May 2024 Patch Tuesday: 9 Critical Vulnerabilities Amid 62 CVEs
Published on May 14, 2024 • Last updated on Nov 15, 2024
May 2024 Risk Analysis
Critical Vulnerabilities
CVE-2024-30020
Windows Cryptographic Services Remote Code Execution Vulnerability
A high-severity remote code execution vulnerability in Windows Cryptographic Services can be exploited through a machine-in-the-middle attack, requiring the attacker to inject malicious certificates into the target system's network communications. The vulnerability allows an unauthenticated attacker to execute arbitrary code without user interaction, potentially leading to complete system compromise, data theft, and malware propagation. Given the critical nature of cryptographic services and the high impact on system integrity, confidentiality, and availability, this vulnerability represents a significant threat to unpatched Windows systems despite its high attack complexity.
CVE-2024-30040
Windows MSHTML Platform Security Feature Bypass Vulnerability
Exploit
A security feature bypass vulnerability in the Windows MSHTML Platform enables attackers to circumvent OLE mitigations in Microsoft 365 and Office, allowing arbitrary code execution when users interact with specially crafted malicious files. The flaw requires user interaction through email or instant messenger enticement but can lead to complete system compromise, enabling attackers to install malware, modify sensitive data, and create privileged accounts in the context of the affected user. Given that this vulnerability is actively exploited in the wild and requires minimal technical complexity to exploit, it poses a significant risk to organizations using affected Microsoft products.
CVE-2024-30051
Windows DWM Core Library Elevation of Privilege Vulnerability
Exploit
A heap-based buffer overflow vulnerability in the Windows DWM Core Library allows authenticated attackers to execute arbitrary code with SYSTEM privileges through local access, requiring no user interaction. This critical security flaw affects multiple Windows versions and enables attackers to install programs, manipulate data, and create accounts with full system rights. The vulnerability's significance is heightened by active exploitation in the wild, with proof-of-concept code publicly available and confirmed weaponization by malware families like QakBot.
CVE-2024-30009
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
A remote code execution vulnerability in Windows Routing and Remote Access Service (RRAS) allows an unauthenticated attacker to execute arbitrary code when a client connects to a malicious server, despite requiring user interaction. The successful exploitation enables attackers to run malicious code with RRAS service privileges, potentially leading to program installation, data manipulation, and creation of new accounts with full user rights. This critical vulnerability poses a significant risk to enterprise networks given RRAS's widespread use in Windows environments and the extensive control it could grant attackers over compromised systems.
CVE-2024-30007
Microsoft Brokering File System Elevation of Privilege Vulnerability
A privilege escalation vulnerability in the Microsoft Brokering File System allows attackers with low-level access to bypass AppContainer isolation through improper network path validation, enabling unauthorized authentication against remote hosts using legitimate user credentials. The flaw can be exploited without user interaction to elevate from a restricted AppContainer environment to higher integrity levels, potentially granting an attacker full system access with the ability to execute code, access protected resources, and compromise system confidentiality and integrity. This vulnerability is particularly concerning because it enables scope change from a confined environment, effectively breaking out of the intended security boundaries designed to contain low-privileged processes.
CVE-2024-30006
Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
A remote code execution vulnerability in Microsoft's WDAC OLE DB provider for SQL Server can be exploited when an authenticated user is tricked into connecting to a malicious SQL server, allowing the attacker to execute arbitrary code within the context of the user's SQL client application. The flaw stems from a Use After Free condition and improper input validation, enabling attackers to send specially crafted replies that could lead to complete system compromise, including the ability to install programs, modify data, and create accounts with full user rights. Given the low attack complexity and high impact potential across confidentiality, integrity, and availability, this vulnerability represents a significant risk to organizations using affected SQL client applications.
CVE-2024-30017
Windows Hyper-V Remote Code Execution Vulnerability
A remote code execution vulnerability in Windows Hyper-V allows authenticated attackers to send malformed packets to Hyper-V Replica endpoints, potentially leading to complete system compromise through heap-based buffer overflow exploitation. The vulnerability impacts multiple Windows Server and Windows client versions running Hyper-V, with successful exploitation requiring no user interaction and potentially resulting in high-severity breaches of system confidentiality, integrity, and availability. This is particularly critical for virtualized environments as it could allow attackers to gain unauthorized control over host systems and their associated virtual machines.
CVE-2024-30044
Microsoft SharePoint Server Remote Code Execution Vulnerability
Exploit
A critical remote code execution vulnerability in Microsoft SharePoint Server allows authenticated attackers with Site Owner permissions to exploit insecure deserialization through specially crafted file uploads and API requests. When successfully exploited, an attacker can execute arbitrary code in the context of the SharePoint Server, potentially leading to complete server compromise including data theft, tampering, or service disruption. The high-severity nature of this vulnerability, combined with its low attack complexity and network-based attack vector, makes it a significant security risk for organizations running SharePoint Server deployments.
