Report Name: Microsoft Patch Tuesday, May 2024
Generated: 2024-06-13 02:16:48

Product Name	Prevalence	U	C	H	M	L	A	Comment
Windows Kernel	0.9				1		1	Windows Kernel
Windows Win32k	0.9				3		3	The Win32k.sys driver is the kernel side of some core parts of the Windows subsystem. Its main functionality is the GUI of Windows; it's responsible for window management.
Chromium	0.8				24	2	26	Chromium is a free and open-source web browser project, mainly developed and maintained by Google
Microsoft Edge	0.8				3		3	Web browser
Microsoft Windows SCSI Class System File	0.8				1		1	Windows component
Windows CNG Key Isolation Service	0.8				1		1	Windows component
Windows Cloud Files Mini Filter Driver	0.8				1		1	Windows component
Windows Common Log File System Driver	0.8				3		3	Common Log File System is a general-purpose logging subsystem that is accessible to both kernel-mode as well as user-mode applications for building high-performance transaction logs
Windows Cryptographic Services	0.8			1	1		2	Windows component
Windows DWM Core Library	0.8		1		3		4	Windows component
Windows Deployment Services	0.8				1		1	Windows component
Windows MSHTML Platform	0.8	1					1	Windows component
Windows Mark of the Web	0.8			1			1	Windows component
Windows Mobile Broadband Driver	0.8				11		11	Windows component
Windows NTFS	0.8				1		1	The default file system of the Windows NT family
Windows Remote Access Connection Manager	0.8				1		1	Windows component
Windows Routing and Remote Access Service (RRAS)	0.8			7			7	Windows component
Windows Search Service	0.8				1		1	Windows component
Windows Win32 Kernel Subsystem	0.8				1		1	Windows component
.NET and Visual Studio	0.7				1		1	.NET and Visual Studio
Microsoft Excel	0.6				1		1	MS Office product
Windows Hyper-V	0.6				3		3	Hardware virtualization component of the client editions of Windows NT
Azure Migrate	0.5				1		1	Azure Migrate
DHCP Server Service	0.5				1		1	DHCP Server Service
Dynamics 365 Customer Insights	0.5				2		2	Dynamics 365 Customer Insights
Microsoft Brokering File System	0.5				1		1	Microsoft Brokering File System
Microsoft Edge for Android (Chromium-based)	0.5				1		1	Microsoft Edge for Android (Chromium-based)
Microsoft Intune for Android Mobile Application Management	0.5				1		1	Microsoft Intune for Android Mobile Application Management
Microsoft PLUGScheduler Scheduled Task	0.5				1		1	Microsoft PLUGScheduler Scheduled Task
Microsoft Power BI Client JavaScript SDK	0.5				1		1	Microsoft Power BI Client JavaScript SDK
Microsoft SharePoint Server	0.5				2		2	Microsoft SharePoint Server
Microsoft WDAC OLE DB provider for SQL Server	0.5				1		1	Microsoft WDAC OLE DB provider for SQL Server
Git	0.4				2		2	Git
Visual Studio	0.3				1		1	Integrated development environment
Microsoft Bing Search	0.2					1	1	Microsoft Bing Search

Vulnerability Type	Criticality	U	C	H	M	L	A
Remote Code Execution	1.0			8	21		29
Security Feature Bypass	0.9	1		1	6		8
Elevation of Privilege	0.85		1		16		17
Information Disclosure	0.83				9		9
Cross Site Scripting	0.8				1		1
Denial of Service	0.7				3		3
Memory Corruption	0.5				14		14
Spoofing	0.4				6	1	7
Tampering	0.3				1		1
Unknown Vulnerability Type	0					2	2

Source	U	C	H	M	L	A
MS PT Extended				27	2	29
Qualys	1	1	1	8		11
Tenable	1	1		7		9
Rapid7	1	1		6		8
ZDI		1	1	2		4

Urgent (1)

1. Security Feature Bypass - Windows MSHTML Platform (CVE-2024-30040) - Urgent [832]

Description: Windows MSHTML Platform Security Feature Bypass Vulnerability

Qualys: CVE-2024-30040: Windows MSHTML Platform Security Feature Bypass Vulnerability Windows MSHTML is a browser engine that renders web pages frequently connected to Internet Explorer. Even though the Internet Explorer (IE) 11 desktop application has reached the end of support, MSHTML vulnerabilities are still relevant today and are being patched by Microsoft. The vulnerability can bypass OLE mitigations in Microsoft 365 and Microsoft Office, which protect users from vulnerable COM/OLE controls. An unauthenticated attacker may exploit this vulnerability to execute code by convincing a user to open a malicious document.

Tenable: Microsoft’s May 2024 Patch Tuesday Addresses 59 CVEs (CVE-2024-30051, CVE-2024-30040)

Tenable: CVE-2024-30040 | Windows MSHTML Platform Security Feature Bypass Vulnerability

Tenable: CVE-2024-30040 is a security feature bypass vulnerability in the MSHTML (Trident) engine in Microsoft Windows that was exploited in the wild as a zero-day. It was assigned a CVSSv3 score of 8.8 and is rated as important. An attacker could exploit this vulnerability by using social engineering tactics via email, social media or instant messaging to convince a target user to open a specially crafted document. Once exploited, an attacker could execute code on the target system. Discovery of this flaw is unattributed.

Rapid7: The Windows MSHTML platform receives a patch for CVE-2024-30040, a security feature bypass vulnerability for which Microsoft has evidence of exploitation in the wild, and which CISA has also listed on KEV.

Rapid7: As Rapid7 has previously noted, MSHTML (also known as Trident) is still fully present in Windows — and unpatched assets are thus vulnerable to CVE-2024-30040 — regardless of whether or not a Windows asset has Internet Explorer 11 fully disabled.

Critical (1)

2. Elevation of Privilege - Windows DWM Core Library (CVE-2024-30051) - Critical [739]

Description: Windows DWM Core Library Elevation of Privilege Vulnerability

Qualys: CVE-2024-30051: Windows DWM Core Library Elevation of Privilege Vulnerability The Microsoft Windows Desktop Window Manager (DWM) Core Library is a system manager that generates every visible element on a PC or laptop, including visual effects in menus, wallpapers, themes, and more. It has been a part of Microsoft Windows since Windows Vista and is also known as the Desktop Compositing Engine (DCE). On successful exploitation, an attacker could gain SYSTEM privileges.

Tenable: Microsoft’s May 2024 Patch Tuesday Addresses 59 CVEs (CVE-2024-30051, CVE-2024-30040)

Tenable: CVE-2024-30051 | Windows DWM Core Library Elevation of Privilege Vulnerability

Tenable: CVE-2024-30051 is an EoP vulnerability in the DWM Core Library in Microsoft Windows. It was assigned a CVSSv3 score of 7.8 and is rated as important. Microsoft noted that it was exploited in the wild as a zero-day and was publicly disclosed prior to a patch being available. A local attacker with a presence on a vulnerable system could exploit this vulnerability to gain SYSTEM privileges. Discovery of this flaw is credited to several researchers at Google Threat Analysis Group, Google Mandiant and Kaspersky. It is also credited to Quan Jin of DBAPPSecurity WeBin Lab, who disclosed CVE-2023-36033, another zero-day vulnerability in the DWM Core Library exploited in the wild that was patched in November 2023. Researchers at Kaspersky have linked this zero-day vulnerability to QakBot and other malware.

Tenable: In addition to CVE-2024-30051, Microsoft patched two other EoP vulnerabilities in the DWM Core Library (CVE-2024-30032, CVE-2024-30035) and an information disclosure vulnerability (CVE-2024-30008). All three flaws were disclosed to Microsoft by Zhang WangJunJie and He YiSheng of the Hillstone Network Security Research Institute.

Rapid7: The first of today’s zero-day vulnerabilities is CVE-2024-30051, an elevation of privilege (EoP) vulnerability in the Windows Desktop Windows Manager (DWM) Core Library which is listed on the CISA KEV list. Successful exploitation grants SYSTEM privileges. First introduced as part of Windows Vista, DWM is responsible for drawing everything on the display of a Windows system.

Rapid7: Reporters Securelist have linked exploitation of CVE-2024-30051 with deployment of QakBot malware, and the vulnerability while investigating a partial proof-of-concept contained within an unusual file originally submitted to VirusTotal by an unknown party. Securelist further notes that the exploitation method for CVE-2024-30051 is identical to a previous DWM zero-day vulnerability CVE-2023-36033, which Microsoft patched back in November 2023.

ZDI: CVE-2024-30051 – Windows DWM Core Library Elevation of Privilege Vulnerability. This bug allows attackers to escalate the SYSTEM on affected systems. These types of bugs are usually combined with a code execution bug to take over a target and are often used by ransomware. Microsoft credits four different groups for reporting the bug, which indicates the attacks are widespread. They also indicate the vulnerability is publicly known. Don’t wait to test and deploy this update as exploits are likely to increase now that a patch is available to reverse engineer.

