Microsoft May 2024 Patch Tuesday fixes 3 zero-days, 61 flaws (2024)

Table of Contents
Three zero-days fixed Recent updates from other companies The May 2024Patch Tuesday Security Updates Related Articles:

Microsoft May 2024 Patch Tuesday fixes 3 zero-days, 61 flaws (1)

Today is Microsoft's May 2024 Patch Tuesday, which includes security updates for 61 flaws and three actively exploited or publicly disclosed zero days.

This Patch Tuesday only fixes one critical vulnerability, a Microsoft SharePoint Server Remote Code Execution Vulnerability.

The number of bugs in each vulnerability category is listed below:

  • 17 Elevation of Privilege Vulnerabilities
  • 2 Security Feature Bypass Vulnerabilities
  • 27 Remote Code Execution Vulnerabilities
  • 7 Information Disclosure Vulnerabilities
  • 3 Denial of Service Vulnerabilities
  • 4 Spoofing Vulnerabilities

The total count of 61 flaws does not include 2Microsoft Edge flaws fixed on May 2nd and four fixed on May 10th.

To learn more about the non-security updates released today,you can review our dedicated articles on the newWindows 11 KB5037771 cumulative updateand the Windows 10 KB5037768 update.

Three zero-days fixed

This month's Patch Tuesday fixes two actively exploited and one publicly disclosed zero-day vulnerabilities.

Microsoft classifies a zero-day as a flaw publicly disclosed or actively exploited with no official fixavailable.

See Also
Microsoft June 2024 Patch Tuesday fixes 51 flaws, 18 RCEsUpdate release cycle for Windows clients - Windows DeploymentMicrosoft April 2024 Patch Tuesday fixes 150 security flaws, 67 RCEsJune 25, 2024—KB5039302 (OS Builds 22621.3810 and 22631.3810) Preview

The two actively exploited zero-day vulnerabilities in today's updates are:

CVE-2024-30040 -Windows MSHTML Platform Security Feature Bypass Vulnerability

Microsoft has fixed an actively exploited bypass to OLE mitigations, whichwere addedto Microsoft 365 and Microsoft Office to protect users from vulnerable COM/OLE controls.

"An attacker would have to convince the user to load a malicious file onto a vulnerable system, typically by way of an enticement in an Email or Instant Messenger message, and then convince the user to manipulate the specially crafted file, but not necessarily click or open the malicious file," explains Microsoft.

"An unauthenticated attacker who successfully exploited this vulnerability could gain code execution through convincing a user to open a malicious document at which point the attacker could execute arbitrary code in the context of the user," continued Microsoft.

Itis not knownhowthe flawwas abusedin attacks or who discovered it.

CVE-2024-30051 - Windows DWM Core Library Elevation of Privilege Vulnerability

Microsoft has fixed an actively exploited Windows DWM Core Library flaw that provides SYSTEM privileges.

See Also
What Is Patch Tuesday and Why Does It Matter for Cybersecurity

"An attacker who successfully exploited this vulnerability could gain SYSTEM privileges," explains Microsoft.

Kasperskystates that recent Qakbot malware phishing attacks used malicious documents to exploit the flaw and gain SYSTEM privileges on Windows devices.

Microsoft said the flaw was disclosed by the following researchers:Mert Degirmenci and Boris Larin with Kaspersky,Quan Jin with DBAPPSecurity WeBin Lab Guoxian Zhong with DBAPPSecurity WeBin Lab, andVlad Stolyarov and Benoit Sevens of Google Threat Analysis Group Bryce Abdo and Adam Brunner of Google Mandiant.

Microsoft states that theCVE-2024-30051 was also publicly disclosed, but it's unclear wherethat was done. In addition, Microsoft says a denial of service flaw in Microsoft Visual Studio tracked as CVE-2024-30046waspublicly disclosedas well.

