Report Name: Microsoft Patch Tuesday, May 2024Generated: 2024-06-13 02:16:48
Product Name | Prevalence | U | C | H | M | L | A | Comment |
---|---|---|---|---|---|---|---|---|
Windows Kernel | 0.9 | 1 | 1 | Windows Kernel | ||||
Windows Win32k | 0.9 | 3 | 3 | The Win32k.sys driver is the kernel side of some core parts of the Windows subsystem. Its main functionality is the GUI of Windows; it's responsible for window management. | ||||
Chromium | 0.8 | 24 | 2 | 26 | Chromium is a free and open-source web browser project, mainly developed and maintained by Google | |||
Microsoft Edge | 0.8 | 3 | 3 | Web browser | ||||
Microsoft Windows SCSI Class System File | 0.8 | 1 | 1 | Windows component | ||||
Windows CNG Key Isolation Service | 0.8 | 1 | 1 | Windows component | ||||
Windows Cloud Files Mini Filter Driver | 0.8 | 1 | 1 | Windows component | ||||
Windows Common Log File System Driver | 0.8 | 3 | 3 | Common Log File System is a general-purpose logging subsystem that is accessible to both kernel-mode as well as user-mode applications for building high-performance transaction logs | ||||
Windows Cryptographic Services | 0.8 | 1 | 1 | 2 | Windows component | |||
Windows DWM Core Library | 0.8 | 1 | 3 | 4 | Windows component | |||
Windows Deployment Services | 0.8 | 1 | 1 | Windows component | ||||
Windows MSHTML Platform | 0.8 | 1 | 1 | Windows component | ||||
Windows Mark of the Web | 0.8 | 1 | 1 | Windows component | ||||
Windows Mobile Broadband Driver | 0.8 | 11 | 11 | Windows component | ||||
Windows NTFS | 0.8 | 1 | 1 | The default file system of the Windows NT family | ||||
Windows Remote Access Connection Manager | 0.8 | 1 | 1 | Windows component | ||||
Windows Routing and Remote Access Service (RRAS) | 0.8 | 7 | 7 | Windows component | ||||
Windows Search Service | 0.8 | 1 | 1 | Windows component | ||||
Windows Win32 Kernel Subsystem | 0.8 | 1 | 1 | Windows component | ||||
.NET and Visual Studio | 0.7 | 1 | 1 | .NET and Visual Studio | ||||
Microsoft Excel | 0.6 | 1 | 1 | MS Office product | ||||
Windows Hyper-V | 0.6 | 3 | 3 | Hardware virtualization component of the client editions of Windows NT | ||||
Azure Migrate | 0.5 | 1 | 1 | Azure Migrate | ||||
DHCP Server Service | 0.5 | 1 | 1 | DHCP Server Service | ||||
Dynamics 365 Customer Insights | 0.5 | 2 | 2 | Dynamics 365 Customer Insights | ||||
Microsoft Brokering File System | 0.5 | 1 | 1 | Microsoft Brokering File System | ||||
Microsoft Edge for Android (Chromium-based) | 0.5 | 1 | 1 | Microsoft Edge for Android (Chromium-based) | ||||
Microsoft Intune for Android Mobile Application Management | 0.5 | 1 | 1 | Microsoft Intune for Android Mobile Application Management | ||||
Microsoft PLUGScheduler Scheduled Task | 0.5 | 1 | 1 | Microsoft PLUGScheduler Scheduled Task | ||||
Microsoft Power BI Client JavaScript SDK | 0.5 | 1 | 1 | Microsoft Power BI Client JavaScript SDK | ||||
Microsoft SharePoint Server | 0.5 | 2 | 2 | Microsoft SharePoint Server | ||||
Microsoft WDAC OLE DB provider for SQL Server | 0.5 | 1 | 1 | Microsoft WDAC OLE DB provider for SQL Server | ||||
Git | 0.4 | 2 | 2 | Git | ||||
Visual Studio | 0.3 | 1 | 1 | Integrated development environment | ||||
Microsoft Bing Search | 0.2 | 1 | 1 | Microsoft Bing Search |
Vulnerability Type | Criticality | U | C | H | M | L | A |
---|---|---|---|---|---|---|---|
Remote Code Execution | 1.0 | 8 | 21 | 29 | |||
Security Feature Bypass | 0.9 | 1 | 1 | 6 | 8 | ||
Elevation of Privilege | 0.85 | 1 | 16 | 17 | |||
Information Disclosure | 0.83 | 9 | 9 | ||||
Cross Site Scripting | 0.8 | 1 | 1 | ||||
Denial of Service | 0.7 | 3 | 3 | ||||
Memory Corruption | 0.5 | 14 | 14 | ||||
Spoofing | 0.4 | 6 | 1 | 7 | |||
Tampering | 0.3 | 1 | 1 | ||||
