WARNING: MICROSOFT PATCH TUESDAY MAY 2024 PATCHES 59 VULNERABILITIES (1 CRITICAL, 57 IMPORTANT, 1 MODERATE), PATCH IMMEDIATELY!!
CVE/CVSS:
Microsoft patched 59 vulnerabilities in its May 2024 Patch Tuesday release, 1 rated as critical, 57 rated important. Including two actively exploited 0-day vulnerabilities.
Number of CVE by type:
- 25 Remote Code Execution vulnerabilities
- 17 Elevation of Privilege vulnerabilities
- 7 Information Disclosure vulnerabilities
- 4 Spoofing vulnerability
- 3 Denial of Service vulnerabilities
- 2 Security Feature Bypass vulnerabilities
- 1 Tampering vulnerability
Sources
Risks
Microsoft’s May 2024 Patch Tuesday includes 59 vulnerabilities (1 critical, 57 important and 1 moderate), for a wide range of Microsoft products, impacting Microsoft Server and Workstations. This Patch Tuesday includes two actively exploited vulnerabilities and two 0-Days. Some other vulnerabilities are also more likely to be exploited soon, therefore urgent patching is advised.
The only critical vulnerability this month is a Remote Code Execution vulnerability (CVE-2024-30044) in Microsoft SharePoint Server. Additionally, two vulnerabilities (CVE-2024-30051 and CVE-2024-30040) are currently being exploited in the wild. Immediate patching is strongly recommended to mitigate risks!
Description
Microsoft has released multiple patches for vulnerabilities covering a range of their products. These monthly releases are called “Patch Tuesday” and contain security fixes for Microsoft devices and software.
The CCB would like to point your attention to following vulnerabilities:
CVE-2024-30051: Windows DWM Core Library (Actively exploited – Zero-day)
Elevation of Privilege Vulnerability. This vulnerability allows a local attacker already present on a vulnerable system to exploit it and granting them SYSTEM privileges and complete control over the device. With a CVSSv3 score of 7.8, it's rated important. Microsoft noted that it was exploited in the wild as a zero-day. Kaspersky researchers report its use alongside QakBot and other malware, suggesting multiple threat actors have access to it.
CVE-2024-30040: Windows MSHTML Platform (Actively exploited – Zero-day)
Security Feature Bypass Vulnerability. An attacker can exploit this vulnerability by using social engineering tactics via email, social media or instant messaging to convince a target user to open a specially crafted document. Once exploited, an attacker could execute code on the target system. The vulnerability is exploited in the wild and was assigned a CVSSv3 score of 8.8 rated as important.
CVE-2024-30046: Visual Studio
Denial of Service Vulnerability. CVE-2024-30046 is a denial of service (DoS) vulnerability affecting multiple versions of Microsoft Visual Studio 2022. It was assigned a CVSSv3 score of 5.9 and is rated important. According to Microsoft’s Exploitability Index it is rated as “Exploitation Less Likely” and the Attack Complexity is High.
CVE-2024-30043: Microsoft SharePoint Server
Information Disclosure Vulnerability. An authenticated attacker could use this bug to read local files with SharePoint Farm service account user privileges. The scope of file content which could be accessed is dependent on the privileges of compromised user. According to Microsoft’s it is rated as “Exploitation Less Likely” and was assigned a score of 6.5.
CVE-2024-30044: Microsoft SharePoint Server
Remote Code Execution Vulnerability. To exploit this CVE, an attacker needs to be authenticated to a vulnerable SharePoint Server with Site Owner permissions to perform two steps: 1.) the attacker must upload a specially crafted file to the vulnerable SharePoint Server and 2.) send specially crafted API requests to the SharePoint Server in order to “trigger deserialization of file’s parameters. This attack requires no user interaction. This vulnerability is rated as “Exploitation More Likely” according to Microsoft and was assigned a CVSSv3 score of 8.8 rated as critical.
CVE-2024-30033: Microsoft Search Service
Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Successful exploitation of this vulnerability requires an attacker to take additional actions prior to exploitation to prepare the target environment. This vulnerability is rated as “Exploitation Less Likely” according to Microsoft and was assigned a CVSSv3 score of 7.0.
CVE-2024-29996 and CVE-2024-30025: Common Log File System Driver
Elevation of Privilege Vulnerabilities. An attacker who successfully exploited these vulnerabilities could gain SYSTEM privileges. These vulnerability are rated as “Exploitation More Likely” according to Microsoft and were assigned a CVSSv3 score of 7.8.
Recommended Actions
Patch
The Centre for Cybersecurity Belgium strongly recommends installing updates for vulnerable devices with the highest priority, after thorough testing.
Monitor/Detect
The CCB recommends organizations upscale monitoring and detection capabilities to identify any related suspicious activity, ensuring a swift response in case of an intrusion.
In case of an intrusion, you can report an incident via: https://cert.be/en/report-incident
While patching appliances or software to the newest version may provide safety from future exploitation, it does not remediate historic compromise.
References
- https://thehackernews.com/2024/05/microsoft-patches-61-flaws-including.html
- https://www.tenable.com/blog/microsofts-may-2024-patch-tuesday-addresses...
- https://www.zerodayinitiative.com/blog/2024/5/14/the-may-2024-security-u...
- https://www.techtarget.com/searchwindowsserver/news/366585000/Microsoft-...
- https://securityaffairs.com/163172/security/microsoft-patch-tuesday-may-...