Microsoft rolled out its scheduled Patch Tuesday replace for Could 2024 this week. Not like the earlier month’s replace, this time, the updates tackle three zero-day vulnerabilities alongside different safety fixes.
Microsoft Could 2024 Patch Tuesday Updates Arrived
A very powerful safety fixes included with Microsoft’s Could Patch Tuesday tackle three totally different zero-day vulnerabilities. Whereas none of those vulnerabilities obtained a important severity score, they nonetheless maintain significance on account of their energetic exploitation or public disclosure earlier than receiving the fixes.
Particularly, these three zero-day flaws embody the next.
- CVE-2024-30040 (CVSS 8.8): An necessary severity safety characteristic bypass affecting Home windows MSHTML Platform. This vulnerability exists on account of bypassing OLE mitigations in Microsoft 365 and Microsoft Workplace. An adversary may exploit the flaw by tricking the goal consumer into loading a maliciously crafted file. As soon as executed the unauthenticated adversary would acquire code execution privileges on the goal system.
- CVE-2024-30051 (CVSS 7.8): An necessary severity heap-based buffer overflow vulnerability affecting Home windows DWM Core Library. An attacker may exploit the flaw to achieve elevated privileges on the goal system.
- CVE-2024-30046 (CVSS 5.9): An necessary severity vulnerability affecting Visible Studio. An adversary may exploit the flaw to set off denial of service on the goal system.
In addition to, one other noteworthy vulnerability within the Could 2024 Patch Tuesday Microsoft updates is a important severity distant code execution flaw. Recognized as CVE-2024-30044, this vulnerability existed within the Microsoft SharePoint Server. Exploiting the flaw required an attacker to have authenticated entry with the Website Proprietor or increased permissions. Then, the adversary would add a maliciously crafted file to set off deserialization of the file’s parameters and execute arbitrary codes on the goal SharePoint Server.
As well as, Microsoft additionally launched over 50 different safety patches with this replace, rolling out 59 safety fixes this month. The opposite necessary severity vulnerabilities embody 2 denial of service vulnerabilities, 16 privilege escalation flaws, 7 info disclosure points, 24 distant code execution vulnerabilities, 4 spoofing vulnerabilities, 1 tampering problem, and 1 average severity safety characteristic bypass affecting Home windows Mark of the Net (CVE-2024-30050).
Tell us your ideas within the feedback.
