Microsoft releases 58 fixes for May 2024 Patch Tuesday including 2 Weaponised Threats
In Microsoft’s latest defensive manoeuvre, they have deployed an arsenal of 58 fixes this month, including the remediation of 2 weaponized threats. Within this comprehensive bug list, 56 fixes of importance and moderate severity stand sentinel over several critical areas of the Microsoft ecosystem, spanning Windows, Windows Components, Office, Azure, .NET Framework, Visual Studio, and PowerBI. This return to regular update cadence comes as a welcomed respite following the unprecedented bout of 147 updates last month.
Robert Brown, the Head of Customer Success at Syxsense, underscores the imperative of strategic prioritization in vulnerability management. He warns of the presence of threats carrying the Jump Point, urging a vigilant approach. With a combined CVSS score of 419.8 for May, and an average score of 7.2, the severity of the vulnerabilities demands thorough attention.
Drawing upon the metrics of Vendor Severity and CVSS Scores, we offer the following recommendations. Swiftly integrate the provided CVE numbers into your Patch Management systems, and upon completion of thorough testing, deployment should proceed expeditiously. Let us fortify our cyber defense with unwavering diligence and precision, together.
CVE-2024-30051 – Windows DWM Core Library Elevation of Privilege Vulnerability
An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.
Note: The vulnerability is being Weaponised & Publicly Aware
Syxscore
- Vendor Severity: Important
- CVSS: 7.8
- Weaponised: Yes
- Public Aware: Yes
- Countermeasure: No
Risk
- Attack Vector: Local
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Scope / Jump Point: Unchanged / No
CVE-2024-30040 – Windows MSHTML Platform Security Feature Bypass Vulnerability
An attacker would have to convince the user to load a malicious file onto a vulnerable system, typically by way of an enticement in an Email or Instant Messenger message, and then convince the user to manipulate the specially crafted file, but not necessarily click or open the malicious file.
This vulnerability bypasses OLE mitigations in Microsoft 365 and Microsoft Office which protect users from vulnerable COM/OLE controls.
Note: The vulnerability is being Weaponised
Syxscore
- Vendor Severity: Important
- CVSS: 8.8
- Weaponised: Yes
- Public Aware: No
- Countermeasure: Yes
Risk
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope / Jump Point: Unchanged / No
CVE-2024-30007 – Microsoft Brokering File System Elevation of Privilege Vulnerability
In this case, a successful attack could be performed from a low privilege AppContainer. The attacker could elevate their privileges and execute code or access resources at a higher integrity level than that of the AppContainer execution environment.
Note: The vulnerability has a Jump Point
Syxscore
- Vendor Severity: Important
- CVSS: 8.8
- Weaponised: No
- Public Aware: No
- Countermeasure: No
Risk
- Attack Vector: Local
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Scope / Jump Point: Changed / Yes
| Reference | Description | Vendor Severity | CVSS Score | Publicly Aware | Weaponised | Countermeasure | Additional Notes | Bug Type | Exploitability Assessment |
| CVE-2024-30051 | Windows DWM Core Library Elevation of Privilege Vulnerability | Important | 7.8 | Yes | Yes | An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. | Elevation of Privilege | Exploitation Detected | |
| CVE-2024-30040 | Windows MSHTML Platform Security Feature Bypass Vulnerability | Important | 8.8 | No | Yes | Yes | An attacker would have to convince the user to load a malicious file onto a vulnerable system, typically by way of an enticement in an Email or Instant Messenger message, and then convince the user to manipulate the specially crafted file, but not necessarily click or open the malicious file. | Security Feature Bypass | Exploitation Detected |
| CVE-2024-30046 | ASP.NET Core Denial of Service Vulnerability | Important | 5.9 | Yes | No | Denial of Service | |||
| CVE-2024-30044 | Microsoft SharePoint Server Remote Code Execution Vulnerability | Critical | 8.8 | No | No | Remote Code Execution | Exploitation More Likely | ||
| CVE-2024-30007 | Microsoft Brokering File System Elevation of Privilege Vulnerability | Important | 8.8 | No | No | Scope = Changed, Jump Point = True
In this case, a successful attack could be performed from a low privilege AppContainer. The attacker could elevate their privileges and execute code or access resources at a higher integrity level than that of the AppContainer execution environment. |
Elevation of Privilege | ||
| CVE-2024-30006 | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | Important | 8.8 | No | No | Remote Code Execution | |||