High (9)

3. Security Feature Bypass - Windows Mark of the Web (CVE-2024-30050) - High [475]

Description: Windows Mark of the Web Security Feature Bypass Vulnerability

Qualys: Other Microsoft Vulnerability Highlights CVE-2024-29996 and CVE-2024-30025 are elevation of privilege vulnerabilities in the Windows Common Log File System Driver. On successful exploitation, an attacker could gain SYSTEM privileges. CVE-2024-30050 is a security feature bypass vulnerability in Windows Mark of the Web. An attacker might host a file on a server and convince a targeted user to download and open the file to exploit this vulnerability. An attacker may alter the functionality of the Mark of the Web on successful exploitation. CVE-2024-30032 is an elevation of privilege vulnerability in Windows DWM Core Library. On successful exploitation, an attacker could gain SYSTEM privileges. CVE-2024-30034 and CVE-2024-30035 are information disclosure vulnerabilities in the Windows Cloud Files Mini Filter Driver. On successful exploitation, an attacker may disclose certain kernel memory content. CVE-2024-30038 is an elevation of privilege vulnerability in Win32k. Successful exploitation of the vulnerability may allow a local, authenticated attacker to gain elevated local system or administrator privileges. CVE-2024-30049 is an elevation of privilege vulnerability in the Windows Win32 Kernel Subsystem. On successful exploitation, an attacker could gain SYSTEM privileges.

ZDI: CVE-2024-30050 – Windows Mark of the Web Security Feature Bypass Vulnerability. We don’t normally detail Moderate-rated bugs, but this type of security feature bypass is quite in vogue with ransomware gangs right now. They zip their payload to bypass network and host-based defenses, they use a Mark of the Web (MotW) bypass to evade SmartScreen or Protected View in Microsoft Office. While we have no indication this bug is being actively used, we see the technique used often enough to call it out. Bugs like this one show why Moderate-rated bugs shouldn’t be ignored or deprioritized.

4. Remote Code Execution - Windows Routing and Remote Access Service (RRAS) (CVE-2024-30009) - High [419]

Description: Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability

5. Remote Code Execution - Windows Cryptographic Services (CVE-2024-30020) - High [407]

Description: Windows Cryptographic Services Remote Code Execution Vulnerability

6. Remote Code Execution - Windows Routing and Remote Access Service (RRAS) (CVE-2024-30014) - High [407]

Description: Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability

7. Remote Code Execution - Windows Routing and Remote Access Service (RRAS) (CVE-2024-30015) - High [407]

Description: Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability

8. Remote Code Execution - Windows Routing and Remote Access Service (RRAS) (CVE-2024-30022) - High [407]

Description: Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability

9. Remote Code Execution - Windows Routing and Remote Access Service (RRAS) (CVE-2024-30023) - High [407]

Description: Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability

10. Remote Code Execution - Windows Routing and Remote Access Service (RRAS) (CVE-2024-30024) - High [407]

Description: Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability

11. Remote Code Execution - Windows Routing and Remote Access Service (RRAS) (CVE-2024-30029) - High [407]

Description: Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability

Medium (77)

12. Elevation of Privilege - Windows Kernel (CVE-2024-30018) - Medium [397]

Description: Windows Kernel Elevation of Privilege Vulnerability

13. Elevation of Privilege - Windows Win32k (CVE-2024-30028) - Medium [397]

Description: Win32k Elevation of Privilege Vulnerability

14. Elevation of Privilege - Windows Win32k (CVE-2024-30030) - Medium [397]

Description: Win32k Elevation of Privilege Vulnerability

15. Elevation of Privilege - Windows Win32k (CVE-2024-30038) - Medium [397]

Description: Win32k Elevation of Privilege Vulnerability

Qualys: Other Microsoft Vulnerability Highlights CVE-2024-29996 and CVE-2024-30025 are elevation of privilege vulnerabilities in the Windows Common Log File System Driver. On successful exploitation, an attacker could gain SYSTEM privileges. CVE-2024-30050 is a security feature bypass vulnerability in Windows Mark of the Web. An attacker might host a file on a server and convince a targeted user to download and open the file to exploit this vulnerability. An attacker may alter the functionality of the Mark of the Web on successful exploitation. CVE-2024-30032 is an elevation of privilege vulnerability in Windows DWM Core Library. On successful exploitation, an attacker could gain SYSTEM privileges. CVE-2024-30034 and CVE-2024-30035 are information disclosure vulnerabilities in the Windows Cloud Files Mini Filter Driver. On successful exploitation, an attacker may disclose certain kernel memory content. CVE-2024-30038 is an elevation of privilege vulnerability in Win32k. Successful exploitation of the vulnerability may allow a local, authenticated attacker to gain elevated local system or administrator privileges. CVE-2024-30049 is an elevation of privilege vulnerability in the Windows Win32 Kernel Subsystem. On successful exploitation, an attacker could gain SYSTEM privileges.

16. Information Disclosure - Microsoft Edge for Android (Chromium-based) (CVE-2024-29986) - Medium [395]

Description: Microsoft Edge for Android (Chromium-based) Information Disclosure Vulnerability

MS PT Extended: CVE-2024-29986 was published before May 2024 Patch Tuesday from 2024-04-10 to 2024-05-13

17. Remote Code Execution - Windows Mobile Broadband Driver (CVE-2024-29997) - Medium [395]

Description: Windows Mobile Broadband Driver Remote Code Execution Vulnerability

Rapid7: The Windows Mobile Broadband driver receives patches for no fewer than 11 vulnerabilities; for example, CVE-2024-29997. All 11 vulnerabilities appear very similar based on the advisories. In each case, the relatively low CVSS base score of 6.8 reflects that an attacker must be physically present and insert a malicious USB device into the target host.

18. Remote Code Execution - Windows Mobile Broadband Driver (CVE-2024-29998) - Medium [395]

Description: Windows Mobile Broadband Driver Remote Code Execution Vulnerability

19. Remote Code Execution - Windows Mobile Broadband Driver (CVE-2024-29999) - Medium [395]

Description: Windows Mobile Broadband Driver Remote Code Execution Vulnerability

20. Remote Code Execution - Windows Mobile Broadband Driver (CVE-2024-30000) - Medium [395]

Description: Windows Mobile Broadband Driver Remote Code Execution Vulnerability

21. Remote Code Execution - Windows Mobile Broadband Driver (CVE-2024-30001) - Medium [395]

Description: Windows Mobile Broadband Driver Remote Code Execution Vulnerability

22. Remote Code Execution - Windows Mobile Broadband Driver (CVE-2024-30002) - Medium [395]

Description: Windows Mobile Broadband Driver Remote Code Execution Vulnerability

23. Remote Code Execution - Windows Mobile Broadband Driver (CVE-2024-30003) - Medium [395]

Description: Windows Mobile Broadband Driver Remote Code Execution Vulnerability

24. Remote Code Execution - Windows Mobile Broadband Driver (CVE-2024-30004) - Medium [395]

Description: Windows Mobile Broadband Driver Remote Code Execution Vulnerability

25. Remote Code Execution - Windows Mobile Broadband Driver (CVE-2024-30005) - Medium [395]

Description: Windows Mobile Broadband Driver Remote Code Execution Vulnerability

26. Remote Code Execution - Windows Mobile Broadband Driver (CVE-2024-30012) - Medium [395]

Description: Windows Mobile Broadband Driver Remote Code Execution Vulnerability

27. Remote Code Execution - Windows Mobile Broadband Driver (CVE-2024-30021) - Medium [395]

Description: Windows Mobile Broadband Driver Remote Code Execution Vulnerability

28. Cross Site Scripting - Azure Migrate (CVE-2024-30053) - Medium [390]

Description: Azure Migrate Cross-Site Scripting Vulnerability

29. Remote Code Execution - .NET and Visual Studio (CVE-2024-30045) - Medium [390]

Description: .NET and Visual Studio Remote Code Execution Vulnerability

30. Remote Code Execution - Windows Hyper-V (CVE-2024-30010) - Medium [385]

Description: Windows Hyper-V Remote Code Execution Vulnerability

31. Remote Code Execution - Windows Hyper-V (CVE-2024-30017) - Medium [385]

Description: Windows Hyper-V Remote Code Execution Vulnerability

32. Elevation of Privilege - Microsoft Windows SCSI Class System File (CVE-2024-29994) - Medium [380]

Description: Microsoft Windows SCSI Class System File Elevation of Privilege Vulnerability

33. Elevation of Privilege - Windows CNG Key Isolation Service (CVE-2024-30031) - Medium [380]

Description: Windows CNG Key Isolation Service Elevation of Privilege Vulnerability

34. Elevation of Privilege - Windows Common Log File System Driver (CVE-2024-29996) - Medium [380]

Description: Windows Common Log File System Driver Elevation of Privilege Vulnerability

Qualys: Other Microsoft Vulnerability Highlights CVE-2024-29996 and CVE-2024-30025 are elevation of privilege vulnerabilities in the Windows Common Log File System Driver. On successful exploitation, an attacker could gain SYSTEM privileges. CVE-2024-30050 is a security feature bypass vulnerability in Windows Mark of the Web. An attacker might host a file on a server and convince a targeted user to download and open the file to exploit this vulnerability. An attacker may alter the functionality of the Mark of the Web on successful exploitation. CVE-2024-30032 is an elevation of privilege vulnerability in Windows DWM Core Library. On successful exploitation, an attacker could gain SYSTEM privileges. CVE-2024-30034 and CVE-2024-30035 are information disclosure vulnerabilities in the Windows Cloud Files Mini Filter Driver. On successful exploitation, an attacker may disclose certain kernel memory content. CVE-2024-30038 is an elevation of privilege vulnerability in Win32k. Successful exploitation of the vulnerability may allow a local, authenticated attacker to gain elevated local system or administrator privileges. CVE-2024-30049 is an elevation of privilege vulnerability in the Windows Win32 Kernel Subsystem. On successful exploitation, an attacker could gain SYSTEM privileges.

