Microsoft May 2024 Patch Tuesday
This month we got patches for 67 vulnerabilities. Of these, 1 are critical, and 1 is being exploited according to Microsoft.
The critical vulnerability is a Remote Code Execution (RCE) affecting the Microsoft Sharepoint Server (CVE-2024-30044). According to the advisory, an authenticated attacker with Site Owner permissions or higher could upload a specially crafted file to the targeted Sharepoint Server and craft specialized API requests to trigger deserialization of file's parameters. This would enable the attacker to perform remote code execution in the context of the Sharepoint Server. The CVSS for the vulnerability is 8.8.
The zero-day vulnerability is an elevation of privilege on Windows DWM (Desktop Windows Management) Core Library (CVE-2024-30051). According to the advisory, an attacker who successfully exploited this vulnerability could gain SYSTEM privileges. The CVSS for the vulnerability is 7.8.
There is an important vulnerability affecting MinGit software (CVE-2024-32002), used by Microsoft Visual Studio, caused by an improper limitation of a pathname to a restricted directory ('Path Traversal') making it susceptible to Remote Code Execution. It is being documented in the Security Update Guide to announce that the latest builds of Visual Studio are no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information. The CVSS for the vulnerability is 9.0 – the highest for this month.
See the full list of patches:
| Description | |||||||
|---|---|---|---|---|---|---|---|
| CVE | Disclosed | Exploited | Exploitability (old versions) | current version | Severity | CVSS Base (AVG) | CVSS Temporal (AVG) |
| .NET and Visual Studio Remote Code Execution Vulnerability | |||||||
| CVE-2024-30045 | No | No | - | - | Important | 6.3 | 5.5 |
| Azure Migrate Cross-Site Scripting Vulnerability | |||||||
| CVE-2024-30053 | No | No | - | - | Important | 6.5 | 5.9 |
| CVE-2024-32002 Recursive clones on case-insensitive filesystems that support symlinks are susceptible to Remote Code Execution | |||||||
| CVE-2024-32002 | No | No | - | - | Important | 9.0 | 7.8 |
| Chromium: CVE-2024-4331 Use after free in Picture In Picture | |||||||
| CVE-2024-4331 | No | No | - | - | - | ||
| Chromium: CVE-2024-4368 Use after free in Dawn | |||||||
| CVE-2024-4368 | No | No | - | - | - | ||
| Chromium: CVE-2024-4558 Use after free in ANGLE | |||||||
| CVE-2024-4558 | No | No | - | - | - | ||
| Chromium: CVE-2024-4559 Heap buffer overflow in WebAudio | |||||||
| CVE-2024-4559 | No | No | - | - | - | ||
| Chromium: CVE-2024-4671 Use after free in Visuals | |||||||
| CVE-2024-4671 | No | No | - | - | - | ||
| DHCP Server Service Denial of Service Vulnerability | |||||||
| CVE-2024-30019 | No | No | - | - | Important | 6.5 | 5.7 |
| Dynamics 365 Customer Insights Spoofing Vulnerability | |||||||
| CVE-2024-30047 | No | No | - | - | Important | 7.6 | 6.6 |
| CVE-2024-30048 | No | No | - | - | Important | 7.6 | 6.6 |
| GitHub: CVE-2024-32004 Remote Code Execution while cloning special-crafted local repositories | |||||||
| CVE-2024-32004 | No | No | - | - | Important | 8.1 | 7.1 |
| Microsoft Bing Search Spoofing Vulnerability | |||||||
| CVE-2024-30041 | No | No | - | - | Important | 5.4 | 4.7 |
| Microsoft Brokering File System Elevation of Privilege Vulnerability | |||||||
| CVE-2024-30007 | No | No | - | - | Important | 8.8 | 7.7 |
| Microsoft Edge (Chromium-based) Spoofing Vulnerability | |||||||
| CVE-2024-30055 | No | No | Less Likely | Less Likely | Low | 5.4 | 4.7 |
| Microsoft Excel Remote Code Execution Vulnerability | |||||||
| CVE-2024-30042 | No | No | - | - | Important | 7.8 | 6.8 |
| Microsoft Intune for Android Mobile Application Management Tampering Vulnerability | |||||||
| CVE-2024-30059 | No | No | - | - | Important | 6.1 | 5.8 |
| Microsoft PLUGScheduler Scheduled Task Elevation of Privilege Vulnerability | |||||||