Recent updates from other companies

Other vendors who released updates or advisories in May 2024 include:

  • Adobehasreleased security updatesfor After Effects, Photoshop, Commerce, InDesign, and more.
  • Applebackported anRTKit zero-dayto older devices andfixed aSafari WebKit zero-day flawexploited at Pwn2Own.
  • Ciscoreleased security updatesfor its IP phone products.
  • Citrixurged Xencenter admins to manually fixPuttyflaw, whichcan be usedtosteal an admin's private SSH key.
  • F5releasessecurity updatesfor two high-severityBIG-IP Next Central Manager API flaws.
  • Googlereleased an emergency updateto fix the sixth zero-day of 2024.
  • TinyProxyfixes a critical remote code execution flawthat was disclosed by Cisco.
  • VMwarefixes three zero-day bugsexploited at Pwn2Own 2024.

Unfortunately, we will no longer be linking to SAP's Patch Tuesday security updates as they have placed them behind a customer login.

The May 2024Patch Tuesday Security Updates

Below is the complete list of resolved vulnerabilities in the May 2024 Patch Tuesday updates.

Toaccess the full description of each vulnerability and the systemsit affects, you can view thefull report here.

TagCVE IDCVE TitleSeverity
.NET and Visual StudioCVE-2024-30045.NET and Visual Studio Remote Code Execution VulnerabilityImportant
Azure MigrateCVE-2024-30053Azure Migrate Cross-Site Scripting VulnerabilityImportant
Microsoft BingCVE-2024-30041Microsoft Bing Search Spoofing VulnerabilityImportant
Microsoft Brokering File SystemCVE-2024-30007Microsoft Brokering File System Elevation of Privilege VulnerabilityImportant
Microsoft Dynamics 365 Customer InsightsCVE-2024-30048Dynamics 365 Customer Insights Spoofing VulnerabilityImportant
Microsoft Dynamics 365 Customer InsightsCVE-2024-30047Dynamics 365 Customer Insights Spoofing VulnerabilityImportant
Microsoft Edge (Chromium-based)CVE-2024-4558Chromium: CVE-2024-4558 Use after free in ANGLEUnknown
Microsoft Edge (Chromium-based)CVE-2024-4331Chromium: CVE-2024-4331 Use after free in Picture In PictureUnknown
Microsoft Edge (Chromium-based)CVE-2024-4671Chromium: CVE-2024-4671 Use after free in VisualsUnknown
Microsoft Edge (Chromium-based)CVE-2024-30055Microsoft Edge (Chromium-based) Spoofing VulnerabilityLow
Microsoft Edge (Chromium-based)CVE-2024-4368Chromium: CVE-2024-4368 Use after free in DawnUnknown
Microsoft Edge (Chromium-based)CVE-2024-4559Chromium: CVE-2024-4559 Heap buffer overflow in WebAudioUnknown
Microsoft IntuneCVE-2024-30059Microsoft Intune for Android Mobile Application Management Tampering VulnerabilityImportant
Microsoft Office ExcelCVE-2024-30042Microsoft Excel Remote Code Execution VulnerabilityImportant
Microsoft Office SharePointCVE-2024-30044Microsoft SharePoint Server Remote Code Execution VulnerabilityCritical
Microsoft Office SharePointCVE-2024-30043Microsoft SharePoint Server Information Disclosure VulnerabilityImportant
Microsoft WDAC OLE DB provider for SQLCVE-2024-30006Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution VulnerabilityImportant
Microsoft Windows SCSI Class System FileCVE-2024-29994Microsoft Windows SCSI Class System File Elevation of Privilege VulnerabilityImportant
Microsoft Windows Search ComponentCVE-2024-30033Windows Search Service Elevation of Privilege VulnerabilityImportant
Power BICVE-2024-30054Microsoft Power BI Client JavaScript SDK Information Disclosure VulnerabilityImportant
Visual StudioCVE-2024-30046Visual Studio Denial of Service VulnerabilityImportant
Visual StudioCVE-2024-32004GitHub: CVE-2024-32004 Remote Code Execution while cloning special-crafted local repositoriesImportant
Visual StudioCVE-2024-32002CVE-2024-32002 Recursive clones on case-insensitive filesystems that support symlinks are susceptible to Remote Code ExecutionImportant
Windows Cloud Files Mini Filter DriverCVE-2024-30034Windows Cloud Files Mini Filter Driver Information Disclosure VulnerabilityImportant
Windows CNG Key Isolation ServiceCVE-2024-30031Windows CNG Key Isolation Service Elevation of Privilege VulnerabilityImportant
Windows Common Log File System DriverCVE-2024-29996Windows Common Log File System Driver Elevation of Privilege VulnerabilityImportant
Windows Common Log File System DriverCVE-2024-30037Windows Common Log File System Driver Elevation of Privilege VulnerabilityImportant
Windows Common Log File System DriverCVE-2024-30025Windows Common Log File System Driver Elevation of Privilege VulnerabilityImportant