35. Elevation of Privilege - Windows Common Log File System Driver (CVE-2024-30025) - Medium [380]

Description: Windows Common Log File System Driver Elevation of Privilege Vulnerability

Qualys: Other Microsoft Vulnerability Highlights CVE-2024-29996 and CVE-2024-30025 are elevation of privilege vulnerabilities in the Windows Common Log File System Driver. On successful exploitation, an attacker could gain SYSTEM privileges. CVE-2024-30050 is a security feature bypass vulnerability in Windows Mark of the Web. An attacker might host a file on a server and convince a targeted user to download and open the file to exploit this vulnerability. An attacker may alter the functionality of the Mark of the Web on successful exploitation. CVE-2024-30032 is an elevation of privilege vulnerability in Windows DWM Core Library. On successful exploitation, an attacker could gain SYSTEM privileges. CVE-2024-30034 and CVE-2024-30035 are information disclosure vulnerabilities in the Windows Cloud Files Mini Filter Driver. On successful exploitation, an attacker may disclose certain kernel memory content. CVE-2024-30038 is an elevation of privilege vulnerability in Win32k. Successful exploitation of the vulnerability may allow a local, authenticated attacker to gain elevated local system or administrator privileges. CVE-2024-30049 is an elevation of privilege vulnerability in the Windows Win32 Kernel Subsystem. On successful exploitation, an attacker could gain SYSTEM privileges.

36. Elevation of Privilege - Windows Common Log File System Driver (CVE-2024-30037) - Medium [380]

Description: Windows Common Log File System Driver Elevation of Privilege Vulnerability

37. Elevation of Privilege - Windows DWM Core Library (CVE-2024-30032) - Medium [380]

Description: Windows DWM Core Library Elevation of Privilege Vulnerability

Qualys: Other Microsoft Vulnerability Highlights CVE-2024-29996 and CVE-2024-30025 are elevation of privilege vulnerabilities in the Windows Common Log File System Driver. On successful exploitation, an attacker could gain SYSTEM privileges. CVE-2024-30050 is a security feature bypass vulnerability in Windows Mark of the Web. An attacker might host a file on a server and convince a targeted user to download and open the file to exploit this vulnerability. An attacker may alter the functionality of the Mark of the Web on successful exploitation. CVE-2024-30032 is an elevation of privilege vulnerability in Windows DWM Core Library. On successful exploitation, an attacker could gain SYSTEM privileges. CVE-2024-30034 and CVE-2024-30035 are information disclosure vulnerabilities in the Windows Cloud Files Mini Filter Driver. On successful exploitation, an attacker may disclose certain kernel memory content. CVE-2024-30038 is an elevation of privilege vulnerability in Win32k. Successful exploitation of the vulnerability may allow a local, authenticated attacker to gain elevated local system or administrator privileges. CVE-2024-30049 is an elevation of privilege vulnerability in the Windows Win32 Kernel Subsystem. On successful exploitation, an attacker could gain SYSTEM privileges.

Tenable: In addition to CVE-2024-30051, Microsoft patched two other EoP vulnerabilities in the DWM Core Library (CVE-2024-30032, CVE-2024-30035) and an information disclosure vulnerability (CVE-2024-30008). All three flaws were disclosed to Microsoft by Zhang WangJunJie and He YiSheng of the Hillstone Network Security Research Institute.

38. Elevation of Privilege - Windows DWM Core Library (CVE-2024-30035) - Medium [380]

Description: Windows DWM Core Library Elevation of Privilege Vulnerability

Qualys: Other Microsoft Vulnerability Highlights CVE-2024-29996 and CVE-2024-30025 are elevation of privilege vulnerabilities in the Windows Common Log File System Driver. On successful exploitation, an attacker could gain SYSTEM privileges. CVE-2024-30050 is a security feature bypass vulnerability in Windows Mark of the Web. An attacker might host a file on a server and convince a targeted user to download and open the file to exploit this vulnerability. An attacker may alter the functionality of the Mark of the Web on successful exploitation. CVE-2024-30032 is an elevation of privilege vulnerability in Windows DWM Core Library. On successful exploitation, an attacker could gain SYSTEM privileges. CVE-2024-30034 and CVE-2024-30035 are information disclosure vulnerabilities in the Windows Cloud Files Mini Filter Driver. On successful exploitation, an attacker may disclose certain kernel memory content. CVE-2024-30038 is an elevation of privilege vulnerability in Win32k. Successful exploitation of the vulnerability may allow a local, authenticated attacker to gain elevated local system or administrator privileges. CVE-2024-30049 is an elevation of privilege vulnerability in the Windows Win32 Kernel Subsystem. On successful exploitation, an attacker could gain SYSTEM privileges.

Tenable: In addition to CVE-2024-30051, Microsoft patched two other EoP vulnerabilities in the DWM Core Library (CVE-2024-30032, CVE-2024-30035) and an information disclosure vulnerability (CVE-2024-30008). All three flaws were disclosed to Microsoft by Zhang WangJunJie and He YiSheng of the Hillstone Network Security Research Institute.

39. Elevation of Privilege - Windows NTFS (CVE-2024-30027) - Medium [380]

Description: NTFS Elevation of Privilege Vulnerability

40. Elevation of Privilege - Windows Win32 Kernel Subsystem (CVE-2024-30049) - Medium [380]

Description: Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability

Qualys: Other Microsoft Vulnerability Highlights CVE-2024-29996 and CVE-2024-30025 are elevation of privilege vulnerabilities in the Windows Common Log File System Driver. On successful exploitation, an attacker could gain SYSTEM privileges. CVE-2024-30050 is a security feature bypass vulnerability in Windows Mark of the Web. An attacker might host a file on a server and convince a targeted user to download and open the file to exploit this vulnerability. An attacker may alter the functionality of the Mark of the Web on successful exploitation. CVE-2024-30032 is an elevation of privilege vulnerability in Windows DWM Core Library. On successful exploitation, an attacker could gain SYSTEM privileges. CVE-2024-30034 and CVE-2024-30035 are information disclosure vulnerabilities in the Windows Cloud Files Mini Filter Driver. On successful exploitation, an attacker may disclose certain kernel memory content. CVE-2024-30038 is an elevation of privilege vulnerability in Win32k. Successful exploitation of the vulnerability may allow a local, authenticated attacker to gain elevated local system or administrator privileges. CVE-2024-30049 is an elevation of privilege vulnerability in the Windows Win32 Kernel Subsystem. On successful exploitation, an attacker could gain SYSTEM privileges.

41. Memory Corruption - Chromium (CVE-2024-3834) - Medium [377]

Description: Chromium: CVE-2024-3834 Use after free in Downloads. This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

MS PT Extended: CVE-2024-3834 was published before May 2024 Patch Tuesday from 2024-04-10 to 2024-05-13

42. Memory Corruption - Chromium (CVE-2024-3837) - Medium [377]

Description: Chromium: CVE-2024-3837 Use after free in QUIC. This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

MS PT Extended: CVE-2024-3837 was published before May 2024 Patch Tuesday from 2024-04-10 to 2024-05-13

43. Security Feature Bypass - Microsoft Edge (CVE-2024-29991) - Medium [377]

Description: Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability

MS PT Extended: CVE-2024-29991 was published before May 2024 Patch Tuesday from 2024-04-10 to 2024-05-13

44. Information Disclosure - Microsoft Edge (CVE-2024-29987) - Medium [376]

Description: Microsoft Edge (Chromium-based) Information Disclosure Vulnerability

MS PT Extended: CVE-2024-29987 was published before May 2024 Patch Tuesday from 2024-04-10 to 2024-05-13

45. Remote Code Execution - Microsoft Excel (CVE-2024-30042) - Medium [373]

Description: Microsoft Excel Remote Code Execution Vulnerability

Rapid7: Microsoft Excel receives a patch for CVE-2024-30042. Successful exploitation requires that an attacker convince the user to open a malicious file, which leads to code execution, presumably in the context of the user.

46. Tampering - Microsoft Intune for Android Mobile Application Management (CVE-2024-30059) - Medium [370]

Description: Microsoft Intune for Android Mobile Application Management Tampering Vulnerability

47. Remote Code Execution - Microsoft SharePoint Server (CVE-2024-30044) - Medium [369]

Description: Microsoft SharePoint Server Remote Code Execution Vulnerability

Qualys: CVE-2024-30044: Microsoft SharePoint Server Remote Code Execution Vulnerability Microsoft SharePoint is a web-based platform that allows organizations to create websites for storing, organizing, sharing, and accessing information. SharePoint is available in Microsoft 365 and can be used on PCs, Macs, and mobile devices. An authenticated attacker with Site Owner permissions or higher could upload a specially crafted file to the targeted SharePoint Server and craft specialized API requests to trigger the deserialization of the file’s parameters. Successful exploitation of the vulnerability may allow an attacker to perform remote code execution in the context of the SharePoint Server.