CVE-2024-30010
Windows Hyper-V Remote Code Execution Vulnerability
A remote code execution vulnerability in Windows Hyper-V allows authenticated attackers to send malformed packets to Hyper-V Replica endpoints, potentially leading to complete system compromise of the host server. The successful exploitation requires no user interaction and can result in unauthorized access to virtual machines, with severe impacts on system confidentiality, integrity, and availability. Given the critical nature of Hyper-V in enterprise virtualization environments and the potential for complete system takeover, this vulnerability poses a significant risk to organizational infrastructure.
All vulnerabilities
CVE ID | CVSS Score | Product | Trend | Exploit |
|---|---|---|---|---|
CVE-2024-30060Azure Monitor Agent Elevation of Privilege Vulnerability | CVSS 7.8 | azure_monitor_agent | - | |
CVE-2024-30059Microsoft Intune for Android Mobile Application Management Tampering Vulnerability | CVSS 6.1 | - | - | |
CVE-2024-30056Microsoft Edge (Chromium-based) Information Disclosure Vulnerability | CVSS 7.1 | edge | May 28, 2024 | |
CVE-2024-30055Microsoft Edge (Chromium-based) Spoofing Vulnerability | CVSS 5.4 | edge | May 12, 2024 | |
CVE-2024-30054Microsoft Power BI Client JavaScript SDK Information Disclosure Vulnerability | CVSS 6.5 | power_bi | - | |
CVE-2024-30053Azure Migrate Cross-Site Scripting Vulnerability | CVSS 6.5 | azure_migrate | - | |
CVE-2024-30051Windows DWM Core Library Elevation of Privilege Vulnerability | CVSS 7.8 | windows | May 14, 2024 | |
CVE-2024-30050Windows Mark of the Web Security Feature Bypass Vulnerability | CVSS 5.4 | windows | May 14, 2024 | |
CVE-2024-30049Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability | CVSS 7.8 | windows | - | |
CVE-2024-30048Dynamics 365 Customer Insights Spoofing Vulnerability | CVSS 7.6 | dynamics_365 | - | |
CVE-2024-30047Dynamics 365 Customer Insights Spoofing Vulnerability | CVSS 7.6 | dynamics_365 | - | |
CVE-2024-30046Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 7.0 and .NET 8.0. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability. A Vulnerability exist in Microsoft.AspNetCore.Server.Kestrel.Core.dll where a dead-lock can occur resulting in Denial of Service. | CVSS 5.9 | .net | May 15, 2024 | |
CVE-2024-30045Microsoft is releasing this security advisory to provide information about a vulnerability in .NET. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability. A Remote Code Execution vulnerability exists in .NET 7.0 and .NET 8.0 where a stack buffer overrun occurs in .NET Double Parse routine. | CVSS 6.3 | .net | - | |
CVE-2024-30044Microsoft SharePoint Server Remote Code Execution Vulnerability | CVSS 7.2 | sharepoint_server | May 14, 2024 | |
CVE-2024-30043This vulnerability allows remote attackers to disclose sensitive information on affected installations of Microsoft SharePoint. Authentication is required to exploit this vulnerability.<br/>The specific flaw exists within the BaseXmlDataSource class. Due to the improper restriction of XML External Entity (XXE) references, a crafted document specifying a URI causes the XML parser to access the URI and embed the contents back into the XML document for further processing. An attacker can leverage this vulnerability to disclose information in the context of the service account.<br/> Microsoft has issued an update to correct this vulnerability. More details can be found at: <br/><a href="https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30043">https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30043</a> <br/></td> | CVSS 6.5 | sharepoint_server | Jun 10, 2024 | |
CVE-2024-30042Microsoft Excel Remote Code Execution Vulnerability | CVSS 7.8 | excel | - | |
CVE-2024-30041Microsoft Bing Search Spoofing Vulnerability | CVSS 5.4 | bing | - | |
CVE-2024-30040Windows MSHTML Platform Security Feature Bypass Vulnerability | CVSS 8.8 | windows_10_1507 | May 14, 2024 | |
CVE-2024-30039Windows Remote Access Connection Manager Information Disclosure Vulnerability | CVSS 5.5 | - | - | |
CVE-2024-30038Win32k Elevation of Privilege Vulnerability | CVSS 7.8 | - | - | |
CVE-2024-30037This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.<br/>The specific flaw exists within the Common Log File System (CLFS). The issue results from the lack of proper validation of user-supplied data, which can result in an integer underflow before writing to memory. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM.<br/> Microsoft has issued an update to correct this vulnerability. More details can be found at: <br/><a href="https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30037">https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30037</a> <br/></td> | CVSS 5.5 | windows | - | |
CVE-2024-30036Windows Deployment Services Information Disclosure Vulnerability | CVSS 6.5 | - | - | |
CVE-2024-30035Windows DWM Core Library Elevation of Privilege Vulnerability | CVSS 7.8 | windows | - | |