| CVE-2024-26238 | No | No | - | - | Important | 7.8 | 6.8 |
| Microsoft Power BI Client JavaScript SDK Information Disclosure Vulnerability | |||||||
| CVE-2024-30054 | No | No | - | - | Important | 6.5 | 5.7 |
| Microsoft SharePoint Server Information Disclosure Vulnerability | |||||||
| CVE-2024-30043 | No | No | - | - | Important | 6.5 | 5.7 |
| Microsoft SharePoint Server Remote Code Execution Vulnerability | |||||||
| CVE-2024-30044 | No | No | - | - | Critical | 8.8 | 7.7 |
| Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | |||||||
| CVE-2024-30006 | No | No | - | - | Important | 8.8 | 7.7 |
| Microsoft Windows SCSI Class System File Elevation of Privilege Vulnerability | |||||||
| CVE-2024-29994 | No | No | - | - | Important | 7.8 | 6.8 |
| NTFS Elevation of Privilege Vulnerability | |||||||
| CVE-2024-30027 | No | No | - | - | Important | 7.8 | 6.8 |
| Visual Studio Denial of Service Vulnerability | |||||||
| CVE-2024-30046 | Yes | No | - | - | Important | 5.9 | 5.2 |
| Win32k Elevation of Privilege Vulnerability | |||||||
| CVE-2024-30028 | No | No | - | - | Important | 7.8 | 6.8 |
| CVE-2024-30030 | No | No | - | - | Important | 7.8 | 6.8 |
| CVE-2024-30038 | No | No | - | - | Important | 7.8 | 6.8 |
| Windows CNG Key Isolation Service Elevation of Privilege Vulnerability | |||||||
| CVE-2024-30031 | No | No | - | - | Important | 7.8 | 6.8 |
| Windows Cloud Files Mini Filter Driver Information Disclosure Vulnerability | |||||||
| CVE-2024-30034 | No | No | - | - | Important | 5.5 | 4.8 |
| Windows Common Log File System Driver Elevation of Privilege Vulnerability | |||||||
| CVE-2024-29996 | No | No | - | - | Important | 7.8 | 6.8 |
| CVE-2024-30025 | No | No | - | - | Important | 7.8 | 6.8 |
| CVE-2024-30037 | No | No | - | - | Important | 7.5 | 6.5 |
| Windows Cryptographic Services Information Disclosure Vulnerability | |||||||
| CVE-2024-30016 | No | No | - | - | Important | 5.5 | 4.8 |
| Windows Cryptographic Services Remote Code Execution Vulnerability | |||||||
| CVE-2024-30020 | No | No | - | - | Important | 8.1 | 7.1 |
| Windows DWM Core Library Elevation of Privilege Vulnerability | |||||||
| CVE-2024-30032 | No | No | - | - | Important | 7.8 | 6.8 |
| CVE-2024-30035 | No | No | - | - | Important | 7.8 | 6.8 |
| CVE-2024-30051 | Yes | Yes | - | - | Important | 7.8 | 7.2 |
| Windows DWM Core Library Information Disclosure Vulnerability | |||||||
| CVE-2024-30008 | No | No | - | - | Important | 5.5 | 4.8 |
| Windows Deployment Services Information Disclosure Vulnerability | |||||||
| CVE-2024-30036 | No | No | - | - | Important | 6.5 | 5.7 |
| Windows Hyper-V Denial of Service Vulnerability | |||||||
| CVE-2024-30011 | No | No | - | - | Important | 6.5 | 5.7 |
| Windows Hyper-V Remote Code Execution Vulnerability | |||||||
| CVE-2024-30010 | No | No | - | - | Important | 8.8 | 7.7 |
| CVE-2024-30017 | No | No | - | - | Important | 8.8 | 7.7 |
| Windows Kernel Elevation of Privilege Vulnerability | |||||||
| CVE-2024-30018 | No | No | - | - | Important | 7.8 | 6.8 |
| Windows MSHTML Platform Security Feature Bypass Vulnerability | |||||||
| CVE-2024-30040 | No | Yes | - | - | Important | 8.8 | 8.2 |
| Windows Mark of the Web Security Feature Bypass Vulnerability | |||||||
| CVE-2024-30050 | No | No | - | - | Moderate | 5.4 | 5.0 |
| Windows Mobile Broadband Driver Remote Code Execution Vulnerability | |||||||
| CVE-2024-29997 | No | No | - | - | Important | 6.8 | 5.9 |
| CVE-2024-29998 | No | No | - | - | Important | 6.8 | 5.9 |
| CVE-2024-29999 | No | No | - | - | Important | 6.8 | 5.9 |
| CVE-2024-30000 | No | No | - | - | Important | 6.8 | 5.9 |
| CVE-2024-30001 | No | No | - | - | Important | 6.8 | 5.9 |
| CVE-2024-30002 | No | No | - | - | Important | 6.8 | 5.9 |
| CVE-2024-30003 | No | No | - | - | Important | 6.8 | 5.9 |
| CVE-2024-30004 | No | No | - | - | Important | 6.8 | 5.9 |