Tenable: CVE-2024-30044 | Microsoft SharePoint Server Remote Code Execution Vulnerability

Tenable: CVE-2024-30044 is a RCE vulnerability in Microsoft SharePoint Server. It was assigned a CVSSv3 score of 8.8 and is rated critical. This vulnerability is rated as “Exploitation More Likely.” However, exploitation of this flaw requires an attacker authenticated to a vulnerable SharePoint Server with Site Owner permissions to perform two steps: 1.) the attacker must upload a specially crafted file to the vulnerable SharePoint Server and 2.) send specially crafted API requests to the SharePoint Server in order to “trigger deserialization of file’s parameters.” Successful exploitation would result in remote code execution “in the context of the SharePoint Server.”

Rapid7: SharePoint admins are no strangers to patches for critical RCE vulnerabilities. CVE-2024-30044 allows an authenticated attacker with Site Owner permissions or higher to achieve code execution in the context of SharePoint Server via upload of a specially crafted file, followed by specific API calls to trigger deserialization of the file’s parameters.

Rapid7: Microsoft considers exploitation of CVE-2024-30044 more likely, and the low attack complexity and network attack contribute to a relatively high CVSS 3.1 base score of 8.8. The advisory also lists the privileges required vector component as low, which is debatable given the Site Owner authentication requirement for exploitation.

48. Remote Code Execution - Microsoft WDAC OLE DB provider for SQL Server (CVE-2024-30006) - Medium [369]

Description: Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability

49. Elevation of Privilege - Windows Search Service (CVE-2024-30033) - Medium [368]

Description: Windows Search Service Elevation of Privilege Vulnerability

ZDI: CVE-2024-30033 – Windows Search Service Elevation of Privilege Vulnerability. This is another bug reported through the ZDI program and has a similar impact to the bug currently being exploited, although it manifests through a different mechanism. This is a link following bug in the Windows Search service. By creating a pseudo-symlink, an attacker could redirect a delete call to delete a different file or folder as SYSTEM. We discussed how this could be used to elevate privileges here. The delete happens when restarting the service. A low-privileged user can't restart the service directly. However, this could easily be combined with a bug that allows a low-privileged user to terminate any process by PID. After failure, the service will restart automatically, successfully triggering this vulnerability.

50. Information Disclosure - Windows Deployment Services (CVE-2024-30036) - Medium [364]

Description: Windows Deployment Services Information Disclosure Vulnerability

51. Memory Corruption - Chromium (CVE-2024-3839) - Medium [353]

Description: Chromium: CVE-2024-3839 Out of bounds read in Fonts. This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

MS PT Extended: CVE-2024-3839 was published before May 2024 Patch Tuesday from 2024-04-10 to 2024-05-13

52. Information Disclosure - Windows Cloud Files Mini Filter Driver (CVE-2024-30034) - Medium [352]

Description: Windows Cloud Files Mini Filter Driver Information Disclosure Vulnerability

Qualys: Other Microsoft Vulnerability Highlights CVE-2024-29996 and CVE-2024-30025 are elevation of privilege vulnerabilities in the Windows Common Log File System Driver. On successful exploitation, an attacker could gain SYSTEM privileges. CVE-2024-30050 is a security feature bypass vulnerability in Windows Mark of the Web. An attacker might host a file on a server and convince a targeted user to download and open the file to exploit this vulnerability. An attacker may alter the functionality of the Mark of the Web on successful exploitation. CVE-2024-30032 is an elevation of privilege vulnerability in Windows DWM Core Library. On successful exploitation, an attacker could gain SYSTEM privileges. CVE-2024-30034 and CVE-2024-30035 are information disclosure vulnerabilities in the Windows Cloud Files Mini Filter Driver. On successful exploitation, an attacker may disclose certain kernel memory content. CVE-2024-30038 is an elevation of privilege vulnerability in Win32k. Successful exploitation of the vulnerability may allow a local, authenticated attacker to gain elevated local system or administrator privileges. CVE-2024-30049 is an elevation of privilege vulnerability in the Windows Win32 Kernel Subsystem. On successful exploitation, an attacker could gain SYSTEM privileges.

53. Information Disclosure - Windows Cryptographic Services (CVE-2024-30016) - Medium [352]

Description: Windows Cryptographic Services Information Disclosure Vulnerability

54. Information Disclosure - Windows DWM Core Library (CVE-2024-30008) - Medium [352]

Description: Windows DWM Core Library Information Disclosure Vulnerability

Tenable: In addition to CVE-2024-30051, Microsoft patched two other EoP vulnerabilities in the DWM Core Library (CVE-2024-30032, CVE-2024-30035) and an information disclosure vulnerability (CVE-2024-30008). All three flaws were disclosed to Microsoft by Zhang WangJunJie and He YiSheng of the Hillstone Network Security Research Institute.

55. Information Disclosure - Windows Remote Access Connection Manager (CVE-2024-30039) - Medium [352]

Description: Windows Remote Access Connection Manager Information Disclosure Vulnerability

56. Remote Code Execution - Git (CVE-2024-32002) - Medium [352]

Description: {'ms_cve_data_all': 'CVE-2024-32002 Recursive clones on case-insensitive filesystems that support symlinks are susceptible to Remote Code Execution', 'nvd_cve_data_all': 'Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, repositories with submodules can be crafted in a way that exploits a bug in Git whereby it can be fooled into writing files not into the submodule's worktree but into a `.git/` directory. This allows writing a hook that will be executed while the clone operation is still running, giving the user no opportunity to inspect the code that is being executed. The problem has been patched in versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4. If symbolic link support is disabled in Git (e.g. via `git config --global core.symlinks false`), the described attack won't work. As always, it is best to avoid cloning repositories from untrusted sources.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': '', 'combined_cve_data_all': ''}

Tenable: Microsoft patched 59 CVEs in its May 2024 Patch Tuesday release, with one rated critical, 57 rated as important and 1 rated as moderate. Two CVEs were excluded from our count (CVE-2024-32002, CVE-2024-32004) as they are GitHub assigned CVEs and not issued by Microsoft.

Rapid7: Back in 2021, Microsoft started publishing the Assigning CNA (CVE Numbering Authority) field on advisories. A welcome trend of publishing advisories for third-party software included in Microsoft products continues this month with two vulnerabilities in MinGit patched as part of the May 2024 Windows security updates. MinGit is published by GitHub and consumed by Visual Studio. CVE-2024-32002 describes a RCE vulnerability on case-insensitive filesystems that support symlinks — macOS APFS comes to mind — and CVE-2024-32004 describes RCE while cloning specially-crafted local repositories.

57. Elevation of Privilege - Microsoft Brokering File System (CVE-2024-30007) - Medium [342]

Description: Microsoft Brokering File System Elevation of Privilege Vulnerability

58. Remote Code Execution - Git (CVE-2024-32004) - Medium [340]

Description: GitHub: CVE-2024-32004 Remote Code Execution while cloning special-crafted local repositories

Tenable: Microsoft patched 59 CVEs in its May 2024 Patch Tuesday release, with one rated critical, 57 rated as important and 1 rated as moderate. Two CVEs were excluded from our count (CVE-2024-32002, CVE-2024-32004) as they are GitHub assigned CVEs and not issued by Microsoft.

Rapid7: Back in 2021, Microsoft started publishing the Assigning CNA (CVE Numbering Authority) field on advisories. A welcome trend of publishing advisories for third-party software included in Microsoft products continues this month with two vulnerabilities in MinGit patched as part of the May 2024 Windows security updates. MinGit is published by GitHub and consumed by Visual Studio. CVE-2024-32002 describes a RCE vulnerability on case-insensitive filesystems that support symlinks — macOS APFS comes to mind — and CVE-2024-32004 describes RCE while cloning specially-crafted local repositories.

59. Elevation of Privilege - Microsoft PLUGScheduler Scheduled Task (CVE-2024-26238) - Medium [330]

Description: Microsoft PLUGScheduler Scheduled Task Elevation of Privilege Vulnerability

60. Memory Corruption - Chromium (CVE-2024-4671) - Medium [329]

Description: Chromium: CVE-2024-4671 Use after free in Visuals. This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. Google is aware that an exploit for CVE-2024-4671 exists in the wild.

MS PT Extended: CVE-2024-4671 was published before May 2024 Patch Tuesday from 2024-04-10 to 2024-05-13

61. Remote Code Execution - Chromium (CVE-2024-3157) - Medium [323]

Description: Chromium: CVE-2024-3157 Out of bounds write in Compositing. This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

MS PT Extended: CVE-2024-3157 was published before May 2024 Patch Tuesday from 2024-04-10 to 2024-05-13

62. Remote Code Execution - Chromium (CVE-2024-4761) - Medium [323]

Description: Chromium: CVE-2024-4761 Out of bounds write in V8. This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. Google is aware that an exploit for CVE-2024-4761 exists in the wild.

