May 18, 2024
By Cybervergent Team

Microsoft May 2024 Patch Tuesday

Summary:

Microsoft has releasedsecurity updates for May 2024 Patch Tuesday, addressing 61 vulnerabilities,including three zero-day vulnerabilities that are either actively exploited orpublicly disclosed. Among these vulnerabilities, one is rated critical, and itimpacts Microsoft SharePoint Server.

KeyHighlights:

TotalVulnerabilities Fixed: 61

Zero-dayVulnerabilities Fixed: 3 (two actively exploited, one publicly disclosed)

CriticalVulnerabilities Fixed: 1 (Microsoft SharePoint Server Remote Code Execution)

 

VulnerabilityBreakdown:

Elevationof Privilege: 17

SecurityFeature Bypass: 2

RemoteCode Execution: 27

InformationDisclosure: 7

Denialof Service: 3

Spoofing:4

 

Notable Zero-dayVulnerabilities:

CVE-2024-30040 -Windows MSHTML Platform Security Feature Bypass

·      Description:This vulnerability involves a bypass of OLE mitigations in Microsoft 365 andMicrosoft Office, potentially allowing an attacker to execute arbitrary code.

·      Impact: Anunauthenticated attacker could convince a user to open a malicious file,leading to code execution within the user's context.

·      Exploit Method:Enticement through Email or Instant Messenger.

·      Status:Actively exploited.

CVE-2024-30051 -Windows DWM Core Library Elevation of Privilege

·      Description:This vulnerability allows an attacker to gain SYSTEM privileges.

·      Impact:Successful exploitation provides SYSTEM-level privileges on a Windows device.

·      Exploit Method:Recent Qakbot malware phishing attacks.

·      Status:Actively exploited.

CVE-2024-30046 -Microsoft Visual Studio Denial of Service

·      Description: Apublicly disclosed denial of service vulnerability in Microsoft Visual Studio.

·      Impact:Potential service disruption.

·      Status:Publicly disclosed.

Recommendations:

·      Immediate Patch Application: All users andadministrators are strongly advised to apply these updates promptly to mitigatepotential risks.

·      User Awareness: Educate users about therisks of opening unsolicited emails or instant messages containing attachmentsor links.

·      Prioritize Critical Systems: Focus onupdating systems hosting critical applications like SharePoint and thosevulnerable to elevation of privilege exploits.

 

For more details on thesecurity updates and to access the patches, visit the Microsoft Security UpdateGuide.

Tags
#
cyberattacks
#
Security Advisory

Related articles

September 19, 2024
TrickMo: The Evolving Android Trojan

by Cybervergent Team

September 19, 2024
What Lies Beneath Your Excel Files?

by Cybervergent Team

September 19, 2024
The Kiosk Mode Trap: How to Protect Your Google Credentials

by Cybervergent Team

Nigeria
212/214 Herbert Macaulay Way, Yaba, Lagos, Nigeria
Ghana
39 Kofi Annan Street, Airport Residential Area, Accra Ghana
USA
4320 Stevens Creek Boulevard Ste 175 San Jose CA 95129 United States
Nigeria Address
Ghana Address
US Address
English

Company

Resources

Platform

Solutions

Privacy PolicyQuality PolicyInfosec PolicyEmail PolicyTerms of UseDisclaimerCookies
© Copyright 2024. All rights reserved