- Balancing innovation with value, cost, and practicality: The CIO's guide to future proofing technology investments
- Nokia’s to buy optical networker Infinera for $2.3 billion
- Mobile Political Spam Surges Threefold For 2024 Election
- The essential AI checklist: Future-proof your workforce in six simple steps
- Chrome Update Will Block Entrust Certificates by November 2024
VERT Threat Alert: May 2024 Patch Tuesday Analysis
Today’s VERT Alert addresses Microsoft’s May 2024 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1106 as soon as coverage is completed.
In-The-Wild & Disclosed CVEs
Up first this month, we have a security feature bypass in MSHTML. More specifically, we have an Object Linking and Embedding (OLE) mitigation bypass in Microsoft Office. There is an interesting disconnect in the current Microsoft content that will hopefully be updated soon. At the time of writing, Microsoft indicated that a user would need to download the malicious file and manipulate it, but not open it. However, in the FAQ, they also indicate that successful exploitation relies on the user opening the document. Since Microsoft has reported this as being actively exploited, extra caution should be taken to verify the source of Office documents before opening them. Microsoft has reported this vulnerability as Exploitation Detected.
A vulnerability in the Windows Desktop Window Manager (DWM) is described by this CVE. Kaspersky, credited with reporting the vulnerability, has released an article about the vulnerability and indicating that they’ve seen it used within QakBot. Successful exploitation of this vulnerability would provide the attacker with SYSTEM privileges. Microsoft has reported this vulnerability as Exploitation Detected.
The final vulnerability in this section this month is a denial of service impacting Visual Studio 2022. While information on this vulnerability is public, Microsoft has stated that it has a high attack complexity and requires an attacker to repeatedly exploit the issue by sending constant or intermittent data across the network to take advantage of the race. Microsoft has reported this vulnerability as Exploitation Less Likely.
CVE Breakdown by Tag
While historical Microsoft Security Bulletin groupings are gone, Microsoft vulnerabilities are tagged with an identifier. This list provides a breakdown of the CVEs on a per tag basis. Vulnerabilities are also color coded to aid with identifying key issues.
- Traditional Software
- Mobile Software
- Cloud or Cloud Adjacent
- Vulnerabilities that are being exploited or that have been disclosed will be highlighted.
|
Tag |
CVE Count |
CVEs |
|
Visual Studio |
3 |
CVE-2024-32002, CVE-2024-30046, CVE-2024-32004 |
|
Windows Common Log File System Driver |
3 |
CVE-2024-29996, CVE-2024-30025, CVE-2024-30037 |
|
Windows Mobile Broadband |
11 |
CVE-2024-29997, CVE-2024-29998, CVE-2024-29999, CVE-2024-30000, CVE-2024-30001, CVE-2024-30002, CVE-2024-30003, CVE-2024-30004, CVE-2024-30005, CVE-2024-30012, CVE-2024-30021 |
|
Microsoft WDAC OLE DB provider for SQL |
1 |
CVE-2024-30006 |
|
Microsoft Brokering File System |
1 |
CVE-2024-30007 |
|
Windows DWM Core Library |
4 |
CVE-2024-30008, CVE-2024-30032, CVE-2024-30035, CVE-2024-30051 |
|
Windows Routing and Remote Access Service (RRAS) |
7 |
CVE-2024-30009, CVE-2024-30014, CVE-2024-30015, CVE-2024-30022, CVE-2024-30023, CVE-2024-30024, CVE-2024-30029 |
|
Windows Hyper-V |
3 |
CVE-2024-30010, CVE-2024-30011, CVE-2024-30017 |
|
Windows Cryptographic Services |
2 |
CVE-2024-30016, CVE-2024-30020 |
|
Windows Kernel |
1 |
CVE-2024-30018 |
|
Windows DHCP Server |
1 |
CVE-2024-30019 |
|
Microsoft Office SharePoint |
2 |
CVE-2024-30044, CVE-2024-30043 |
|
Windows Mark of the Web (MOTW) |
1 |
CVE-2024-30050 |
|
Azure Migrate |
1 |
CVE-2024-30053 |
|
Microsoft Intune |
1 |
CVE-2024-30059 |
|
Microsoft Edge (Chromium-based) |
6 |
CVE-2024-4558, CVE-2024-4559, CVE-2024-30055, CVE-2024-4671, CVE-2024-4331, CVE-2024-4368 |
|
Windows Task Scheduler |
1 |
CVE-2024-26238 |
|
Microsoft Windows SCSI Class System File |
1 |
CVE-2024-29994 |
|
Windows NTFS |
1 |
CVE-2024-30027 |
|
Windows Win32K – ICOMP |
3 |
CVE-2024-30028, CVE-2024-30038, CVE-2024-30049 |
|
Windows Win32K – GRFX |
1 |
CVE-2024-30030 |
|
Windows CNG Key Isolation Service |
1 |
CVE-2024-30031 |
|
Microsoft Windows Search Component |
1 |
CVE-2024-30033 |
|
Windows Cloud Files Mini Filter Driver |
1 |
CVE-2024-30034 |
|
Windows Deployment Services |
1 |
CVE-2024-30036 |
|
Windows Remote Access Connection Manager |
1 |
CVE-2024-30039 |
|
Windows MSHTML Platform |
1 |
CVE-2024-30040 |
|
Microsoft Bing |
1 |
CVE-2024-30041 |
|
Microsoft Office Excel |
1 |
CVE-2024-30042 |
|
.NET and Visual Studio |
1 |
CVE-2024-30045 |
|
Microsoft Dynamics 365 Customer Insights |
2 |
CVE-2024-30047, CVE-2024-30048 |
|
Power BI |
1 |
CVE-2024-30054 |
Other Information
At the time of publication, there were no new advisories included with the May Security Guidance.