63. Information Disclosure - Microsoft Power BI Client JavaScript SDK (CVE-2024-30054) - Medium [314]

Description: Microsoft Power BI Client JavaScript SDK Information Disclosure Vulnerability

64. Information Disclosure - Microsoft SharePoint Server (CVE-2024-30043) - Medium [314]

Description: Microsoft SharePoint Server Information Disclosure Vulnerability

ZDI: CVE-2024-30043 – Microsoft SharePoint Server Information Disclosure Vulnerability. This vulnerability was reported to Microsoft by ZDI researcher Piotr Bazydło and represents an XML external entity injection (XXE) vulnerability in Microsoft SharePoint Server 2019. An authenticated attacker could use this bug to read local files with SharePoint Farm service account user privileges. They could also perform an HTTP-based server-side request forgery (SSRF), and – most importantly – perform NLTM relaying as the SharePoint Farm service account. Bugs like this show why info disclosure vulnerabilities shouldn’t be ignored or deprioritized.

65. Denial of Service - Windows Hyper-V (CVE-2024-30011) - Medium [308]

Description: Windows Hyper-V Denial of Service Vulnerability

66. Security Feature Bypass - Chromium (CVE-2024-3840) - Medium [305]

Description: Chromium: CVE-2024-3840 Insufficient policy enforcement in Site Isolation. This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

MS PT Extended: CVE-2024-3840 was published before May 2024 Patch Tuesday from 2024-04-10 to 2024-05-13

67. Security Feature Bypass - Chromium (CVE-2024-3841) - Medium [305]

Description: Chromium: CVE-2024-3841 Insufficient data validation in Browser Switcher. This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

MS PT Extended: CVE-2024-3841 was published before May 2024 Patch Tuesday from 2024-04-10 to 2024-05-13

68. Security Feature Bypass - Chromium (CVE-2024-3843) - Medium [305]

Description: Chromium: CVE-2024-3843 Insufficient data validation in Downloads. This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

MS PT Extended: CVE-2024-3843 was published before May 2024 Patch Tuesday from 2024-04-10 to 2024-05-13

69. Security Feature Bypass - Chromium (CVE-2024-3845) - Medium [305]

Description: Inappropriate implementation in Networks in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to bypass mixed content policy via a crafted HTML page. (Chromium security severity: Low)

MS PT Extended: CVE-2024-3845 was published before May 2024 Patch Tuesday from 2024-04-10 to 2024-05-13

70. Security Feature Bypass - Chromium (CVE-2024-3847) - Medium [305]

Description: Chromium: CVE-2024-3847 Insufficient policy enforcement in WebUI. This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

MS PT Extended: CVE-2024-3847 was published before May 2024 Patch Tuesday from 2024-04-10 to 2024-05-13

71. Spoofing - Chromium (CVE-2024-3838) - Medium [300]

Description: Inappropriate implementation in Autofill in Google Chrome prior to 124.0.6367.60 allowed an attacker who convinced a user to install a malicious app to perform UI spoofing via a crafted app. (Chromium security severity: Medium)

MS PT Extended: CVE-2024-3838 was published before May 2024 Patch Tuesday from 2024-04-10 to 2024-05-13

72. Denial of Service - DHCP Server Service (CVE-2024-30019) - Medium [291]

Description: DHCP Server Service Denial of Service Vulnerability

73. Spoofing - Microsoft Edge (CVE-2024-30055) - Medium [276]

Description: Microsoft Edge (Chromium-based) Spoofing Vulnerability

MS PT Extended: CVE-2024-30055 was published before May 2024 Patch Tuesday from 2024-04-10 to 2024-05-13

74. Denial of Service - Visual Studio (CVE-2024-30046) - Medium [258]

Description: Visual Studio Denial of Service Vulnerability

Tenable: CVE-2024-30046 | Visual Studio Denial of Service Vulnerability

Tenable: CVE-2024-30046 is a denial of service (DoS) vulnerability affecting multiple versions of Microsoft Visual Studio 2022. It was assigned a CVSSv3 score of 5.9 and is rated important. It is listed as being publicly disclosed prior to a patch being made available. It is rated as “Exploitation Less Likely” according to Microsoft’s Exploitability Index and its Attack Complexity rating is listed as High. This is due to the fact that an attacker would need to “invest time in repeated exploitation attempts” through the sending of “constant or intermittent data” to a targeted system. DoS attacks often require a steady stream of requests in order to overwhelm a target system, so these ratings are expected.

Rapid7: Microsoft describes CVE-2024-30046 as requiring a highly complex attack to win a race condition through “[the investment of] time in repeated exploitation attempts through sending constant or intermittent data”. Since all data sent anywhere is transmitted either constantly or intermittently, and the rest of the advisory is short on detail, the potential impact of exploitation remains unclear.

75. Spoofing - Dynamics 365 Customer Insights (CVE-2024-30047) - Medium [250]

Description: Dynamics 365 Customer Insights Spoofing Vulnerability

76. Spoofing - Dynamics 365 Customer Insights (CVE-2024-30048) - Medium [250]

Description: Dynamics 365 Customer Insights Spoofing Vulnerability

77. Memory Corruption - Chromium (CVE-2024-3914) - Medium [246]

Description: Chromium: CVE-2024-3914 Use after free in V8. This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

MS PT Extended: CVE-2024-3914 was published before May 2024 Patch Tuesday from 2024-04-10 to 2024-05-13

78. Memory Corruption - Chromium (CVE-2024-3515) - Medium [234]

Description: Chromium: CVE-2024-3515 Use after free in Dawn. This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

MS PT Extended: CVE-2024-3515 was published before May 2024 Patch Tuesday from 2024-04-10 to 2024-05-13

79. Memory Corruption - Chromium (CVE-2024-3516) - Medium [234]

Description: Chromium: CVE-2024-3516 Heap buffer overflow in ANGLE. This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

MS PT Extended: CVE-2024-3516 was published before May 2024 Patch Tuesday from 2024-04-10 to 2024-05-13

80. Memory Corruption - Chromium (CVE-2024-4058) - Medium [234]

Description: Chromium: CVE-2024-4058 Type Confusion in ANGLE. This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

MS PT Extended: CVE-2024-4058 was published before May 2024 Patch Tuesday from 2024-04-10 to 2024-05-13

81. Memory Corruption - Chromium (CVE-2024-4059) - Medium [234]

Description: Chromium: CVE-2024-4059 Out of bounds read in V8 API. This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

MS PT Extended: CVE-2024-4059 was published before May 2024 Patch Tuesday from 2024-04-10 to 2024-05-13

82. Memory Corruption - Chromium (CVE-2024-4060) - Medium [234]

Description: Chromium: CVE-2024-4060 Use after free in Dawn. This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

MS PT Extended: CVE-2024-4060 was published before May 2024 Patch Tuesday from 2024-04-10 to 2024-05-13

83. Memory Corruption - Chromium (CVE-2024-4331) - Medium [234]

Description: Chromium: CVE-2024-4331 Use after free in Picture In Picture. This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

MS PT Extended: CVE-2024-4331 was published before May 2024 Patch Tuesday from 2024-04-10 to 2024-05-13

84. Memory Corruption - Chromium (CVE-2024-4368) - Medium [234]

Description: Chromium: CVE-2024-4368 Use after free in Dawn. This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

MS PT Extended: CVE-2024-4368 was published before May 2024 Patch Tuesday from 2024-04-10 to 2024-05-13

85. Memory Corruption - Chromium (CVE-2024-4558) - Medium [234]

Description: Chromium: CVE-2024-4558 Use after free in ANGLE. This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

MS PT Extended: CVE-2024-4558 was published before May 2024 Patch Tuesday from 2024-04-10 to 2024-05-13

86. Memory Corruption - Chromium (CVE-2024-4559) - Medium [234]

Description: Chromium: CVE-2024-4559 Heap buffer overflow in WebAudio. This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

MS PT Extended: CVE-2024-4559 was published before May 2024 Patch Tuesday from 2024-04-10 to 2024-05-13

87. Spoofing - Chromium (CVE-2024-3844) - Medium [216]

Description: Inappropriate implementation in Extensions in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to perform UI spoofing via a crafted Chrome Extension. (Chromium security severity: Low)

MS PT Extended: CVE-2024-3844 was published before May 2024 Patch Tuesday from 2024-04-10 to 2024-05-13

88. Spoofing - Chromium (CVE-2024-3846) - Medium [216]

Description: Inappropriate implementation in Prompts in Google Chrome prior to 124.0.6367.60 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)

MS PT Extended: CVE-2024-3846 was published before May 2024 Patch Tuesday from 2024-04-10 to 2024-05-13

Low (3)

89. Spoofing - Microsoft Bing Search (CVE-2024-30041) - Low [164]

Description: Microsoft Bing Search Spoofing Vulnerability

90. Unknown Vulnerability Type - Chromium (CVE-2024-3832) - Low [145]

Description: {'ms_cve_data_all': 'Chromium: CVE-2024-3832 Object corruption in V8. This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.\n', 'nvd_cve_data_all': 'Object corruption in V8 in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High)', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'Object corruption in V8 in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High)', 'combined_cve_data_all': ''}