| CVE-2024-30010 | Windows Hyper-V Remote Code Execution Vulnerability | Important | 8.8 | No | No | An attacker who successfully exploited this vulnerability could send malformed packets to Hyper-V Replica endpoints on the host from a remote machine. | Remote Code Execution | ||
| CVE-2024-30017 | Windows Hyper-V Remote Code Execution Vulnerability | Important | 8.8 | No | No | Remote Code Execution | |||
| CVE-2024-30009 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | Important | 8.8 | No | No | Remote Code Execution | |||
| CVE-2024-30020 | Windows Cryptographic Services Remote Code Execution Vulnerability | Important | 8.1 | No | No | Remote Code Execution | |||
| CVE-2024-30042 | Microsoft Excel Remote Code Execution Vulnerability | Important | 7.8 | No | No | Remote Code Execution | |||
| CVE-2024-26238 | Microsoft PLUG Scheduler Scheduled Task Elevation of Privilege Vulnerability | Important | 7.8 | No | No | Elevation of Privilege | |||
| CVE-2024-29994 | Microsoft Windows SCSI Class System File Elevation of Privilege Vulnerability | Important | 7.8 | No | No | An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. | Elevation of Privilege | ||
| CVE-2024-30027 | NTFS Elevation of Privilege Vulnerability | Important | 7.8 | No | No | An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. | Elevation of Privilege | ||
| CVE-2024-30028 | Win32k Elevation of Privilege Vulnerability | Important | 7.8 | No | No | A local, authenticated attacker could gain elevated local system or administrator privileges through a vulnerability in the Win32k.sys driver. | Elevation of Privilege | ||
| CVE-2024-30030 | Win32k Elevation of Privilege Vulnerability | Important | 7.8 | No | No | Yes | To exploit this vulnerability an attacker must have an account with the User role assigned. | Elevation of Privilege | Exploitation More Likely |
| CVE-2024-30038 | Win32k Elevation of Privilege Vulnerability | Important | 7.8 | No | No | A local, authenticated attacker could gain elevated local system or administrator privileges through a vulnerability in the Win32k.sys driver. | Elevation of Privilege | Exploitation More Likely | |
| CVE-2024-30031 | Windows CNG Key Isolation Service Elevation of Privilege Vulnerability | Important | 7.8 | No | No | Scope = Changed, Jump Point = True
In this case, a successful attack could be performed from a low privilege AppContainer. The attacker could elevate their privileges and execute code or access resources at a higher integrity level than that of the AppContainer execution environment. |
Elevation of Privilege | ||
| CVE-2024-29996 | Windows Common Log File System Driver Elevation of Privilege Vulnerability | Important | 7.8 | No | No | Elevation of Privilege | Exploitation More Likely | ||
| CVE-2024-30025 | Windows Common Log File System Driver Elevation of Privilege Vulnerability | Important | 7.8 | No | No | An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. | Elevation of Privilege | Exploitation Less Likely | |
| CVE-2024-30032 | Windows DWM Core Library Elevation of Privilege Vulnerability | Important | 7.8 | No | No | An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. | Elevation of Privilege | Exploitation More Likely | |
| CVE-2024-30035 | Windows DWM Core Library Elevation of Privilege Vulnerability | Important | 7.8 | No | No | An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. | Elevation of Privilege | Exploitation More Likely | |
| CVE-2024-30018 | Windows Kernel Elevation of Privilege Vulnerability | Important | 7.8 | No | No | An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. | Elevation of Privilege | ||
| CVE-2024-30049 | Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability | Important | 7.8 | No | No | An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. | Elevation of Privilege | Exploitation More Likely | |
| CVE-2024-30047 | Dynamics 365 Customer Insights Spoofing Vulnerability | Important | 7.6 | No | No | Scope = Changed, Jump Point = True
The vulnerability is in the web server, but the malicious scripts execute in the victim’s browser on their machine. |
Spoofing Vulnerability | ||
| CVE-2024-30048 | Dynamics 365 Customer Insights Spoofing Vulnerability | Important | 7.6 | No | No | Scope = Changed, Jump Point = True
The vulnerability is in the web server, but the malicious scripts execute in the victim’s browser on their machine. |
Spoofing Vulnerability | ||
| CVE-2024-30037 | Windows Common Log File System Driver Elevation of Privilege Vulnerability | Important | 7.5 | No | No | Elevation of Privilege | Exploitation More Likely | ||