Unknown Vulnerability Type | 0 | 2 | 2 |
Source | U | C | H | M | L | A |
---|---|---|---|---|---|---|
MS PT Extended | 27 | 2 | 29 | |||
Qualys | 1 | 1 | 1 | 8 | 11 | |
Tenable | 1 | 1 | 7 | 9 | ||
Rapid7 | 1 | 1 | 6 | 8 | ||
ZDI | 1 | 1 | 2 | 4 |
1. Security Feature Bypass - Windows MSHTML Platform (CVE-2024-30040) - Urgent [832]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
1.0 | 18 | Exploitation in the wild is mentioned on Vulners (AttackerKB object, cisa_kev object), AttackerKB, Microsoft, NVD:CISAKEV websites | |
0.6 | 17 | The exploit's existence is mentioned in Microsoft CVSS Temporal Metrics (Functional Exploit) | |
0.9 | 15 | Security Feature Bypass | |
0.8 | 14 | Windows component | |
0.9 | 10 | CVSS Base Score is 8.8. According to Microsoft data source | |
0.8 | 10 | EPSS Probability is 0.00941, EPSS Percentile is 0.83084 |
Qualys: CVE-2024-30040: Windows MSHTML Platform Security Feature Bypass Vulnerability Windows MSHTML is a browser engine that renders web pages frequently connected to Internet Explorer. Even though the Internet Explorer (IE) 11 desktop application has reached the end of support, MSHTML vulnerabilities are still relevant today and are being patched by Microsoft. The vulnerability can bypass OLE mitigations in Microsoft 365 and Microsoft Office, which protect users from vulnerable COM/OLE controls. An unauthenticated attacker may exploit this vulnerability to execute code by convincing a user to open a malicious document.
Tenable: Microsoft’s May 2024 Patch Tuesday Addresses 59 CVEs (CVE-2024-30051, CVE-2024-30040)
Tenable: CVE-2024-30040 | Windows MSHTML Platform Security Feature Bypass Vulnerability
Tenable: CVE-2024-30040 is a security feature bypass vulnerability in the MSHTML (Trident) engine in Microsoft Windows that was exploited in the wild as a zero-day. It was assigned a CVSSv3 score of 8.8 and is rated as important. An attacker could exploit this vulnerability by using social engineering tactics via email, social media or instant messaging to convince a target user to open a specially crafted document. Once exploited, an attacker could execute code on the target system. Discovery of this flaw is unattributed.
Rapid7: The Windows MSHTML platform receives a patch for CVE-2024-30040, a security feature bypass vulnerability for which Microsoft has evidence of exploitation in the wild, and which CISA has also listed on KEV.
Rapid7: As Rapid7 has previously noted, MSHTML (also known as Trident) is still fully present in Windows — and unpatched assets are thus vulnerable to CVE-2024-30040 — regardless of whether or not a Windows asset has Internet Explorer 11 fully disabled.
2. Elevation of Privilege - Windows DWM Core Library (CVE-2024-30051) - Critical [739]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
1.0 | 18 | Exploitation in the wild is mentioned on Vulners (AttackerKB object, cisa_kev object), AttackerKB, Microsoft, NVD:CISAKEV websites | |
0.6 | 17 | The exploit's existence is mentioned in Microsoft CVSS Temporal Metrics (Functional Exploit) | |
0.85 | 15 | Elevation of Privilege | |
0.8 | 14 | Windows component | |
0.8 | 10 | CVSS Base Score is 7.8. According to Microsoft data source | |
0.2 | 10 | EPSS Probability is 0.00048, EPSS Percentile is 0.17473 |
Qualys: CVE-2024-30051: Windows DWM Core Library Elevation of Privilege Vulnerability The Microsoft Windows Desktop Window Manager (DWM) Core Library is a system manager that generates every visible element on a PC or laptop, including visual effects in menus, wallpapers, themes, and more. It has been a part of Microsoft Windows since Windows Vista and is also known as the Desktop Compositing Engine (DCE). On successful exploitation, an attacker could gain SYSTEM privileges.