MS PT Extended: CVE-2024-3832 was published before May 2024 Patch Tuesday from 2024-04-10 to 2024-05-13

91. Unknown Vulnerability Type - Chromium (CVE-2024-3833) - Low [145]

Description: {'ms_cve_data_all': 'Chromium: CVE-2024-3833 Object corruption in WebAssembly. This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.\n', 'nvd_cve_data_all': 'Object corruption in WebAssembly in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High)', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'Object corruption in WebAssembly in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High)', 'combined_cve_data_all': ''}

MS PT Extended: CVE-2024-3833 was published before May 2024 Patch Tuesday from 2024-04-10 to 2024-05-13

Exploitation in the wild detected (2)

Security Feature Bypass (1)

• Windows MSHTML Platform (CVE-2024-30040)

Qualys: CVE-2024-30040: Windows MSHTML Platform Security Feature Bypass Vulnerability Windows MSHTML is a browser engine that renders web pages frequently connected to Internet Explorer. Even though the Internet Explorer (IE) 11 desktop application has reached the end of support, MSHTML vulnerabilities are still relevant today and are being patched by Microsoft. The vulnerability can bypass OLE mitigations in Microsoft 365 and Microsoft Office, which protect users from vulnerable COM/OLE controls. An unauthenticated attacker may exploit this vulnerability to execute code by convincing a user to open a malicious document.

Tenable: Microsoft’s May 2024 Patch Tuesday Addresses 59 CVEs (CVE-2024-30051, CVE-2024-30040)

Tenable: CVE-2024-30040 | Windows MSHTML Platform Security Feature Bypass Vulnerability

Tenable: CVE-2024-30040 is a security feature bypass vulnerability in the MSHTML (Trident) engine in Microsoft Windows that was exploited in the wild as a zero-day. It was assigned a CVSSv3 score of 8.8 and is rated as important. An attacker could exploit this vulnerability by using social engineering tactics via email, social media or instant messaging to convince a target user to open a specially crafted document. Once exploited, an attacker could execute code on the target system. Discovery of this flaw is unattributed.

Rapid7: The Windows MSHTML platform receives a patch for CVE-2024-30040, a security feature bypass vulnerability for which Microsoft has evidence of exploitation in the wild, and which CISA has also listed on KEV.

Rapid7: As Rapid7 has previously noted, MSHTML (also known as Trident) is still fully present in Windows — and unpatched assets are thus vulnerable to CVE-2024-30040 — regardless of whether or not a Windows asset has Internet Explorer 11 fully disabled.

Elevation of Privilege (1)

• Windows DWM Core Library (CVE-2024-30051)

Qualys: CVE-2024-30051: Windows DWM Core Library Elevation of Privilege Vulnerability The Microsoft Windows Desktop Window Manager (DWM) Core Library is a system manager that generates every visible element on a PC or laptop, including visual effects in menus, wallpapers, themes, and more. It has been a part of Microsoft Windows since Windows Vista and is also known as the Desktop Compositing Engine (DCE). On successful exploitation, an attacker could gain SYSTEM privileges.

Tenable: Microsoft’s May 2024 Patch Tuesday Addresses 59 CVEs (CVE-2024-30051, CVE-2024-30040)

Tenable: CVE-2024-30051 | Windows DWM Core Library Elevation of Privilege Vulnerability

Tenable: CVE-2024-30051 is an EoP vulnerability in the DWM Core Library in Microsoft Windows. It was assigned a CVSSv3 score of 7.8 and is rated as important. Microsoft noted that it was exploited in the wild as a zero-day and was publicly disclosed prior to a patch being available. A local attacker with a presence on a vulnerable system could exploit this vulnerability to gain SYSTEM privileges. Discovery of this flaw is credited to several researchers at Google Threat Analysis Group, Google Mandiant and Kaspersky. It is also credited to Quan Jin of DBAPPSecurity WeBin Lab, who disclosed CVE-2023-36033, another zero-day vulnerability in the DWM Core Library exploited in the wild that was patched in November 2023. Researchers at Kaspersky have linked this zero-day vulnerability to QakBot and other malware.

Tenable: In addition to CVE-2024-30051, Microsoft patched two other EoP vulnerabilities in the DWM Core Library (CVE-2024-30032, CVE-2024-30035) and an information disclosure vulnerability (CVE-2024-30008). All three flaws were disclosed to Microsoft by Zhang WangJunJie and He YiSheng of the Hillstone Network Security Research Institute.

Rapid7: The first of today’s zero-day vulnerabilities is CVE-2024-30051, an elevation of privilege (EoP) vulnerability in the Windows Desktop Windows Manager (DWM) Core Library which is listed on the CISA KEV list. Successful exploitation grants SYSTEM privileges. First introduced as part of Windows Vista, DWM is responsible for drawing everything on the display of a Windows system.

Rapid7: Reporters Securelist have linked exploitation of CVE-2024-30051 with deployment of QakBot malware, and the vulnerability while investigating a partial proof-of-concept contained within an unusual file originally submitted to VirusTotal by an unknown party. Securelist further notes that the exploitation method for CVE-2024-30051 is identical to a previous DWM zero-day vulnerability CVE-2023-36033, which Microsoft patched back in November 2023.

ZDI: CVE-2024-30051 – Windows DWM Core Library Elevation of Privilege Vulnerability. This bug allows attackers to escalate the SYSTEM on affected systems. These types of bugs are usually combined with a code execution bug to take over a target and are often used by ransomware. Microsoft credits four different groups for reporting the bug, which indicates the attacks are widespread. They also indicate the vulnerability is publicly known. Don’t wait to test and deploy this update as exploits are likely to increase now that a patch is available to reverse engineer.

Public exploit exists, but exploitation in the wild is NOT detected (0)

Other Vulnerabilities (89)

Security Feature Bypass (7)

• Windows Mark of the Web (CVE-2024-30050)

Qualys: Other Microsoft Vulnerability Highlights CVE-2024-29996 and CVE-2024-30025 are elevation of privilege vulnerabilities in the Windows Common Log File System Driver. On successful exploitation, an attacker could gain SYSTEM privileges. CVE-2024-30050 is a security feature bypass vulnerability in Windows Mark of the Web. An attacker might host a file on a server and convince a targeted user to download and open the file to exploit this vulnerability. An attacker may alter the functionality of the Mark of the Web on successful exploitation. CVE-2024-30032 is an elevation of privilege vulnerability in Windows DWM Core Library. On successful exploitation, an attacker could gain SYSTEM privileges. CVE-2024-30034 and CVE-2024-30035 are information disclosure vulnerabilities in the Windows Cloud Files Mini Filter Driver. On successful exploitation, an attacker may disclose certain kernel memory content. CVE-2024-30038 is an elevation of privilege vulnerability in Win32k. Successful exploitation of the vulnerability may allow a local, authenticated attacker to gain elevated local system or administrator privileges. CVE-2024-30049 is an elevation of privilege vulnerability in the Windows Win32 Kernel Subsystem. On successful exploitation, an attacker could gain SYSTEM privileges.

ZDI: CVE-2024-30050 – Windows Mark of the Web Security Feature Bypass Vulnerability. We don’t normally detail Moderate-rated bugs, but this type of security feature bypass is quite in vogue with ransomware gangs right now. They zip their payload to bypass network and host-based defenses, they use a Mark of the Web (MotW) bypass to evade SmartScreen or Protected View in Microsoft Office. While we have no indication this bug is being actively used, we see the technique used often enough to call it out. Bugs like this one show why Moderate-rated bugs shouldn’t be ignored or deprioritized.

• Microsoft Edge (CVE-2024-29991)

MS PT Extended: CVE-2024-29991 was published before May 2024 Patch Tuesday from 2024-04-10 to 2024-05-13

• Chromium (CVE-2024-3840, CVE-2024-3841, CVE-2024-3843, CVE-2024-3845, CVE-2024-3847)

MS PT Extended: CVE-2024-3840 was published before May 2024 Patch Tuesday from 2024-04-10 to 2024-05-13

MS PT Extended: CVE-2024-3841 was published before May 2024 Patch Tuesday from 2024-04-10 to 2024-05-13

MS PT Extended: CVE-2024-3843 was published before May 2024 Patch Tuesday from 2024-04-10 to 2024-05-13

MS PT Extended: CVE-2024-3847 was published before May 2024 Patch Tuesday from 2024-04-10 to 2024-05-13

MS PT Extended: CVE-2024-3845 was published before May 2024 Patch Tuesday from 2024-04-10 to 2024-05-13

Remote Code Execution (29)

• Windows Routing and Remote Access Service (RRAS) (CVE-2024-30009, CVE-2024-30014, CVE-2024-30015, CVE-2024-30022, CVE-2024-30023, CVE-2024-30024, CVE-2024-30029)
• Windows Cryptographic Services (CVE-2024-30020)
• Windows Mobile Broadband Driver (CVE-2024-29997, CVE-2024-29998, CVE-2024-29999, CVE-2024-30000, CVE-2024-30001, CVE-2024-30002, CVE-2024-30003, CVE-2024-30004, CVE-2024-30005, CVE-2024-30012, CVE-2024-30021)

Rapid7: The Windows Mobile Broadband driver receives patches for no fewer than 11 vulnerabilities; for example, CVE-2024-29997. All 11 vulnerabilities appear very similar based on the advisories. In each case, the relatively low CVSS base score of 6.8 reflects that an attacker must be physically present and insert a malicious USB device into the target host.

