Microsoft’s May 2024 Patch Tuesday Addresses 61 Vulnerabilities Including 3 Zero-Days

May 14, 2024

Microsoft's May 2024 Patch Tuesday has brought forth updates addressing 61 security flaws, including three zero-days that were either actively exploited or publicly disclosed. The only critical vulnerability fixed in this patch is related to Microsoft SharePoint Server.

The total count of 61 vulnerabilities does not include the Microsoft Edge flaws that were rectified on May 2nd and May 10th. For more information on the non-security updates released on this day, readers can review articles dedicated to the new Windows 11 KB5037771 cumulative update.

This month's Patch Tuesday addresses two zero-days that were actively exploited and one that has been publicly disclosed. Microsoft defines a zero-day as a vulnerability that has been publicly disclosed or actively exploited without an official fix being available.

The two zero-days that are being actively exploited and have been addressed in today's updates are CVE-2024-30040 and CVE-2024-30051. The former is a Windows MSHTML Platform Security Feature Bypass Vulnerability. Microsoft has fixed an actively exploited bypass to Object Linking and Embedding (OLE) mitigations, which had been implemented in Microsoft 365 and Microsoft Office to protect users from vulnerable Component Object Model (COM)/OLE controls. As per Microsoft, an attacker would need to persuade the user to load a malicious file onto a vulnerable system, typically through an email or instant messenger message, and then convince the user to manipulate the specially crafted file. Microsoft further clarified that an unauthenticated attacker who successfully exploits this vulnerability could gain code execution by convincing a user to open a malicious document, allowing the attacker to execute arbitrary code in the user's context. The details of the flaw's discovery and its misuse in attacks remain undisclosed.

The second zero-day, CVE-2024-30051, pertains to a Windows Desktop Window Manager (DWM) Core Library Elevation of Privilege Vulnerability. Microsoft has addressed an actively exploited flaw in the Windows DWM Core Library that grants SYSTEM privileges. According to a brief report from Kaspersky, recent phishing attacks using the Qakbot malware employed malicious documents to exploit the flaw and secure SYSTEM privileges on Windows devices. Microsoft acknowledged the researchers who disclosed the flaw, including Mert Degirmenci and Boris Larin from Kaspersky, Quan Jin from DBAPPSecurity WeBin Lab, Guoxian Zhong from DBAPPSecurity WeBin Lab, and Vlad Stolyarov and Benoit Sevens from Google Threat Analysis Group, as well as Bryce Abdo and Adam Brunner from Google Mandiant. Microsoft also revealed that CVE-2024-30051 had been publicly disclosed, although the details of this disclosure were not provided.

Additionally, Microsoft reported a Denial of Service flaw in Microsoft Visual Studio, tracked as CVE-2024-30046, which was also publicly disclosed. Other vendors who released updates or advisories in May 2024 were not specified. Unfortunately, links to SAP's Patch Tuesday security updates will no longer be provided as they now require customer login.

A comprehensive list of vulnerabilities resolved in the May 2024 Patch Tuesday updates is available, providing full descriptions of each vulnerability and the systems it affects.

Latest News

• QakBot Malware Attacks Exploiting Windows Zero-Day Vulnerability Addressed by Microsoft
• Google Scrambles to Patch Chrome Zero-Day Vulnerabilities Allowing Sandbox Escape
• Apple Patches Safari WebKit Zero-Day Exploit Uncovered at Pwn2Own
• VMware Patches Trio of Zero-Day Vulnerabilities Exposed at Pwn2Own 2024
• Google Chrome Rolls Out Emergency Patch for 6th Zero-Day Exploit of 2024