Microsoft Monthly Security Update (May 2024)

May 16, 2024

Microsoft has released monthly security update for their products:

 

Vulnerable ProductRisk LevelImpactsNotes
Developer ToolsMedium Risk Medium RiskRemote Code Execution
Denial of Service		 
WindowsHigh Risk High RiskElevation of Privilege
Remote Code Execution
Information Disclosure
Denial of Service
Security Restriction Bypass

CVE-2024-30040 is being exploited in the wild. This vulnerability bypasses OLE mitigations in Microsoft 365 and Microsoft Office which protect users from vulnerable COM/OLE controls.

 

CVE-2024-30051 is being exploited in the wild. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

Extended Security Updates (ESU)Medium Risk Medium RiskElevation of Privilege
Remote Code Execution
Denial of Service
Information Disclosure
Security Restriction Bypass		 
Microsoft OfficeMedium Risk Medium RiskRemote Code Execution
Information Disclosure		 
AzureLow Risk Low RiskSpoofing 
AppsMedium Risk Medium RiskData Manipulation
Spoofing		 
BrowserExtremely High Risk Extremely High RiskSpoofing
Remote Code Execution
Denial of Service		CVE-2024-4761 is being exploited in the wild. A boundary error when processing untrusted HTML content in V8. A remote attacker can create a specially crafted web page, trick the victim into opening it, trigger out-of-bounds write and execute arbitrary code on the target system.
Microsoft DynamicsLow Risk Low RiskSpoofing 
SQL ServerMedium Risk Medium RiskInformation Disclosure 

 

Number of ‘Extremely High Risk’ product(s): 1

Number of ‘High Risk’ product(s): 1

Number of ‘Medium Risk’ product(s): 5

Number of ‘Low Risk’ product(s): 2

Evaluation of overall ‘Risk Level’: Extremely High Risk

RISK: High Risk

High Risk

TYPE: Operating Systems – Windows OS

TYPE: Windows OS

Impact

  • Denial of Service
  • Elevation of Privilege
  • Remote Code Execution
  • Security Restriction Bypass
  • Information Disclosure
  • Spoofing
  • Data Manipulation

System / Technologies affected

  • Developer Tools
  • Windows
  • Extended Security Updates (ESU)
  • Microsoft Office
  • Azure
  • Apps
  • Browser
  • Microsoft Dynamics
  • SQL Server

Solutions

Before installation of the software, please visit the vendor web-site for more details.

  •  Apply fixes issued by the vendor.

Vulnerability Identifier

 

Source

Related Link

 

A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.

If you like the site, please support us on “Patreon” or “Buy Me A Coffee” using the buttons below

Buy Me A Coffee
Patreon

To keep up to date follow us on the below channels.

Tags: , , ,

You may have missed

CISA Logo

CISA: CISA Releases Three Industrial Control Systems Advisories

July 27, 2024
CISA Logo

CISA: Cisco Releases Security Updates for Multiple Products

July 27, 2024
CISA Logo

CISA: Ivanti Releases Security Updates for Endpoint Manager

July 27, 2024
CISA Logo

CISA: Oracle Releases Critical Patch Update Advisory for July 2024

July 27, 2024
CISA Logo

CISA: Widespread IT Outage Due to CrowdStrike Update

July 27, 2024