• .NET and Visual Studio (CVE-2024-30045)
• Windows Hyper-V (CVE-2024-30010, CVE-2024-30017)
• Microsoft Excel (CVE-2024-30042)

Rapid7: Microsoft Excel receives a patch for CVE-2024-30042. Successful exploitation requires that an attacker convince the user to open a malicious file, which leads to code execution, presumably in the context of the user.

• Microsoft SharePoint Server (CVE-2024-30044)

Qualys: CVE-2024-30044: Microsoft SharePoint Server Remote Code Execution Vulnerability Microsoft SharePoint is a web-based platform that allows organizations to create websites for storing, organizing, sharing, and accessing information. SharePoint is available in Microsoft 365 and can be used on PCs, Macs, and mobile devices. An authenticated attacker with Site Owner permissions or higher could upload a specially crafted file to the targeted SharePoint Server and craft specialized API requests to trigger the deserialization of the file’s parameters. Successful exploitation of the vulnerability may allow an attacker to perform remote code execution in the context of the SharePoint Server.

Tenable: CVE-2024-30044 | Microsoft SharePoint Server Remote Code Execution Vulnerability

Tenable: CVE-2024-30044 is a RCE vulnerability in Microsoft SharePoint Server. It was assigned a CVSSv3 score of 8.8 and is rated critical. This vulnerability is rated as “Exploitation More Likely.” However, exploitation of this flaw requires an attacker authenticated to a vulnerable SharePoint Server with Site Owner permissions to perform two steps: 1.) the attacker must upload a specially crafted file to the vulnerable SharePoint Server and 2.) send specially crafted API requests to the SharePoint Server in order to “trigger deserialization of file’s parameters.” Successful exploitation would result in remote code execution “in the context of the SharePoint Server.”

Rapid7: SharePoint admins are no strangers to patches for critical RCE vulnerabilities. CVE-2024-30044 allows an authenticated attacker with Site Owner permissions or higher to achieve code execution in the context of SharePoint Server via upload of a specially crafted file, followed by specific API calls to trigger deserialization of the file’s parameters.

Rapid7: Microsoft considers exploitation of CVE-2024-30044 more likely, and the low attack complexity and network attack contribute to a relatively high CVSS 3.1 base score of 8.8. The advisory also lists the privileges required vector component as low, which is debatable given the Site Owner authentication requirement for exploitation.

• Microsoft WDAC OLE DB provider for SQL Server (CVE-2024-30006)
• Git (CVE-2024-32002, CVE-2024-32004)

Tenable: Microsoft patched 59 CVEs in its May 2024 Patch Tuesday release, with one rated critical, 57 rated as important and 1 rated as moderate. Two CVEs were excluded from our count (CVE-2024-32002, CVE-2024-32004) as they are GitHub assigned CVEs and not issued by Microsoft.

Rapid7: Back in 2021, Microsoft started publishing the Assigning CNA (CVE Numbering Authority) field on advisories. A welcome trend of publishing advisories for third-party software included in Microsoft products continues this month with two vulnerabilities in MinGit patched as part of the May 2024 Windows security updates. MinGit is published by GitHub and consumed by Visual Studio. CVE-2024-32002 describes a RCE vulnerability on case-insensitive filesystems that support symlinks — macOS APFS comes to mind — and CVE-2024-32004 describes RCE while cloning specially-crafted local repositories.

• Chromium (CVE-2024-3157, CVE-2024-4761)

MS PT Extended: CVE-2024-3157 was published before May 2024 Patch Tuesday from 2024-04-10 to 2024-05-13

Elevation of Privilege (16)

• Windows Kernel (CVE-2024-30018)
• Windows Win32k (CVE-2024-30028, CVE-2024-30030, CVE-2024-30038)

Qualys: Other Microsoft Vulnerability Highlights CVE-2024-29996 and CVE-2024-30025 are elevation of privilege vulnerabilities in the Windows Common Log File System Driver. On successful exploitation, an attacker could gain SYSTEM privileges. CVE-2024-30050 is a security feature bypass vulnerability in Windows Mark of the Web. An attacker might host a file on a server and convince a targeted user to download and open the file to exploit this vulnerability. An attacker may alter the functionality of the Mark of the Web on successful exploitation. CVE-2024-30032 is an elevation of privilege vulnerability in Windows DWM Core Library. On successful exploitation, an attacker could gain SYSTEM privileges. CVE-2024-30034 and CVE-2024-30035 are information disclosure vulnerabilities in the Windows Cloud Files Mini Filter Driver. On successful exploitation, an attacker may disclose certain kernel memory content. CVE-2024-30038 is an elevation of privilege vulnerability in Win32k. Successful exploitation of the vulnerability may allow a local, authenticated attacker to gain elevated local system or administrator privileges. CVE-2024-30049 is an elevation of privilege vulnerability in the Windows Win32 Kernel Subsystem. On successful exploitation, an attacker could gain SYSTEM privileges.

• Microsoft Windows SCSI Class System File (CVE-2024-29994)
• Windows CNG Key Isolation Service (CVE-2024-30031)
• Windows Common Log File System Driver (CVE-2024-29996, CVE-2024-30025, CVE-2024-30037)

Qualys: Other Microsoft Vulnerability Highlights CVE-2024-29996 and CVE-2024-30025 are elevation of privilege vulnerabilities in the Windows Common Log File System Driver. On successful exploitation, an attacker could gain SYSTEM privileges. CVE-2024-30050 is a security feature bypass vulnerability in Windows Mark of the Web. An attacker might host a file on a server and convince a targeted user to download and open the file to exploit this vulnerability. An attacker may alter the functionality of the Mark of the Web on successful exploitation. CVE-2024-30032 is an elevation of privilege vulnerability in Windows DWM Core Library. On successful exploitation, an attacker could gain SYSTEM privileges. CVE-2024-30034 and CVE-2024-30035 are information disclosure vulnerabilities in the Windows Cloud Files Mini Filter Driver. On successful exploitation, an attacker may disclose certain kernel memory content. CVE-2024-30038 is an elevation of privilege vulnerability in Win32k. Successful exploitation of the vulnerability may allow a local, authenticated attacker to gain elevated local system or administrator privileges. CVE-2024-30049 is an elevation of privilege vulnerability in the Windows Win32 Kernel Subsystem. On successful exploitation, an attacker could gain SYSTEM privileges.

• Windows DWM Core Library (CVE-2024-30032, CVE-2024-30035)

Qualys: Other Microsoft Vulnerability Highlights CVE-2024-29996 and CVE-2024-30025 are elevation of privilege vulnerabilities in the Windows Common Log File System Driver. On successful exploitation, an attacker could gain SYSTEM privileges. CVE-2024-30050 is a security feature bypass vulnerability in Windows Mark of the Web. An attacker might host a file on a server and convince a targeted user to download and open the file to exploit this vulnerability. An attacker may alter the functionality of the Mark of the Web on successful exploitation. CVE-2024-30032 is an elevation of privilege vulnerability in Windows DWM Core Library. On successful exploitation, an attacker could gain SYSTEM privileges. CVE-2024-30034 and CVE-2024-30035 are information disclosure vulnerabilities in the Windows Cloud Files Mini Filter Driver. On successful exploitation, an attacker may disclose certain kernel memory content. CVE-2024-30038 is an elevation of privilege vulnerability in Win32k. Successful exploitation of the vulnerability may allow a local, authenticated attacker to gain elevated local system or administrator privileges. CVE-2024-30049 is an elevation of privilege vulnerability in the Windows Win32 Kernel Subsystem. On successful exploitation, an attacker could gain SYSTEM privileges.

Tenable: In addition to CVE-2024-30051, Microsoft patched two other EoP vulnerabilities in the DWM Core Library (CVE-2024-30032, CVE-2024-30035) and an information disclosure vulnerability (CVE-2024-30008). All three flaws were disclosed to Microsoft by Zhang WangJunJie and He YiSheng of the Hillstone Network Security Research Institute.

• Windows NTFS (CVE-2024-30027)
• Windows Win32 Kernel Subsystem (CVE-2024-30049)

Qualys: Other Microsoft Vulnerability Highlights CVE-2024-29996 and CVE-2024-30025 are elevation of privilege vulnerabilities in the Windows Common Log File System Driver. On successful exploitation, an attacker could gain SYSTEM privileges. CVE-2024-30050 is a security feature bypass vulnerability in Windows Mark of the Web. An attacker might host a file on a server and convince a targeted user to download and open the file to exploit this vulnerability. An attacker may alter the functionality of the Mark of the Web on successful exploitation. CVE-2024-30032 is an elevation of privilege vulnerability in Windows DWM Core Library. On successful exploitation, an attacker could gain SYSTEM privileges. CVE-2024-30034 and CVE-2024-30035 are information disclosure vulnerabilities in the Windows Cloud Files Mini Filter Driver. On successful exploitation, an attacker may disclose certain kernel memory content. CVE-2024-30038 is an elevation of privilege vulnerability in Win32k. Successful exploitation of the vulnerability may allow a local, authenticated attacker to gain elevated local system or administrator privileges. CVE-2024-30049 is an elevation of privilege vulnerability in the Windows Win32 Kernel Subsystem. On successful exploitation, an attacker could gain SYSTEM privileges.

