- Upgrade to Microsoft Office Pro and Windows 11 Pro with this bundle for 87% off
- Get 3 months of Xbox Game Pass Ultimate for 28% off
- Buy a Microsoft Project Pro or Microsoft Visio Pro license for just $18 with this deal
- How I optimized the cheapest 98-inch TV available to look and sound incredible (and it's $1,000 off)
- The best blood pressure watches of 2024
VERT Threat Alert: May 2024 Patch Tuesday Analysis
Today’s VERT Alert addresses Microsoft’s May 2024 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1106 as soon as coverage is completed.
In-The-Wild & Disclosed CVEs
Up first this month, we have a security feature bypass in MSHTML. More specifically, we have an Object Linking and Embedding (OLE) mitigation bypass in Microsoft Office. There is an interesting disconnect in the current Microsoft content that will hopefully be updated soon. At the time of writing, Microsoft indicated that a user would need to download the malicious file and manipulate it, but not open it. However, in the FAQ, they also indicate that successful exploitation relies on the user opening the document. Since Microsoft has reported this as being actively exploited, extra caution should be taken to verify the source of Office documents before opening them. Microsoft has reported this vulnerability as Exploitation Detected.
A vulnerability in the Windows Desktop Window Manager (DWM) is described by this CVE. Kaspersky, credited with reporting the vulnerability, has released an article about the vulnerability and indicating that they’ve seen it used within QakBot. Successful exploitation of this vulnerability would provide the attacker with SYSTEM privileges. Microsoft has reported this vulnerability as Exploitation Detected.
The final vulnerability in this section this month is a denial of service impacting Visual Studio 2022. While information on this vulnerability is public, Microsoft has stated that it has a high attack complexity and requires an attacker to repeatedly exploit the issue by sending constant or intermittent data across the network to take advantage of the race. Microsoft has reported this vulnerability as Exploitation Less Likely.
CVE Breakdown by Tag
While historical Microsoft Security Bulletin groupings are gone, Microsoft vulnerabilities are tagged with an identifier. This list provides a breakdown of the CVEs on a per tag basis. Vulnerabilities are also color coded to aid with identifying key issues.
- Traditional Software
- Mobile Software
- Cloud or Cloud Adjacent
- Vulnerabilities that are being exploited or that have been disclosed will be highlighted.
|
Tag |
CVE Count |
CVEs |
|
Visual Studio |
3 |
CVE-2024-32002, CVE-2024-30046, CVE-2024-32004 |
|
Windows Common Log File System Driver |
3 |
CVE-2024-29996, CVE-2024-30025, CVE-2024-30037 |
|
Windows Mobile Broadband |
11 |
CVE-2024-29997, CVE-2024-29998, CVE-2024-29999, CVE-2024-30000, CVE-2024-30001, CVE-2024-30002, CVE-2024-30003, CVE-2024-30004, CVE-2024-30005, CVE-2024-30012, CVE-2024-30021 |
|
Microsoft WDAC OLE DB provider for SQL |
1 |
CVE-2024-30006 |
|
Microsoft Brokering File System |
1 |
CVE-2024-30007 |
|
Windows DWM Core Library |
4 |
CVE-2024-30008, CVE-2024-30032, CVE-2024-30035, CVE-2024-30051 |
|
Windows Routing and Remote Access Service (RRAS) |
7 |
CVE-2024-30009, CVE-2024-30014, CVE-2024-30015, CVE-2024-30022, CVE-2024-30023, CVE-2024-30024, CVE-2024-30029 |
|
Windows Hyper-V |
3 |
CVE-2024-30010, CVE-2024-30011, CVE-2024-30017 |
|
Windows Cryptographic Services |
2 |
CVE-2024-30016, CVE-2024-30020 |
|
Windows Kernel |
1 |
CVE-2024-30018 |
|
Windows DHCP Server |
1 |
CVE-2024-30019 |
|
Microsoft Office SharePoint |
2 |
CVE-2024-30044, CVE-2024-30043 |
|
Windows Mark of the Web (MOTW) |
1 |
CVE-2024-30050 |
|
Azure Migrate |
1 |
CVE-2024-30053 |
|
Microsoft Intune |
1 |
CVE-2024-30059 |
|
Microsoft Edge (Chromium-based) |
6 |
CVE-2024-4558, CVE-2024-4559, CVE-2024-30055, CVE-2024-4671, CVE-2024-4331, CVE-2024-4368 |
|
Windows Task Scheduler |
1 |
CVE-2024-26238 |
|
Microsoft Windows SCSI Class System File |
1 |
CVE-2024-29994 |
|
Windows NTFS |
1 |
CVE-2024-30027 |
|
Windows Win32K – ICOMP |
3 |
CVE-2024-30028, CVE-2024-30038, CVE-2024-30049 |
|
Windows Win32K – GRFX |
1 |
CVE-2024-30030 |
|
Windows CNG Key Isolation Service |
1 |
CVE-2024-30031 |
|
Microsoft Windows Search Component |
1 |
CVE-2024-30033 |
|
Windows Cloud Files Mini Filter Driver |
1 |
CVE-2024-30034 |
|
Windows Deployment Services |
1 |
CVE-2024-30036 |
|
Windows Remote Access Connection Manager |
1 |
CVE-2024-30039 |
|
Windows MSHTML Platform |
1 |
CVE-2024-30040 |
|
Microsoft Bing |
1 |
CVE-2024-30041 |
|
Microsoft Office Excel |
1 |
CVE-2024-30042 |
|
.NET and Visual Studio |
1 |
CVE-2024-30045 |
|
Microsoft Dynamics 365 Customer Insights |
2 |
CVE-2024-30047, CVE-2024-30048 |
|
Power BI |
1 |
CVE-2024-30054 |
Other Information
At the time of publication, there were no new advisories included with the May Security Guidance.
