Microsoft Monthly Security Update (May 2024)
Microsoft has released monthly security update for their products:
| Vulnerable Product | Risk Level | Impacts | Notes |
| Developer Tools |  Medium Risk | Remote Code Execution Denial of Service | |
| Windows |  High Risk | Elevation of Privilege Remote Code Execution Information Disclosure Denial of Service Security Restriction Bypass | CVE-2024-30040 is being exploited in the wild. This vulnerability bypasses OLE mitigations in Microsoft 365 and Microsoft Office which protect users from vulnerable COM/OLE controls.
CVE-2024-30051 is being exploited in the wild. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. |
| Extended Security Updates (ESU) | Medium Risk | Elevation of Privilege Remote Code Execution Denial of Service Information Disclosure Security Restriction Bypass | |
| Microsoft Office | Medium Risk | Remote Code Execution Information Disclosure | |
| Azure |  Low Risk | Spoofing | |
| Apps | Medium Risk | Data Manipulation Spoofing | |
| Browser |  Extremely High Risk | Spoofing Remote Code Execution Denial of Service | CVE-2024-4761 is being exploited in the wild. A boundary error when processing untrusted HTML content in V8. A remote attacker can create a specially crafted web page, trick the victim into opening it, trigger out-of-bounds write and execute arbitrary code on the target system. |
| Microsoft Dynamics | Low Risk | Spoofing | |
| SQL Server | Medium Risk | Information Disclosure |
Number of ‘Extremely High Risk’ product(s): 1
Number of ‘High Risk’ product(s): 1
Number of ‘Medium Risk’ product(s): 5
Number of ‘Low Risk’ product(s): 2
Evaluation of overall ‘Risk Level’: Extremely High Risk
RISK: High Risk
TYPE: Operating Systems – Windows OS
Impact
- Denial of Service
- Elevation of Privilege
- Remote Code Execution
- Security Restriction Bypass
- Information Disclosure
- Spoofing
- Data Manipulation
System / Technologies affected
- Developer Tools
- Windows
- Extended Security Updates (ESU)
- Microsoft Office
- Azure
- Apps
- Browser
- Microsoft Dynamics
- SQL Server
Solutions
Before installation of the software, please visit the vendor web-site for more details.
- Apply fixes issued by the vendor.
Vulnerability Identifier
Source
Related Link
A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.
If you like the site, please support us on “Patreon” or “Buy Me A Coffee” using the buttons below
To keep up to date follow us on the below channels.