• Windows Search Service (CVE-2024-30033)

ZDI: CVE-2024-30033 – Windows Search Service Elevation of Privilege Vulnerability. This is another bug reported through the ZDI program and has a similar impact to the bug currently being exploited, although it manifests through a different mechanism. This is a link following bug in the Windows Search service. By creating a pseudo-symlink, an attacker could redirect a delete call to delete a different file or folder as SYSTEM. We discussed how this could be used to elevate privileges here. The delete happens when restarting the service. A low-privileged user can't restart the service directly. However, this could easily be combined with a bug that allows a low-privileged user to terminate any process by PID. After failure, the service will restart automatically, successfully triggering this vulnerability.

• Microsoft Brokering File System (CVE-2024-30007)
• Microsoft PLUGScheduler Scheduled Task (CVE-2024-26238)

Information Disclosure (9)

• Microsoft Edge for Android (Chromium-based) (CVE-2024-29986)

MS PT Extended: CVE-2024-29986 was published before May 2024 Patch Tuesday from 2024-04-10 to 2024-05-13

• Microsoft Edge (CVE-2024-29987)

MS PT Extended: CVE-2024-29987 was published before May 2024 Patch Tuesday from 2024-04-10 to 2024-05-13

• Windows Deployment Services (CVE-2024-30036)
• Windows Cloud Files Mini Filter Driver (CVE-2024-30034)

Qualys: Other Microsoft Vulnerability Highlights CVE-2024-29996 and CVE-2024-30025 are elevation of privilege vulnerabilities in the Windows Common Log File System Driver. On successful exploitation, an attacker could gain SYSTEM privileges. CVE-2024-30050 is a security feature bypass vulnerability in Windows Mark of the Web. An attacker might host a file on a server and convince a targeted user to download and open the file to exploit this vulnerability. An attacker may alter the functionality of the Mark of the Web on successful exploitation. CVE-2024-30032 is an elevation of privilege vulnerability in Windows DWM Core Library. On successful exploitation, an attacker could gain SYSTEM privileges. CVE-2024-30034 and CVE-2024-30035 are information disclosure vulnerabilities in the Windows Cloud Files Mini Filter Driver. On successful exploitation, an attacker may disclose certain kernel memory content. CVE-2024-30038 is an elevation of privilege vulnerability in Win32k. Successful exploitation of the vulnerability may allow a local, authenticated attacker to gain elevated local system or administrator privileges. CVE-2024-30049 is an elevation of privilege vulnerability in the Windows Win32 Kernel Subsystem. On successful exploitation, an attacker could gain SYSTEM privileges.

• Windows Cryptographic Services (CVE-2024-30016)
• Windows DWM Core Library (CVE-2024-30008)

Tenable: In addition to CVE-2024-30051, Microsoft patched two other EoP vulnerabilities in the DWM Core Library (CVE-2024-30032, CVE-2024-30035) and an information disclosure vulnerability (CVE-2024-30008). All three flaws were disclosed to Microsoft by Zhang WangJunJie and He YiSheng of the Hillstone Network Security Research Institute.

• Windows Remote Access Connection Manager (CVE-2024-30039)
• Microsoft Power BI Client JavaScript SDK (CVE-2024-30054)
• Microsoft SharePoint Server (CVE-2024-30043)

ZDI: CVE-2024-30043 – Microsoft SharePoint Server Information Disclosure Vulnerability. This vulnerability was reported to Microsoft by ZDI researcher Piotr Bazydło and represents an XML external entity injection (XXE) vulnerability in Microsoft SharePoint Server 2019. An authenticated attacker could use this bug to read local files with SharePoint Farm service account user privileges. They could also perform an HTTP-based server-side request forgery (SSRF), and – most importantly – perform NLTM relaying as the SharePoint Farm service account. Bugs like this show why info disclosure vulnerabilities shouldn’t be ignored or deprioritized.

Cross Site Scripting (1)

• Azure Migrate (CVE-2024-30053)

Memory Corruption (14)

• Chromium (CVE-2024-3515, CVE-2024-3516, CVE-2024-3834, CVE-2024-3837, CVE-2024-3839, CVE-2024-3914, CVE-2024-4058, CVE-2024-4059, CVE-2024-4060, CVE-2024-4331, CVE-2024-4368, CVE-2024-4558, CVE-2024-4559, CVE-2024-4671)

MS PT Extended: CVE-2024-3515 was published before May 2024 Patch Tuesday from 2024-04-10 to 2024-05-13

MS PT Extended: CVE-2024-3914 was published before May 2024 Patch Tuesday from 2024-04-10 to 2024-05-13

MS PT Extended: CVE-2024-4060 was published before May 2024 Patch Tuesday from 2024-04-10 to 2024-05-13

MS PT Extended: CVE-2024-4059 was published before May 2024 Patch Tuesday from 2024-04-10 to 2024-05-13

MS PT Extended: CVE-2024-3516 was published before May 2024 Patch Tuesday from 2024-04-10 to 2024-05-13

MS PT Extended: CVE-2024-4671 was published before May 2024 Patch Tuesday from 2024-04-10 to 2024-05-13

MS PT Extended: CVE-2024-3834 was published before May 2024 Patch Tuesday from 2024-04-10 to 2024-05-13

MS PT Extended: CVE-2024-3839 was published before May 2024 Patch Tuesday from 2024-04-10 to 2024-05-13

MS PT Extended: CVE-2024-4331 was published before May 2024 Patch Tuesday from 2024-04-10 to 2024-05-13

MS PT Extended: CVE-2024-4559 was published before May 2024 Patch Tuesday from 2024-04-10 to 2024-05-13

MS PT Extended: CVE-2024-4368 was published before May 2024 Patch Tuesday from 2024-04-10 to 2024-05-13

MS PT Extended: CVE-2024-4558 was published before May 2024 Patch Tuesday from 2024-04-10 to 2024-05-13

MS PT Extended: CVE-2024-3837 was published before May 2024 Patch Tuesday from 2024-04-10 to 2024-05-13

MS PT Extended: CVE-2024-4058 was published before May 2024 Patch Tuesday from 2024-04-10 to 2024-05-13

Tampering (1)

• Microsoft Intune for Android Mobile Application Management (CVE-2024-30059)

Denial of Service (3)

• Windows Hyper-V (CVE-2024-30011)
• DHCP Server Service (CVE-2024-30019)
• Visual Studio (CVE-2024-30046)

Tenable: CVE-2024-30046 | Visual Studio Denial of Service Vulnerability

Tenable: CVE-2024-30046 is a denial of service (DoS) vulnerability affecting multiple versions of Microsoft Visual Studio 2022. It was assigned a CVSSv3 score of 5.9 and is rated important. It is listed as being publicly disclosed prior to a patch being made available. It is rated as “Exploitation Less Likely” according to Microsoft’s Exploitability Index and its Attack Complexity rating is listed as High. This is due to the fact that an attacker would need to “invest time in repeated exploitation attempts” through the sending of “constant or intermittent data” to a targeted system. DoS attacks often require a steady stream of requests in order to overwhelm a target system, so these ratings are expected.

Rapid7: Microsoft describes CVE-2024-30046 as requiring a highly complex attack to win a race condition through “[the investment of] time in repeated exploitation attempts through sending constant or intermittent data”. Since all data sent anywhere is transmitted either constantly or intermittently, and the rest of the advisory is short on detail, the potential impact of exploitation remains unclear.

Spoofing (7)

• Chromium (CVE-2024-3838, CVE-2024-3844, CVE-2024-3846)

MS PT Extended: CVE-2024-3838 was published before May 2024 Patch Tuesday from 2024-04-10 to 2024-05-13

MS PT Extended: CVE-2024-3844 was published before May 2024 Patch Tuesday from 2024-04-10 to 2024-05-13

MS PT Extended: CVE-2024-3846 was published before May 2024 Patch Tuesday from 2024-04-10 to 2024-05-13

• Microsoft Edge (CVE-2024-30055)

MS PT Extended: CVE-2024-30055 was published before May 2024 Patch Tuesday from 2024-04-10 to 2024-05-13

• Dynamics 365 Customer Insights (CVE-2024-30047, CVE-2024-30048)
• Microsoft Bing Search (CVE-2024-30041)

Unknown Vulnerability Type (2)

• Chromium (CVE-2024-3832, CVE-2024-3833)

MS PT Extended: CVE-2024-3833 was published before May 2024 Patch Tuesday from 2024-04-10 to 2024-05-13

MS PT Extended: CVE-2024-3832 was published before May 2024 Patch Tuesday from 2024-04-10 to 2024-05-13