Windows Cryptographic ServicesCVE-2024-30020Windows Cryptographic Services Remote Code Execution VulnerabilityImportant
Windows Cryptographic ServicesCVE-2024-30016Windows Cryptographic Services Information Disclosure VulnerabilityImportant
Windows Deployment ServicesCVE-2024-30036Windows Deployment Services Information Disclosure VulnerabilityImportant
Windows DHCP ServerCVE-2024-30019DHCP Server Service Denial of Service VulnerabilityImportant
Windows DWM Core LibraryCVE-2024-30008Windows DWM Core Library Information Disclosure VulnerabilityImportant
Windows DWM Core LibraryCVE-2024-30051Windows DWM Core Library Elevation of Privilege VulnerabilityImportant
Windows DWM Core LibraryCVE-2024-30035Windows DWM Core Library Elevation of Privilege VulnerabilityImportant
Windows DWM Core LibraryCVE-2024-30032Windows DWM Core Library Elevation of Privilege VulnerabilityImportant
Windows Hyper-VCVE-2024-30011Windows Hyper-V Denial of Service VulnerabilityImportant
Windows Hyper-VCVE-2024-30017Windows Hyper-V Remote Code Execution VulnerabilityImportant
Windows Hyper-VCVE-2024-30010Windows Hyper-V Remote Code Execution VulnerabilityImportant
Windows KernelCVE-2024-30018Windows Kernel Elevation of Privilege VulnerabilityImportant
Windows Mark of the Web (MOTW)CVE-2024-30050Windows Mark of the Web Security Feature Bypass VulnerabilityModerate
Windows Mobile BroadbandCVE-2024-30002Windows Mobile Broadband Driver Remote Code Execution VulnerabilityImportant
Windows Mobile BroadbandCVE-2024-29997Windows Mobile Broadband Driver Remote Code Execution VulnerabilityImportant
Windows Mobile BroadbandCVE-2024-30003Windows Mobile Broadband Driver Remote Code Execution VulnerabilityImportant
Windows Mobile BroadbandCVE-2024-30012Windows Mobile Broadband Driver Remote Code Execution VulnerabilityImportant
Windows Mobile BroadbandCVE-2024-29999Windows Mobile Broadband Driver Remote Code Execution VulnerabilityImportant
Windows Mobile BroadbandCVE-2024-29998Windows Mobile Broadband Driver Remote Code Execution VulnerabilityImportant
Windows Mobile BroadbandCVE-2024-30000Windows Mobile Broadband Driver Remote Code Execution VulnerabilityImportant
Windows Mobile BroadbandCVE-2024-30005Windows Mobile Broadband Driver Remote Code Execution VulnerabilityImportant
Windows Mobile BroadbandCVE-2024-30004Windows Mobile Broadband Driver Remote Code Execution VulnerabilityImportant
Windows Mobile BroadbandCVE-2024-30021Windows Mobile Broadband Driver Remote Code Execution VulnerabilityImportant
Windows Mobile BroadbandCVE-2024-30001Windows Mobile Broadband Driver Remote Code Execution VulnerabilityImportant
Windows MSHTML PlatformCVE-2024-30040Windows MSHTML Platform Security Feature Bypass VulnerabilityImportant
Windows NTFSCVE-2024-30027NTFS Elevation of Privilege VulnerabilityImportant
Windows Remote Access Connection ManagerCVE-2024-30039Windows Remote Access Connection Manager Information Disclosure VulnerabilityImportant
Windows Routing and Remote Access Service (RRAS)CVE-2024-30009Windows Routing and Remote Access Service (RRAS) Remote Code Execution VulnerabilityImportant
Windows Routing and Remote Access Service (RRAS)CVE-2024-30024Windows Routing and Remote Access Service (RRAS) Remote Code Execution VulnerabilityImportant
Windows Routing and Remote Access Service (RRAS)CVE-2024-30015Windows Routing and Remote Access Service (RRAS) Remote Code Execution VulnerabilityImportant
Windows Routing and Remote Access Service (RRAS)CVE-2024-30029Windows Routing and Remote Access Service (RRAS) Remote Code Execution VulnerabilityImportant
Windows Routing and Remote Access Service (RRAS)CVE-2024-30023Windows Routing and Remote Access Service (RRAS) Remote Code Execution VulnerabilityImportant
Windows Routing and Remote Access Service (RRAS)CVE-2024-30014Windows Routing and Remote Access Service (RRAS) Remote Code Execution VulnerabilityImportant
Windows Routing and Remote Access Service (RRAS)CVE-2024-30022Windows Routing and Remote Access Service (RRAS) Remote Code Execution VulnerabilityImportant
Windows Task SchedulerCVE-2024-26238Microsoft PLUGScheduler Scheduled Task Elevation of Privilege VulnerabilityImportant
Windows Win32K - GRFXCVE-2024-30030Win32k Elevation of Privilege VulnerabilityImportant
Windows Win32K - ICOMPCVE-2024-30038Win32k Elevation of Privilege VulnerabilityImportant
Windows Win32K - ICOMPCVE-2024-30049Windows Win32 Kernel Subsystem Elevation of Privilege VulnerabilityImportant
Windows Win32K - ICOMPCVE-2024-30028Win32k Elevation of Privilege VulnerabilityImportant

