May 2024 Patch Tuesday: Microsoft releases 58 fixes this month including 2 Weaponised Threats.

Microsoft releases 58 fixes this month including 2 Weaponised Threats.

In Microsoft’s latest defensive manoeuvre, they have deployed an arsenal of 58 fixes this month, including the remediation of 2 weaponized threats.  Within this comprehensive bug list, 56 fixes of importance and moderate severity stand sentinel over several critical areas of the Microsoft ecosystem, spanning Windows, Windows Components, Office, Azure, .NET Framework, Visual Studio, and PowerBI.  This return to regular update cadence comes as a welcomed respite following the unprecedented bout of 147 updates last month.

Robert Brown, the Head of Customer Success at Syxsense, underscores the imperative of strategic prioritization in vulnerability management.  He warns of the presence of threats carrying the Jump Point, urging a vigilant approach.  With a combined CVSS score of 419.8 for May, and an average score of 7.2, the severity of the vulnerabilities demands thorough attention.

Drawing upon the metrics of Vendor Severity and CVSS Scores, we offer the following recommendations.  Swiftly integrate the provided CVE numbers into your Patch Management systems, and upon completion of thorough testing, deployment should proceed expeditiously.  Let us fortify our cyber defense with unwavering diligence and precision, together.

CVE-2024-30051 – Windows DWM Core Library Elevation of Privilege Vulnerability

An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

Note:  The vulnerability is being Weaponised & Publicly Aware

Syxscore

  • Vendor Severity: Important
  • CVSS: 7.8
  • Weaponised: Yes
  • Public Aware: Yes
  • Countermeasure: No

Risk

  • Attack Vector: Local
  • Attack Complexity: Low
  • Privileges Required: Low
  • User Interaction: None
  • Scope / Jump Point: Unchanged / No

CVE-2024-30040 – Windows MSHTML Platform Security Feature Bypass Vulnerability

An attacker would have to convince the user to load a malicious file onto a vulnerable system, typically by way of an enticement in an Email or Instant Messenger message, and then convince the user to manipulate the specially crafted file, but not necessarily click or open the malicious file.

This vulnerability bypasses OLE mitigations in Microsoft 365 and Microsoft Office which protect users from vulnerable COM/OLE controls.

Note:  The vulnerability is being Weaponised

Syxscore

  • Vendor Severity: Important
  • CVSS: 8.8
  • Weaponised: Yes
  • Public Aware: No
  • Countermeasure: Yes

Risk

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: Required
  • Scope / Jump Point: Unchanged / No

CVE-2024-30007 – Microsoft Brokering File System Elevation of Privilege Vulnerability

In this case, a successful attack could be performed from a low privilege AppContainer.  The attacker could elevate their privileges and execute code or access resources at a higher integrity level than that of the AppContainer execution environment.

Note:  The vulnerability has a Jump Point

Syxscore

  • Vendor Severity: Important
  • CVSS: 8.8
  • Weaponised: No
  • Public Aware: No
  • Countermeasure: No

Risk

  • Attack Vector: Local
  • Attack Complexity: Low
  • Privileges Required: Low
  • User Interaction: None
  • Scope / Jump Point: Changed / Yes
ReferenceDescriptionVendor SeverityCVSS ScorePublicly AwareWeaponisedCountermeasureAdditional NotesBug TypeExploitability Assessment
CVE-2024-30051Windows DWM Core Library Elevation of Privilege VulnerabilityImportant7.8YesYes An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.Elevation of PrivilegeExploitation Detected
CVE-2024-30040Windows MSHTML Platform Security Feature Bypass VulnerabilityImportant8.8NoYesYesAn attacker would have to convince the user to load a malicious file onto a vulnerable system, typically by way of an enticement in an Email or Instant Messenger message, and then convince the user to manipulate the specially crafted file, but not necessarily click or open the malicious file.Security Feature BypassExploitation Detected
CVE-2024-30046ASP.NET Core Denial of Service VulnerabilityImportant5.9YesNo  Denial of Service 
CVE-2024-30044Microsoft SharePoint Server Remote Code Execution VulnerabilityCritical8.8NoNo  Remote Code ExecutionExploitation More Likely
CVE-2024-30007Microsoft Brokering File System Elevation of Privilege VulnerabilityImportant8.8NoNo Scope = Changed, Jump Point = True

In this case, a successful attack could be performed from a low privilege AppContainer. The attacker could elevate their privileges and execute code or access resources at a higher integrity level than that of the AppContainer execution environment.

