE-2024-30040 Home windows MSHTML Platform Safety Characteristic Bypass Vulnerability Necessary
Home windows NTFS CVE-2024-30027 NTFS Elevation of Privilege Vulnerability Necessary
Home windows Distant Entry Connection Supervisor CVE-2024-30039 Home windows Distant Entry Connection Supervisor Data Disclosure Vulnerability Necessary
Home windows Routing and Distant Entry Service (RRAS) CVE-2024-30009 Home windows Routing and Distant Entry Service (RRAS) Distant Code Execution Vulnerability Necessary
Home windows Routing and Distant Entry Service (RRAS) CVE-2024-30024 Home windows Routing and Distant Entry Service (RRAS) Distant Code Execution Vulnerability Necessary
Home windows Routing and Distant Entry Service (RRAS) CVE-2024-30015 Home windows Routing and Distant Entry Service (RRAS) Distant Code Execution Vulnerability Necessary
Home windows Routing and Distant Entry Service (RRAS) CVE-2024-30029 Home windows Routing and Distant Entry Service (RRAS) Distant Code Execution Vulnerability Necessary
Home windows Routing and Distant Entry Service (RRAS) CVE-2024-30023 Home windows Routing and Distant Entry Service (RRAS) Distant Code Execution Vulnerability Necessary
Home windows Routing and Distant Entry Service (RRAS) CVE-2024-30014 Home windows Routing and Distant Entry Service (RRAS) Distant Code Execution Vulnerability Necessary
Home windows Routing and Distant Entry Service (RRAS) CVE-2024-30022 Home windows Routing and Distant Entry Service (RRAS) Distant Code Execution Vulnerability Necessary
Home windows Job Scheduler CVE-2024-26238 Microsoft PLUGScheduler Scheduled Job Elevation of Privilege Vulnerability Necessary
Home windows Win32K – GRFX CVE-2024-30030 Win32k Elevation of Privilege Vulnerability Necessary
Home windows Win32K – ICOMP CVE-2024-30038 Win32k Elevation of Privilege Vulnerability Necessary
Home windows Win32K – ICOMP CVE-2024-30049 Home windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability Necessary
Home windows Win32K – ICOMP CVE-2024-30028 Win32k Elevation of Privilege Vulnerability Necessary
See also  SAP Patches Important Vulnerability Impacting NetWeaver, S/4HANA
- Advertisment -spot_img
RELATED ARTICLES

LEAVE A REPLY

Please enter your comment!
Please enter your name here

- Advertisment -

Most Popular