Related Articles:

Microsoft June 2024 Patch Tuesday fixes 51 flaws, 18 RCEs

Windows 11 KB5039212 update released with 37 changes, fixes

Windows 10 KB5037768 update released with new features and 20 fixes

Windows 10 KB5039211 update released with new feature, 12 fixes

Windows 11 KB5037771 update released with 30 fixes, changes

Microsoft May 2024 Patch Tuesday fixes 3 zero-days, 61 flaws (2024)
Top Articles
What is net income?
Cash Flow Statement Quiz and Test | AccountingCoach
Richland One Frontline
Barbie Dekbedovertrek Unicorn - Eenpersoons - 140 x 200 cm - Katoen | bol
Ads of Cars for Sale in Lithuania
Luxury Real Estate in Schönwalde-Glien: Luxury Real Estate Listings
Super Bowl 59: Wettquoten vor den Training Camps 2024
How Tom Brady and Tampa Bay Buccaneers Beat the Chiefs to Win the Super Bowl (Published 2021)
eCourts Frequently Asked Questions | NJ Courts
Cacagirl Boyfriend Jay? Relationship Timeline And Age Gap
EM 2024: Ranking der Anhänger: Fanclub-Niveau! Deutsche Fans verpassen Top 10
Power Ranking Remaining Euro 2024 Teams Ahead of Knockout Stages
Latest Posts
Understanding Upfront Payment Terms: Guide - iwoca - iwoca
What is Negative Cash Flow & How to Manage It?
Article information

Author: Foster Heidenreich CPA

Last Updated:

Views: 6293

Rating: 4.6 / 5 (76 voted)

Reviews: 83% of readers found this page helpful

Author information

Name: Foster Heidenreich CPA

Birthday: 1995-01-14

Address: 55021 Usha Garden, North Larisa, DE 19209

Phone: +6812240846623

Job: Corporate Healthcare Strategist

Hobby: Singing, Listening to music, Rafting, LARPing, Gardening, Quilting, Rappelling

Introduction: My name is Foster Heidenreich CPA, I am a delightful, quaint, glorious, quaint, faithful, enchanting, fine person who loves writing and wants to share my knowledge and understanding with you.