VERT Threat Alert: May 2024 Patch Tuesday Analysis


Today’s VERT Alert addresses Microsoft’s May 2024 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1106 as soon as coverage is completed.

In-The-Wild & Disclosed CVEs

CVE-2024-30040

Up first this month, we have a security feature bypass in MSHTML. More specifically, we have an Object Linking and Embedding (OLE) mitigation bypass in Microsoft Office. There is an interesting disconnect in the current Microsoft content that will hopefully be updated soon. At the time of writing, Microsoft indicated that a user would need to download the malicious file and manipulate it, but not open it. However, in the FAQ, they also indicate that successful exploitation relies on the user opening the document. Since Microsoft has reported this as being actively exploited, extra caution should be taken to verify the source of Office documents before opening them. Microsoft has reported this vulnerability as Exploitation Detected.

CVE-2024-30051

A vulnerability in the Windows Desktop Window Manager (DWM) is described by this CVE. Kaspersky, credited with reporting the vulnerability, has released an article about the vulnerability and indicating that they’ve seen it used within QakBot. Successful exploitation of this vulnerability would provide the attacker with SYSTEM privileges. Microsoft has reported this vulnerability as Exploitation Detected.

CVE-2024-30046

The final vulnerability in this section this month is a denial of service impacting Visual Studio 2022. While information on this vulnerability is public, Microsoft has stated that it has a high attack complexity and requires an attacker to repeatedly exploit the issue by sending constant or intermittent data across the network to take advantage of the race. Microsoft has reported this vulnerability as Exploitation Less Likely.

 

CVE Breakdown by Tag

While historical Microsoft Security Bulletin groupings are gone, Microsoft vulnerabilities are tagged with an identifier. This list provides a breakdown of the CVEs on a per tag basis. Vulnerabilities are also color coded to aid with identifying key issues.

  • Traditional Software
  • Mobile Software
  • Cloud or Cloud Adjacent
  • Vulnerabilities that are being exploited or that have been disclosed will be highlighted.

Tag

CVE Count

CVEs

Visual Studio

3

CVE-2024-32002, CVE-2024-30046, CVE-2024-32004

Windows Common Log File System Driver

3

CVE-2024-29996, CVE-2024-30025, CVE-2024-30037

Windows Mobile Broadband

11

CVE-2024-29997, CVE-2024-29998, CVE-2024-29999, CVE-2024-30000, CVE-2024-30001, CVE-2024-30002, CVE-2024-30003, CVE-2024-30004, CVE-2024-30005, CVE-2024-30012, CVE-2024-30021

Microsoft WDAC OLE DB provider for SQL

1

CVE-2024-30006

Microsoft Brokering File System

1

CVE-2024-30007

Windows DWM Core Library

4

CVE-2024-30008, CVE-2024-30032, CVE-2024-30035, CVE-2024-30051

Windows Routing and Remote Access Service (RRAS)

7

CVE-2024-30009, CVE-2024-30014, CVE-2024-30015, CVE-2024-30022, CVE-2024-30023, CVE-2024-30024, CVE-2024-30029

Windows Hyper-V

3

CVE-2024-30010, CVE-2024-30011, CVE-2024-30017

Windows Cryptographic Services

2

CVE-2024-30016, CVE-2024-30020

Windows Kernel

1

CVE-2024-30018

Windows DHCP Server

1

CVE-2024-30019

Microsoft Office SharePoint

2

CVE-2024-30044, CVE-2024-30043

Windows Mark of the Web (MOTW)

1

CVE-2024-30050

Azure Migrate

1

CVE-2024-30053

Microsoft Intune

1

CVE-2024-30059

Microsoft Edge (Chromium-based)

6

CVE-2024-4558, CVE-2024-4559, CVE-2024-30055, CVE-2024-4671, CVE-2024-4331, CVE-2024-4368

Windows Task Scheduler

1

CVE-2024-26238

Microsoft Windows SCSI Class System File

1

CVE-2024-29994

Windows NTFS

1

CVE-2024-30027

Windows Win32K – ICOMP

3

CVE-2024-30028, CVE-2024-30038, CVE-2024-30049

Windows Win32K – GRFX

1

CVE-2024-30030

Windows CNG Key Isolation Service

1

CVE-2024-30031

Microsoft Windows Search Component

1

CVE-2024-30033

Windows Cloud Files Mini Filter Driver

1

CVE-2024-30034

Windows Deployment Services

1

CVE-2024-30036

Windows Remote Access Connection Manager

1

CVE-2024-30039

Windows MSHTML Platform

1

CVE-2024-30040

Microsoft Bing

1

CVE-2024-30041

Microsoft Office Excel

1

CVE-2024-30042

.NET and Visual Studio

1

CVE-2024-30045

Microsoft Dynamics 365 Customer Insights

2

CVE-2024-30047, CVE-2024-30048

Power BI

1

CVE-2024-30054

 

Other Information

At the time of publication, there were no new advisories included with the May Security Guidance. 



Source link