May 2024 – Microsoft Patch Tuesday Highlights
Microsoft has fixed two zero-day vulnerabilities that are known to be exploited in the wild in this month’s security patches. Additionally, Microsoft fixed five flaws in the Chrome-based Microsoft Edge. This month, the vulnerabilities were patched early.
Updates for vulnerabilities in Microsoft Office and Components, Power BI, Visual Studio, Windows Cloud Files Mini Filter Driver, Windows Common Log File System Driver, Windows Cryptographic Services, and more are included in the May edition of Microsoft Patch Tuesday.
Microsoft has addressed a number of vulnerabilities in various software programs, including information disclosure, remote code execution (RCE), spoofing, elevation of privilege (EoP), denial of service (DoS), and security feature bypass.
The May 2024 Microsoft vulnerabilities are classified as follows:
| Vulnerability Category | Quantity | Severities |
| Spoofing Vulnerability | 4 | Important: 4 |
| Denial of Service Vulnerability | 3 | Important: 3 |
| Elevation of Privilege Vulnerability | 17 | Important: 17 |
| Information Disclosure Vulnerability | 7 | Important: 7 |
| Remote Code Execution Vulnerability | 27 | Critical: 1 Important: 26 |
| Security Feature Bypass Vulnerability | 2 | Important: 1 |
CVE-2024-30040
One browser engine that is often used in conjunction with Internet Explorer is Windows MSHTML. Despite the fact that Microsoft is continually patching MSHTML vulnerabilities, the Internet Explorer (IE) 11 desktop program is no longer supported.
OLE mitigations in Microsoft Office and Microsoft 365, which shield users from weak COM/OLE controls, can be circumvented by the vulnerability. This vulnerability could be used by an unauthenticated attacker to execute code by tricking a user into opening a malicious document.
This CVE has been added by CISA to its catalog of known exploited vulnerabilities, and users are asked to fix it by May 6, 2024. The connection between CVE-2024-30051 and QakBot, a potent malware threat that is always changing, increases the risk.
CVE-2024-30051
System managers such as the Microsoft Windows Desktop Window Manager (DWM) Core Library are responsible for producing all observable elements on a computer, such as themes, wallpapers, menus, and other visual elements. It goes by the name Desktop Compositing Engine (DCE) and has been a feature of Microsoft Windows since Windows Vista.
If the exploit is effective, the attacker might be able to obtain SYSTEM privileges.
This CVE has been added by CISA to its catalog of known exploited vulnerabilities, and users are asked to fix it by May 6, 2024.
CVE-2024-30044
Using the web-based platform Microsoft SharePoint, businesses may build websites for information sharing, storing, organizing, and access. SharePoint is compatible with PCs, Macs, and mobile devices and is part of Microsoft 365.
To cause the deserialization of the file’s arguments, an authorized attacker with Site Owner access or above could upload a specially created file to the targeted SharePoint Server and create unique API queries. If the vulnerability is successfully exploited, an attacker might be able to execute code remotely while using the SharePoint Server.
Other Vulnerabilities:
- The Windows Common Log File System Driver contains two elevation of privilege vulnerabilities, CVE-2024-29996 and CVE-2024-30025. If the exploit is effective, the attacker might be able to obtain SYSTEM privileges.
- A security feature bypass vulnerability in Windows Mark of the Web is identified as CVE-2024-30050. To take advantage of this vulnerability, an attacker may host a file on a server and persuade a specific user to download and open the file. After successful exploitation, an attacker may modify the Mark of the Web’s functionality.
- An elevation of privilege vulnerability in the Windows DWM Core Library is identified as CVE-2024-30032. If the exploit is effective, the attacker might be able to obtain SYSTEM privileges.
- The Windows Cloud Files Mini Filter Driver has two information disclosure vulnerabilities: CVE-2024-30034 and CVE-2024-30035. If the attack is successful, the attacker could reveal specific contents of the kernel memory.
- A Win32k elevation of privilege vulnerability is identified as CVE-2024-30038. If the vulnerability is successfully exploited, a local, authenticated attacker might be able to escalate their privileges as an administrator or local system.
- An elevation of privilege vulnerability in the Windows Win32 Kernel Subsystem is identified as CVE-2024-30049. If the exploit is effective, the attacker might be able to obtain SYSTEM privileges.