Elevation of Privilege 
CVE-2024-30006Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution VulnerabilityImportant8.8NoNo  Remote Code Execution 
CVE-2024-30010Windows Hyper-V Remote Code Execution VulnerabilityImportant8.8NoNo An attacker who successfully exploited this vulnerability could send malformed packets to Hyper-V Replica endpoints on the host from a remote machine.Remote Code Execution 
CVE-2024-30017Windows Hyper-V Remote Code Execution VulnerabilityImportant8.8NoNo  Remote Code Execution 
CVE-2024-30009Windows Routing and Remote Access Service (RRAS) Remote Code Execution VulnerabilityImportant8.8NoNo  Remote Code Execution 
CVE-2024-30020Windows Cryptographic Services Remote Code Execution VulnerabilityImportant8.1NoNo  Remote Code Execution 
CVE-2024-30042Microsoft Excel Remote Code Execution VulnerabilityImportant7.8NoNo  Remote Code Execution 
CVE-2024-26238Microsoft PLUG Scheduler Scheduled Task Elevation of Privilege VulnerabilityImportant7.8NoNo  Elevation of Privilege 
CVE-2024-29994Microsoft Windows SCSI Class System File Elevation of Privilege VulnerabilityImportant7.8NoNo An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.Elevation of Privilege 
CVE-2024-30027NTFS Elevation of Privilege VulnerabilityImportant7.8NoNo An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.Elevation of Privilege 
CVE-2024-30028Win32k Elevation of Privilege VulnerabilityImportant7.8NoNo A local, authenticated attacker could gain elevated local system or administrator privileges through a vulnerability in the Win32k.sys driver.Elevation of Privilege 
CVE-2024-30030Win32k Elevation of Privilege VulnerabilityImportant7.8NoNoYesTo exploit this vulnerability an attacker must have an account with the User role assigned.Elevation of PrivilegeExploitation More Likely
CVE-2024-30038Win32k Elevation of Privilege VulnerabilityImportant7.8NoNo A local, authenticated attacker could gain elevated local system or administrator privileges through a vulnerability in the Win32k.sys driver.Elevation of PrivilegeExploitation More Likely
CVE-2024-30031Windows CNG Key Isolation Service Elevation of Privilege VulnerabilityImportant7.8NoNo Scope = Changed, Jump Point = True

In this case, a successful attack could be performed from a low privilege AppContainer. The attacker could elevate their privileges and execute code or access resources at a higher integrity level than that of the AppContainer execution environment.

Elevation of Privilege 
CVE-2024-29996Windows Common Log File System Driver Elevation of Privilege VulnerabilityImportant7.8NoNo  Elevation of PrivilegeExploitation More Likely
CVE-2024-30025Windows Common Log File System Driver Elevation of Privilege VulnerabilityImportant7.8NoNo An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.Elevation of PrivilegeExploitation Less Likely
CVE-2024-30032Windows DWM Core Library Elevation of Privilege VulnerabilityImportant7.8NoNo An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.Elevation of PrivilegeExploitation More Likely
CVE-2024-30035Windows DWM Core Library Elevation of Privilege VulnerabilityImportant7.8NoNo An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.Elevation of PrivilegeExploitation More Likely
CVE-2024-30018Windows Kernel Elevation of Privilege VulnerabilityImportant7.8NoNo An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.Elevation of Privilege 
CVE-2024-30049Windows Win32 Kernel Subsystem Elevation of Privilege VulnerabilityImportant7.8NoNo An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.Elevation of PrivilegeExploitation More Likely
CVE-2024-30047Dynamics 365 Customer Insights Spoofing VulnerabilityImportant7.6NoNo Scope = Changed, Jump Point = True

The vulnerability is in the web server, but the malicious scripts execute in the victim’s browser on their machine.

Spoofing Vulnerability 
CVE-2024-30048Dynamics 365 Customer Insights Spoofing VulnerabilityImportant7.6NoNo Scope = Changed, Jump Point = True

The vulnerability is in the web server, but the malicious scripts execute in the victim’s browser on their machine.