| CVE-2024-30005 | No | No | - | - | Important | 6.8 | 5.9 |
| CVE-2024-30012 | No | No | - | - | Important | 6.8 | 5.9 |
| CVE-2024-30021 | No | No | - | - | Important | 6.8 | 5.9 |
| Windows Remote Access Connection Manager Information Disclosure Vulnerability | |||||||
| CVE-2024-30039 | No | No | - | - | Important | 5.5 | 4.8 |
| Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | |||||||
| CVE-2024-30009 | No | No | - | - | Important | 8.8 | 7.7 |
| CVE-2024-30014 | No | No | - | - | Important | 7.5 | 6.6 |
| CVE-2024-30015 | No | No | - | - | Important | 7.5 | 6.5 |
| CVE-2024-30022 | No | No | - | - | Important | 7.5 | 6.5 |
| CVE-2024-30023 | No | No | - | - | Important | 7.5 | 6.5 |
| CVE-2024-30024 | No | No | - | - | Important | 7.5 | 6.5 |
| CVE-2024-30029 | No | No | - | - | Important | 7.5 | 6.5 |
| Windows Search Service Elevation of Privilege Vulnerability | |||||||
| CVE-2024-30033 | No | No | - | - | Important | 7.0 | 6.1 |
| Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability | |||||||
| CVE-2024-30049 | No | No | - | - | Important | 7.8 | 6.8 |
--
Renato Marinho
Morphus Labs| LinkedIn|Twitter
Keywords:
0 comment(s)ISC Stormcast For Tuesday, May 14th, 2024 https://isc.sans.edu/podcastdetail/8980
Apple Patches Everything: macOS, iOS, iPadOS, watchOS, tvOS updated.
Apple today released updates for its various operating systems. The updates cover iOS, iPadOS, macOS, watchOS and tvOS. A standalone update for Safari was released for older versions of macOS. One already exploited vulnerability, CVE-2024-23296 is patched for older versions of macOS and iOS. In March, Apple patched this vulnerability for more recent versions of iOS and macOS.
| Safari 17.5 | iOS 17.5 and iPadOS 17.5 | iOS 16.7.8 and iPadOS 16.7.8 | macOS Sonoma 14.5 | macOS Ventura 13.6.7 | macOS Monterey 12.7.5 | watchOS 10.5 | tvOS 17.5 |
|---|---|---|---|---|---|---|---|
| CVE-2024-27834 [moderate] WebKit The issue was addressed with improved checks. An attacker with arbitrary read and write capability may be able to bypass Pointer Authentication |
|||||||
| x | x | x | x | x | |||
| CVE-2024-27804 [important] AppleAVD The issue was addressed with improved memory handling. An app may be able to execute arbitrary code with kernel privileges |
|||||||
| x | x | x | x | ||||
| CVE-2024-27816 [moderate] RemoteViewServices A logic issue was addressed with improved checks. An attacker may be able to access user data |
|||||||
| x | x | x | x | ||||
| CVE-2024-27841 [important] AVEVideoEncoder The issue was addressed with improved memory handling. An app may be able to disclose kernel memory |
|||||||
| x | x | ||||||
| CVE-2024-27839 [moderate] Find My A privacy issue was addressed by moving sensitive data to a more secure location. A malicious application may be able to determine a user's current location |
|||||||
| x | |||||||
| CVE-2024-27818 [moderate] Kernel The issue was addressed with improved memory handling. An attacker may be able to cause unexpected app termination or arbitrary code execution |
|||||||
| x | x | ||||||
| CVE-2023-42893 [moderate] Libsystem A permissions issue was addressed by removing vulnerable code and adding additional checks. An app may be able to access protected user data |
|||||||
| x | x | ||||||
| CVE-2024-27810 [important] Maps A path handling issue was addressed with improved validation. An app may be able to read sensitive location information |
|||||||
| x | x | x | x | ||||
| CVE-2024-27852 [moderate] MarketplaceKit A privacy issue was addressed with improved client ID handling for alternative app marketplaces. A maliciously crafted webpage may be able to distribute a script that tracks users on other webpages |
|||||||
| x | |||||||
| CVE-2024-27835 [moderate] Notes This issue was addressed through improved state management. An attacker with physical access to an iOS device may be able to access notes from the lock screen |