List of CVEs in the Patch Tuesday Updates
| CVE | Title | Severity | CVSS | Exploited | Type |
| CVE-2024-30044 | Microsoft SharePoint Server Remote Code Execution Vulnerability | Critical | 8.8 | No | RCE |
| CVE-2024-4331 * | Chromium: CVE-2024-4331 Use after free in Picture In Picture | High | N/A | No | RCE |
| CVE-2024-4368* | Chromium: CVE-2024-4368 Use after free in Dawn | High | N/A | No | RCE |
| CVE-2024-30051 | Windows DWM Core Library Elevation of Privilege Vulnerability | Important | 7.8 | Yes | EoP |
| CVE-2024-30040 | Windows MSHTML Platform Security Feature Bypass Vulnerability | Important | 8.8 | Yes | SFB |
| CVE-2024-30046 | ASP.NET Core Denial of Service Vulnerability | Important | 5.9 | No | DoS |
| CVE-2024-30045 | .NET and Visual Studio Remote Code Execution Vulnerability | Important | 6.3 | No | RCE |
| CVE-2024-30053# | Azure Migrate Spoofing Vulnerability | Important | 7.5 | No | Spoofing |
| CVE-2024-32002* | CVE-2023-32002 Recursive clones on case-insensitive filesystems that support symlinks are susceptible to Remote Code Execution | Important | 9.8 | No | RCE |
| CVE-2024-30019 | DHCP Server Service Denial of Service Vulnerability | Important | 6.5 | No | DoS |
| CVE-2024-30047 | Dynamics 365 Customer Insights Spoofing Vulnerability | Important | 7.6 | No | Spoofing |
| CVE-2024-30048 | Dynamics 365 Customer Insights Spoofing Vulnerability | Important | 7.6 | No | Spoofing |
| CVE-2024-32004 * | GitHub: CVE-2024-32004 GitHub: CVE-2023-32004 Remote Code Execution while cloning special-crafted local repositories | Important | 8.8 | No | RCE |
| CVE-2024-30041 | Microsoft Bing Search Spoofing Vulnerability | Important | 5.4 | No | Spoofing |
| CVE-2024-30007 | Microsoft Brokering File System Elevation of Privilege Vulnerability | Important | 8.8 | No | EoP |
| CVE-2024-30042 | Microsoft Excel Remote Code Execution Vulnerability | Important | 7.8 | No | RCE |
| CVE-2024-26238 | Microsoft PLUGScheduler Scheduled Task Elevation of Privilege Vulnerability | Important | 7.8 | No | EoP |
| CVE-2024-30054 | Microsoft Power BI Client Javascript SDK Information Disclosure Vulnerability | Important | 6.5 | No | Info |
| CVE-2024-30043 | Microsoft SharePoint Server Information Disclosure Vulnerability | Important | 6.5 | No | Info |
| CVE-2024-30006 | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | Important | 8.8 | No | RCE |
| CVE-2024-29994 | Microsoft Windows SCSI Class System File Elevation of Privilege Vulnerability | Important | 7.8 | No | EoP |
| CVE-2024-30027 | NTFS Elevation of Privilege Vulnerability | Important | 7.8 | No | EoP |
| CVE-2024-30028 | Win32k Elevation of Privilege Vulnerability | Important | 7.8 | No | EoP |
| CVE-2024-30030 | Win32k Elevation of Privilege Vulnerability | Important | 7.8 | No | EoP |
| CVE-2024-30038 | Win32k Elevation of Privilege Vulnerability | Important | 7.8 | No | EoP |
| CVE-2024-30034 | Windows Cloud Files Mini Filter Driver Information Disclosure Vulnerability | Important | 5.5 | No | Info |
| CVE-2024-30031 | Windows CNG Key Isolation Service Elevation of Privilege Vulnerability | Important | 7.8 | No | EoP |
| CVE-2024-29996 | Windows Common Log File System Driver Elevation of Privilege Vulnerability | Important | 7.8 | No | EoP |
| CVE-2024-30025 | Windows Common Log File System Driver Elevation of Privilege Vulnerability | Important | 7.8 | No | EoP |
| CVE-2024-30037 | Windows Common Log File System Driver Elevation of Privilege Vulnerability | Important | 7.5 | No | EoP |
| CVE-2024-30016 | Windows Cryptographic Services Information Disclosure Vulnerability | Important | 5.5 | No | Info |
| CVE-2024-30020 | Windows Cryptographic Services Remote Code Execution Vulnerability | Important | 8.1 | No | RCE |
| CVE-2024-30036 | Windows Deployment Services Information Disclosure Vulnerability | Important | 6.5 | No | Info |
| CVE-2024-30032 | Windows DWM Core Library Elevation of Privilege Vulnerability | Important | 7.8 | No | EoP |
| CVE-2024-30035 | Windows DWM Core Library Elevation of Privilege Vulnerability | Important | 7.8 | No | EoP |
| CVE-2024-30008 | Windows DWM Core Library Information Disclosure Vulnerability | Important | 5.5 | No | Info |