Spoofing Vulnerability 
CVE-2024-30037Windows Common Log File System Driver Elevation of Privilege VulnerabilityImportant7.5NoNo  Elevation of PrivilegeExploitation More Likely
CVE-2024-30014Windows Routing and Remote Access Service (RRAS) Remote Code Execution VulnerabilityImportant7.5NoNo  Remote Code Execution 
CVE-2024-30015Windows Routing and Remote Access Service (RRAS) Remote Code Execution VulnerabilityImportant7.5NoNo  Remote Code Execution 
CVE-2024-30022Windows Routing and Remote Access Service (RRAS) Remote Code Execution VulnerabilityImportant7.5NoNo  Remote Code Execution 
CVE-2024-30023Windows Routing and Remote Access Service (RRAS) Remote Code Execution VulnerabilityImportant7.5NoNo  Remote Code Execution 
CVE-2024-30024Windows Routing and Remote Access Service (RRAS) Remote Code Execution VulnerabilityImportant7.5NoNo  Remote Code Execution 
CVE-2024-30029Windows Routing and Remote Access Service (RRAS) Remote Code Execution VulnerabilityImportant7.5NoNo  Remote Code Execution 
CVE-2024-30033Windows Search Service Elevation of Privilege VulnerabilityImportant7NoNo An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.Elevation of Privilege 
CVE-2024-29997Windows Mobile Broadband Driver Remote Code Execution VulnerabilityImportant6.8NoNo  Remote Code Execution 
CVE-2024-29998Windows Mobile Broadband Driver Remote Code Execution VulnerabilityImportant6.8NoNo  Remote Code Execution 
CVE-2024-29999Windows Mobile Broadband Driver Remote Code Execution VulnerabilityImportant6.8NoNo  Remote Code Execution 
CVE-2024-30000Windows Mobile Broadband Driver Remote Code Execution VulnerabilityImportant6.8NoNo  Remote Code Execution 
CVE-2024-30001Windows Mobile Broadband Driver Remote Code Execution VulnerabilityImportant6.8NoNo  Remote Code Execution 
CVE-2024-30002Windows Mobile Broadband Driver Remote Code Execution VulnerabilityImportant6.8NoNo  Remote Code Execution 
CVE-2024-30003Windows Mobile Broadband Driver Remote Code Execution VulnerabilityImportant6.8NoNo  Remote Code Execution 
CVE-2024-30004Windows Mobile Broadband Driver Remote Code Execution VulnerabilityImportant6.8NoNo  Remote Code Execution 
CVE-2024-30005Windows Mobile Broadband Driver Remote Code Execution VulnerabilityImportant6.8NoNo  Remote Code Execution 
CVE-2024-30012Windows Mobile Broadband Driver Remote Code Execution VulnerabilityImportant6.8NoNo  Remote Code Execution 
CVE-2024-30021Windows Mobile Broadband Driver Remote Code Execution VulnerabilityImportant6.8NoNo  Remote Code Execution 
CVE-2024-30019DHCP Server Service Denial of Service VulnerabilityImportant6.5NoNo  Denial of Service 
CVE-2024-30054Microsoft Power BI Client JavaScript SDK Information  Disclosure VulnerabilityImportant6.5NoNo  Information Disclosure 
CVE-2024-30043Microsoft SharePoint Server Information  Disclosure VulnerabilityImportant6.5NoNo  Information Disclosure 
CVE-2024-30036Windows Deployment Services Information  Disclosure VulnerabilityImportant6.5NoNo  Information Disclosure 
CVE-2024-30011Windows Hyper-V Denial of Service VulnerabilityImportant6.5NoNo  Denial of Service 
CVE-2024-30045.NET and Visual Studio Remote Code Execution VulnerabilityImportant6.3NoNo  Remote Code Execution 
CVE-2024-30059Microsoft Intune for Android Mobile Application Management Tampering VulnerabilityImportant6.1NoNo  Tampering 
CVE-2024-30034Windows Cloud Files Mini Filter Driver Information  Disclosure VulnerabilityImportant5.5NoNo Exploiting this vulnerability could allow the disclosure of certain kernel memory content.Information DisclosureExploitation More Likely
CVE-2024-30016Windows Cryptographic Services Information  Disclosure VulnerabilityImportant5.5NoNo An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory.Information Disclosure 
CVE-2024-30008Windows DWM Core Library Information  Disclosure VulnerabilityImportant5.5NoNo An attacker who successfully exploited this vulnerability could view heap memory from a privileged process running on the server.Information Disclosure 
CVE-2024-30039Windows Remote Access Connection Manager Information  Disclosure VulnerabilityImportant5.5NoNo An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory.Information Disclosure 
CVE-2024-30041Microsoft Bing Search Spoofing VulnerabilityImportant5.4NoNo  Spoofing Vulnerability 
CVE-2024-30050Windows Mark of the Web Security Feature Bypass VulnerabilityModerate5.4NoNo  Security Feature BypassExploitation More Likely