| CVE-2024-30014 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | Important | 7.5 | No | No | Remote Code Execution | |||
| CVE-2024-30015 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | Important | 7.5 | No | No | Remote Code Execution | |||
| CVE-2024-30022 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | Important | 7.5 | No | No | Remote Code Execution | |||
| CVE-2024-30023 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | Important | 7.5 | No | No | Remote Code Execution | |||
| CVE-2024-30024 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | Important | 7.5 | No | No | Remote Code Execution | |||
| CVE-2024-30029 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | Important | 7.5 | No | No | Remote Code Execution | |||
| CVE-2024-30033 | Windows Search Service Elevation of Privilege Vulnerability | Important | 7 | No | No | An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. | Elevation of Privilege | ||
| CVE-2024-29997 | Windows Mobile Broadband Driver Remote Code Execution Vulnerability | Important | 6.8 | No | No | Remote Code Execution | |||
| CVE-2024-29998 | Windows Mobile Broadband Driver Remote Code Execution Vulnerability | Important | 6.8 | No | No | Remote Code Execution | |||
| CVE-2024-29999 | Windows Mobile Broadband Driver Remote Code Execution Vulnerability | Important | 6.8 | No | No | Remote Code Execution | |||
| CVE-2024-30000 | Windows Mobile Broadband Driver Remote Code Execution Vulnerability | Important | 6.8 | No | No | Remote Code Execution | |||
| CVE-2024-30001 | Windows Mobile Broadband Driver Remote Code Execution Vulnerability | Important | 6.8 | No | No | Remote Code Execution | |||
| CVE-2024-30002 | Windows Mobile Broadband Driver Remote Code Execution Vulnerability | Important | 6.8 | No | No | Remote Code Execution | |||
| CVE-2024-30003 | Windows Mobile Broadband Driver Remote Code Execution Vulnerability | Important | 6.8 | No | No | Remote Code Execution | |||
| CVE-2024-30004 | Windows Mobile Broadband Driver Remote Code Execution Vulnerability | Important | 6.8 | No | No | Remote Code Execution | |||
| CVE-2024-30005 | Windows Mobile Broadband Driver Remote Code Execution Vulnerability | Important | 6.8 | No | No | Remote Code Execution | |||
| CVE-2024-30012 | Windows Mobile Broadband Driver Remote Code Execution Vulnerability | Important | 6.8 | No | No | Remote Code Execution | |||
| CVE-2024-30021 | Windows Mobile Broadband Driver Remote Code Execution Vulnerability | Important | 6.8 | No | No | Remote Code Execution | |||
| CVE-2024-30019 | DHCP Server Service Denial of Service Vulnerability | Important | 6.5 | No | No | Denial of Service | |||
| CVE-2024-30054 | Microsoft Power BI Client JavaScript SDK Information Disclosure Vulnerability | Important | 6.5 | No | No | Information Disclosure | |||
| CVE-2024-30043 | Microsoft SharePoint Server Information Disclosure Vulnerability | Important | 6.5 | No | No | Information Disclosure | |||
| CVE-2024-30036 | Windows Deployment Services Information Disclosure Vulnerability | Important | 6.5 | No | No | Information Disclosure | |||
| CVE-2024-30011 | Windows Hyper-V Denial of Service Vulnerability | Important | 6.5 | No | No | Denial of Service | |||
| CVE-2024-30045 | .NET and Visual Studio Remote Code Execution Vulnerability | Important | 6.3 | No | No | Remote Code Execution | |||
| CVE-2024-30059 | Microsoft Intune for Android Mobile Application Management Tampering Vulnerability | Important | 6.1 | No | No | Tampering | |||
| CVE-2024-30034 | Windows Cloud Files Mini Filter Driver Information Disclosure Vulnerability | Important | 5.5 | No | No | Exploiting this vulnerability could allow the disclosure of certain kernel memory content. | Information Disclosure | Exploitation More Likely | |
| CVE-2024-30016 | Windows Cryptographic Services Information Disclosure Vulnerability | Important | 5.5 | No | No | An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory. | Information Disclosure | ||
| CVE-2024-30008 | Windows DWM Core Library Information Disclosure Vulnerability | Important | 5.5 | No | No | An attacker who successfully exploited this vulnerability could view heap memory from a privileged process running on the server. | Information Disclosure | ||
| CVE-2024-30039 | Windows Remote Access Connection Manager Information Disclosure Vulnerability | Important | 5.5 | No | No | An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory. | Information Disclosure | ||
| CVE-2024-30041 | Microsoft Bing Search Spoofing Vulnerability | Important | 5.4 | No | No | Spoofing Vulnerability | |||
| CVE-2024-30050 | Windows Mark of the Web Security Feature Bypass Vulnerability | Moderate | 5.4 | No | No | Security Feature Bypass | Exploitation More Likely |