| CVE-2024-30011 | Windows Hyper-V Denial of Service Vulnerability | Important | 6.5 | No | DoS |
| CVE-2024-30010 | Windows Hyper-V Remote Code Execution Vulnerability | Important | 8.8 | No | RCE |
| CVE-2024-30017 | Windows Hyper-V Remote Code Execution Vulnerability | Important | 8.8 | No | RCE |
| CVE-2024-30018 | Windows Kernel Elevation of Privilege Vulnerability | Important | 7.8 | No | EoP |
| CVE-2024-29997 | Windows Mobile Broadband Driver Remote Code Execution Vulnerability | Important | 6.8 | No | RCE |
| CVE-2024-29998 | Windows Mobile Broadband Driver Remote Code Execution Vulnerability | Important | 6.8 | No | RCE |
| CVE-2024-29999 | Windows Mobile Broadband Driver Remote Code Execution Vulnerability | Important | 6.8 | No | RCE |
| CVE-2024-30000 | Windows Mobile Broadband Driver Remote Code Execution Vulnerability | Important | 6.8 | No | RCE |
| CVE-2024-30001 | Windows Mobile Broadband Driver Remote Code Execution Vulnerability | Important | 6.8 | No | RCE |
| CVE-2024-30002 | Windows Mobile Broadband Driver Remote Code Execution Vulnerability | Important | 6.8 | No | RCE |
| CVE-2024-30003 | Windows Mobile Broadband Driver Remote Code Execution Vulnerability | Important | 6.8 | No | RCE |
| CVE-2024-30004 | Windows Mobile Broadband Driver Remote Code Execution Vulnerability | Important | 6.8 | No | RCE |
| CVE-2024-30005 | Windows Mobile Broadband Driver Remote Code Execution Vulnerability | Important | 6.8 | No | RCE |
| CVE-2024-30012 | Windows Mobile Broadband Driver Remote Code Execution Vulnerability | Important | 6.8 | No | RCE |
| CVE-2024-30021 | Windows Mobile Broadband Driver Remote Code Execution Vulnerability | Important | 6.8 | No | RCE |
| CVE-2024-30039 | Windows Remote Access Connection Manager Information Disclosure Vulnerability | Important | 5.5 | No | Info |
| CVE-2024-30009 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | Important | 8.8 | No | RCE |
| CVE-2024-30014 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | Important | 7.5 | No | RCE |
| CVE-2024-30015 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | Important | 7.5 | No | RCE |
| CVE-2024-30022 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | Important | 7.5 | No | RCE |
| CVE-2024-30023 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | Important | 7.5 | No | RCE |
| CVE-2024-30024 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | Important | 7.5 | No | RCE |
| CVE-2024-30029 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | Important | 7.5 | No | RCE |
| CVE-2024-30033 | Windows Search Service Elevation of Privilege Vulnerability | Important | 7 | No | EoP |
| CVE-2024-30049 | Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability | Important | 7.8 | No | EoP |
| CVE-2024-30059 | Microsoft Intune for Android Mobile Application Management Tampering Vulnerability | Important | 6.1 | No | Tampering |
| CVE-2024-30050 | Windows Mark of the Web Security Feature Bypass Vulnerability | Moderate | 5.4 | No | SFB |
Recommendations
- Give the installation of all Microsoft software’s May 2024 Patch Tuesday upgrades top priority. To reduce vulnerabilities, particularly the two actively exploited zero-days, make sure both operating systems and applications are up to date.
- To fix the 30 vulnerabilities that have been fixed, including the two major zero-days, update your Edge browser to the most recent version. Edge is built on Chromium.
- Perform comprehensive system audits in order to find any indications that the vulnerabilities CVE-2024-30040 and CVE-2024-30051 are being exploited. Seek out signs of compromise and, should any questionable activity be discovered, take appropriate action.
- Pay attention to security advisories and notifications from CISA and other cybersecurity agencies, as well as Microsoft. Make sure you install any updates or patches that are made available in response to these vulnerabilities as soon as possible.
- The security policies for the organization should be reviewed and updated to include the steps for timely patch management and vulnerability mitigation. Make sure that these guidelines are routinely audited and properly adhered to.