Microsoft Security Update may

In its May 2024 Patch Tuesday release, Microsoft addressed 60 vulnerabilities, including 2 zero-day vulnerabilities actively exploited in the wild.

The updates cover a range of vulnerability categories.

EHA
  • 27 Remote Code Execution Vulnerabilities
  • 17 Elevation of Privilege Vulnerabilities
  • 7 Information Disclosure Vulnerabilities
  • 4 Spoofing Vulnerabilities.
  • 3 Denial of Service Vulnerabilities
  • 2 Security Feature Bypass Vulnerabilities

Zero-Day Vulnerabilities Addressed

Microsoft has patched two actively exploited zero-day vulnerabilities in this update:

CVE-2024-30040 – Windows MSHTML Platform Security Feature Bypass Vulnerability

This flaw could enable attackers to bypass OLE mitigations in Microsoft 365 and Microsoft Office.

An attacker must get the user to load a malicious file onto a weak system by offering something tempting in an email or instant message. Then, they would have to get the user to change the specially made file but not necessarily open or click on the malicious file.

Successful exploitation requires convincing a user to open a malicious document, potentially leading to arbitrary code execution.

CVE-2024-30051 – Windows DWM Core Library Elevation of Privilege Vulnerability

This vulnerability could grant an attacker SYSTEM privileges on Windows devices. Recent Qakbot malware phishing attacks have exploited this flaw to gain elevated privileges.

Vlad Stolyarov and Benoit Sevens of Google Threat Analysis Group, Bryce Abdo, and Adam Brunner of Google Mandiant reported the vulnerability.

Study malware before it attacks: Join 400,000 professionals using the ANY.RUN malware sandbox. Sign up for free

List of 60 Vulnerabilities & Fixes:

Windows Task SchedulerCVE-2024-26238
Microsoft Windows SCSI Class System FileCVE-2024-29994
Windows Common Log File System DriverCVE-2024-29996
Windows Mobile BroadbandCVE-2024-29997
Windows Mobile BroadbandCVE-2024-29998
Windows Mobile BroadbandCVE-2024-29999
Windows Mobile BroadbandCVE-2024-30000
Windows Mobile BroadbandCVE-2024-30001
Windows Mobile BroadbandCVE-2024-30002
Windows Mobile BroadbandCVE-2024-30003
Windows Mobile BroadbandCVE-2024-30004
Windows Mobile BroadbandCVE-2024-30005
Microsoft WDAC OLE DB provider for SQLCVE-2024-30006
Microsoft Brokering File SystemCVE-2024-30007
Windows DWM Core LibraryCVE-2024-30008
Windows Routing and Remote Access Service (RRAS)CVE-2024-30009
Windows Hyper-VCVE-2024-30010
Windows Hyper-VCVE-2024-30011
Windows Mobile BroadbandCVE-2024-30012
Windows Routing and Remote Access Service (RRAS)CVE-2024-30014
Windows Routing and Remote Access Service (RRAS)CVE-2024-30015
Windows Cryptographic ServicesCVE-2024-30016
Windows Hyper-VCVE-2024-30017
Windows KernelCVE-2024-30018
Windows DHCP ServerCVE-2024-30019
Windows Cryptographic ServicesCVE-2024-30020
Windows Mobile BroadbandCVE-2024-30021
Windows Routing and Remote Access Service (RRAS)CVE-2024-30022
Windows Routing and Remote Access Service (RRAS)CVE-2024-30023
Windows Routing and Remote Access Service (RRAS)CVE-2024-30024
Windows Common Log File System DriverCVE-2024-30025
Windows NTFSCVE-2024-30027
Windows Win32K – ICOMPCVE-2024-30028
Windows Routing and Remote Access Service (RRAS)CVE-2024-30029
Windows Win32K – GRFXCVE-2024-30030
Windows CNG Key Isolation ServiceCVE-2024-30031
Windows DWM Core LibraryCVE-2024-30032
Microsoft Windows Search ComponentCVE-2024-30033
Windows Cloud Files Mini Filter DriverCVE-2024-30034
Windows DWM Core LibraryCVE-2024-30035
Windows Deployment ServicesCVE-2024-30036
Windows Common Log File System DriverCVE-2024-30037
Windows Win32K – ICOMPCVE-2024-30038
Windows Remote Access Connection ManagerCVE-2024-30039
Windows MSHTML PlatformCVE-2024-30040
Microsoft BingCVE-2024-30041
Microsoft Office ExcelCVE-2024-30042
Microsoft Office SharePointCVE-2024-30043
Microsoft Office SharePointCVE-2024-30044
.NET and Visual StudioCVE-2024-30045
Visual StudioCVE-2024-30046
Microsoft Dynamics 365 Customer InsightsCVE-2024-30047
Microsoft Dynamics 365 Customer InsightsCVE-2024-30048
Windows Win32K – ICOMPCVE-2024-30049
Windows Mark of the Web (MOTW)CVE-2024-30050
Windows DWM Core LibraryCVE-2024-30051
Azure MigrateCVE-2024-30053
Power BICVE-2024-30054
Microsoft Edge (Chromium-based)CVE-2024-30055
Microsoft IntuneCVE-2024-30059

Along with Microsoft, Adobe released security updates addressing the following vulnerabilities:

APSB24-29 : Security update available for Adobe Acrobat Reader
APSB24-30 : Security update available for Adobe Illustrator
APSB24-31 : Security update available for Adobe Substance3D Painter
APSB24-33 : Security update available for Adobe Aero
APSB24-35 : Security update available for Adobe Substance3D Designer
APSB24-36 : Security update available for Adobe Animate
APSB24-37 : Security update available for Adobe FrameMaker
APSB24-39 : Security update available for Adobe Dreamweaver

Users of the affected Microsoft products mentioned in the security advisory are advised to upgrade to the latest software releases to prevent the vulnerabilities from being exploited. 

Before installing system updates, it’s highly recommended that you consider the importance of creating a backup for your system or essential documents and data. This precautionary measure is always recommended to prevent data loss.

On-Demand Webinar to Secure the Top 3 SME Attack Vectors: Watch for Free

Balaji N
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.