CVE-2024-30034This vulnerability allows local attackers to disclose sensitive information on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.<br/>The specific flaw exists within the Cloud Files Mini Filter Driver, cldflt.sys. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to disclose information in the context of the kernel.<br/> Microsoft has issued an update to correct this vulnerability. More details can be found at: <br/><a href="https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30034">https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30034</a> <br/></td> | CVSS 5.5 | windows | - | |
CVE-2024-30033This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.<br/>The specific flaw exists within the Windows Search service. By creating a symbolic link, an attacker can abuse the service to delete a file. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM.<br/> Microsoft has issued an update to correct this vulnerability. More details can be found at: <br/><a href="https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30033">https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30033</a> <br/></td> | CVSS 7 | windows | - | |
CVE-2024-30032Windows DWM Core Library Elevation of Privilege Vulnerability | CVSS 7.8 | windows | - | |
CVE-2024-30031Windows CNG Key Isolation Service Elevation of Privilege Vulnerability | CVSS 7.8 | windows | - | |
CVE-2024-30030Win32k Elevation of Privilege Vulnerability | CVSS 7.8 | windows_server_2008 | - | |
CVE-2024-30029Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | CVSS 7.5 | - | - | |
CVE-2024-30028Win32k Elevation of Privilege Vulnerability | CVSS 7.8 | - | - | |
CVE-2024-30027NTFS Elevation of Privilege Vulnerability | CVSS 7.8 | - | - | |
CVE-2024-30025Windows Common Log File System Driver Elevation of Privilege Vulnerability | CVSS 7.8 | windows | - | |
CVE-2024-30024Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | CVSS 7.5 | - | - | |
CVE-2024-30023Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | CVSS 7.5 | - | - | |
CVE-2024-30022Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | CVSS 7.5 | - | - | |
CVE-2024-30021Windows Mobile Broadband Driver Remote Code Execution Vulnerability | CVSS 6.8 | windows_mobile | - | |
CVE-2024-30020Windows Cryptographic Services Remote Code Execution Vulnerability | CVSS 8.1 | windows | - | |
CVE-2024-30019DHCP Server Service Denial of Service Vulnerability | CVSS 6.5 | dhcp | - | |
CVE-2024-30018Windows Kernel Elevation of Privilege Vulnerability | CVSS 7.8 | - | - | |
CVE-2024-30017Windows Hyper-V Remote Code Execution Vulnerability | CVSS 8.8 | windows_10_1507 | - | |
CVE-2024-30016Windows Cryptographic Services Information Disclosure Vulnerability | CVSS 5.5 | - | - | |
CVE-2024-30015Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | CVSS 7.5 | - | - | |
CVE-2024-30014Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | CVSS 7.5 | - | - | |
CVE-2024-30012Windows Mobile Broadband Driver Remote Code Execution Vulnerability | CVSS 6.8 | windows_mobile | - | |
CVE-2024-30011Windows Hyper-V Denial of Service Vulnerability | CVSS 6.5 | - | - | |
CVE-2024-30010Windows Hyper-V Remote Code Execution Vulnerability | CVSS 8.8 | - | - | |
CVE-2024-30009Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | CVSS 8.8 | windows_10_1507 | - | |
CVE-2024-30008Windows DWM Core Library Information Disclosure Vulnerability | CVSS 5.5 | - | - | |
CVE-2024-30007Microsoft Brokering File System Elevation of Privilege Vulnerability | CVSS 8.8 | - | - | |
CVE-2024-30006Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | CVSS 8.8 | windows_data_access_components | - | |
CVE-2024-30005Windows Mobile Broadband Driver Remote Code Execution Vulnerability | CVSS 6.8 | windows_10_1809 | - | |
CVE-2024-30004Windows Mobile Broadband Driver Remote Code Execution Vulnerability | CVSS 6.8 | windows_10_1809 | - | |
CVE-2024-30003Windows Mobile Broadband Driver Remote Code Execution Vulnerability | CVSS 6.8 | windows_10_1809 | - | |
CVE-2024-30002Windows Mobile Broadband Driver Remote Code Execution Vulnerability | CVSS 6.8 | windows_10_1809 | - | |
CVE-2024-30001Windows Mobile Broadband Driver Remote Code Execution Vulnerability | CVSS 6.8 | windows_10_1809 | - | |
CVE-2024-30000Windows Mobile Broadband Driver Remote Code Execution Vulnerability | CVSS 6.8 | windows_10_1809 | - | |
CVE-2024-29999Windows Mobile Broadband Driver Remote Code Execution Vulnerability | CVSS 6.8 | windows_10_1809 | - | |
CVE-2024-29998Windows Mobile Broadband Driver Remote Code Execution Vulnerability | CVSS 6.8 | windows_10_1809 | - | |
CVE-2024-29997Windows Mobile Broadband Driver Remote Code Execution Vulnerability | CVSS 6.8 | windows_10_1809 | - | |
CVE-2024-29996Windows Common Log File System Driver Elevation of Privilege Vulnerability | CVSS 7.8 | windows | - | |
CVE-2024-29994Microsoft Windows SCSI Class System File Elevation of Privilege Vulnerability | CVSS 7.8 | windows | - | |
CVE-2024-26238Microsoft PLUGScheduler Scheduled Task Elevation of Privilege Vulnerability | CVSS 7.8 | - | - |
