Microsoft Patch Tuesday

Published On: May 15, 2024Categories: Cyber Alerts

In today’s SensCy Cyber Brief, your SensCy team reviewed Microsoft’s latest series of patches released on Tuesday, May 14, 2024. This month Microsoft fixes THREE zero-days and 61 flaws.

What is Patch Tuesday?
Patch Tuesday is Microsoft’s initiative to release new security fixes for the Windows operating system and any other Microsoft software on a monthly basis. Your SensCy team will monitor such releases and provide you with our observations and recommendations.

Why is it important?
This month’s patch Tuesday is critical because it fixes critical vulnerabilities. The SensCy team recommends Microsoft users install those patches immediately.

This month’s patch Tuesday fixes three zero-day vulnerabilities, with two being actively exploited and one publicly disclosed.

CVE-2024-30040, a security bypass vulnerability in the MSHTML engine in Microsoft Windows. According to Microsoft, “an unauthenticated attacker who successfully exploited this vulnerability could gain code execution through convincing a user to open a malicious document at which point the attacker could execute arbitrary code in the context of the user.”

CVE-2024-30051, an Escalation of Privilege (EoP) vulnerability in the DWM Core Library in Microsoft Windows. “An attacker who successfully exploited this vulnerability could gain SYSTEM privileges,” explains Microsoft.

CVE-2024-30046, a denial of service (DoS) vulnerability affecting several versions of Microsoft Visual Studio 2022. It is listed as being publicly disclosed prior to the patch being available.

In addition to the zero-day fixes, Microsoft is fixing 61 other vulnerabilities. Here is a breakdown of each vulnerability category:

  • 17 Elevation of Privilege Vulnerabilities
  • 2 Security Feature Bypass Vulnerabilities
  • 27 Remote Code Execution Vulnerabilities
  • 7 Information Disclosure Vulnerabilities
  • 3 Denial of Service Vulnerabilities
  • 4 Spoofing Vulnerabilities

For more information on vulnerabilities and the system that it affects, please refer to the full report from Microsoft linked here.

Related Posts