|||||||
| x | |||||||
| CVE-2024-27803 [moderate] Screenshots A permissions issue was addressed with improved validation. An attacker with physical access may be able to share items from the lock screen |
|||||||
| x | |||||||
| CVE-2024-27821 [moderate] Shortcuts A path handling issue was addressed with improved validation. A shortcut may output sensitive user data without consent |
|||||||
| x | x | x | |||||
| CVE-2024-27847 [important] Sync Services This issue was addressed with improved checks An app may be able to bypass Privacy preferences |
|||||||
| x | x | ||||||
| CVE-2024-27796 [moderate] Voice Control The issue was addressed with improved checks. An attacker may be able to elevate privileges |
|||||||
| x | x | ||||||
| CVE-2024-27789 [important] Foundation A logic issue was addressed with improved checks. An app may be able to access user-sensitive data |
|||||||
| x | x | x | |||||
| CVE-2024-23296 [moderate] *** EXPLOITED *** RTKit A memory corruption issue was addressed with improved validation. An attacker with arbitrary kernel read and write capability may be able to bypass kernel memory protections. Apple is aware of a report that this issue may have been exploited. |
|||||||
| x | x | ||||||
| CVE-2024-27837 [moderate] AppleMobileFileIntegrity A downgrade issue was addressed with additional code-signing restrictions. A local attacker may gain access to Keychain items |
|||||||
| x | |||||||
| CVE-2024-27825 [moderate] AppleMobileFileIntegrity A downgrade issue affecting Intel-based Mac computers was addressed with additional code-signing restrictions. An app may be able to bypass certain Privacy preferences |
|||||||
| x | |||||||
| CVE-2024-27829 [moderate] AppleVA The issue was addressed with improved memory handling. Processing a file may lead to unexpected app termination or arbitrary code execution |
|||||||
| x | |||||||
| CVE-2024-23236 [moderate] CFNetwork A correctness issue was addressed with improved checks. An app may be able to read arbitrary files |
|||||||
| x | |||||||
| CVE-2024-27827 [moderate] Finder This issue was addressed through improved state management. An app may be able to read arbitrary files |
|||||||
| x | |||||||
| CVE-2024-27822 [important] PackageKit A logic issue was addressed with improved restrictions. An app may be able to gain root privileges |
|||||||
| x | |||||||
| CVE-2024-27824 [moderate] PackageKit This issue was addressed by removing the vulnerable code. An app may be able to elevate privileges |
|||||||
| x | |||||||
| CVE-2024-27813 [moderate] PrintCenter The issue was addressed with improved checks. An app may be able to execute arbitrary code out of its sandbox or with certain elevated privileges |
|||||||
| x | |||||||
| CVE-2024-27843 [moderate] SharedFileList A logic issue was addressed with improved checks. An app may be able to elevate privileges |
|||||||
| x | |||||||
| CVE-2024-27798 [moderate] StorageKit An authorization issue was addressed with improved state management. An attacker may be able to elevate privileges |
|||||||
| x | |||||||
| CVE-2024-27842 [important] udf The issue was addressed with improved checks. An app may be able to execute arbitrary code with kernel privileges |
|||||||
| x | |||||||
| CVE-2023-42861 [moderate] Login Window A logic issue was addressed with improved state management. An attacker with knowledge of a standard user's credentials can unlock another standard user's locked screen on the same Mac |
|||||||
| x | |||||||
| CVE-2024-23229 [moderate] Find My This issue was addressed with improved redaction of sensitive information. A malicious application may be able to access Find My data |
|||||||
| x | |||||||
---
Johannes B. Ullrich, Ph.D. , Dean of Research, SANS.edu
Twitter|
Keywords:
0 comment(s)
×
![modal content]()
Diary Archives
Comments