Tenable: Microsoft’s May 2024 Patch Tuesday Addresses 59 CVEs (CVE-2024-30051, CVE-2024-30040)
Tenable: CVE-2024-30051 | Windows DWM Core Library Elevation of Privilege Vulnerability
Tenable: CVE-2024-30051 is an EoP vulnerability in the DWM Core Library in Microsoft Windows. It was assigned a CVSSv3 score of 7.8 and is rated as important. Microsoft noted that it was exploited in the wild as a zero-day and was publicly disclosed prior to a patch being available. A local attacker with a presence on a vulnerable system could exploit this vulnerability to gain SYSTEM privileges. Discovery of this flaw is credited to several researchers at Google Threat Analysis Group, Google Mandiant and Kaspersky. It is also credited to Quan Jin of DBAPPSecurity WeBin Lab, who disclosed CVE-2023-36033, another zero-day vulnerability in the DWM Core Library exploited in the wild that was patched in November 2023. Researchers at Kaspersky have linked this zero-day vulnerability to QakBot and other malware.
Tenable: In addition to CVE-2024-30051, Microsoft patched two other EoP vulnerabilities in the DWM Core Library (CVE-2024-30032, CVE-2024-30035) and an information disclosure vulnerability (CVE-2024-30008). All three flaws were disclosed to Microsoft by Zhang WangJunJie and He YiSheng of the Hillstone Network Security Research Institute.
Rapid7: The first of today’s zero-day vulnerabilities is CVE-2024-30051, an elevation of privilege (EoP) vulnerability in the Windows Desktop Windows Manager (DWM) Core Library which is listed on the CISA KEV list. Successful exploitation grants SYSTEM privileges. First introduced as part of Windows Vista, DWM is responsible for drawing everything on the display of a Windows system.
Rapid7: Reporters Securelist have linked exploitation of CVE-2024-30051 with deployment of QakBot malware, and the vulnerability while investigating a partial proof-of-concept contained within an unusual file originally submitted to VirusTotal by an unknown party. Securelist further notes that the exploitation method for CVE-2024-30051 is identical to a previous DWM zero-day vulnerability CVE-2023-36033, which Microsoft patched back in November 2023.
ZDI: CVE-2024-30051 – Windows DWM Core Library Elevation of Privilege Vulnerability. This bug allows attackers to escalate the SYSTEM on affected systems. These types of bugs are usually combined with a code execution bug to take over a target and are often used by ransomware. Microsoft credits four different groups for reporting the bug, which indicates the attacks are widespread. They also indicate the vulnerability is publicly known. Don’t wait to test and deploy this update as exploits are likely to increase now that a patch is available to reverse engineer.
3. Security Feature Bypass - Windows Mark of the Web (CVE-2024-30050) - High [475]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0.6 | 17 | The exploit's existence is mentioned in Microsoft CVSS Temporal Metrics (Functional Exploit) | |
0.9 | 15 | Security Feature Bypass | |
0.8 | 14 | Windows component | |
0.5 | 10 | CVSS Base Score is 5.4. According to Microsoft data source | |
0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
Qualys: Other Microsoft Vulnerability Highlights CVE-2024-29996 and CVE-2024-30025 are elevation of privilege vulnerabilities in the Windows Common Log File System Driver. On successful exploitation, an attacker could gain SYSTEM privileges. CVE-2024-30050 is a security feature bypass vulnerability in Windows Mark of the Web. An attacker might host a file on a server and convince a targeted user to download and open the file to exploit this vulnerability. An attacker may alter the functionality of the Mark of the Web on successful exploitation. CVE-2024-30032 is an elevation of privilege vulnerability in Windows DWM Core Library. On successful exploitation, an attacker could gain SYSTEM privileges. CVE-2024-30034 and CVE-2024-30035 are information disclosure vulnerabilities in the Windows Cloud Files Mini Filter Driver. On successful exploitation, an attacker may disclose certain kernel memory content. CVE-2024-30038 is an elevation of privilege vulnerability in Win32k. Successful exploitation of the vulnerability may allow a local, authenticated attacker to gain elevated local system or administrator privileges. CVE-2024-30049 is an elevation of privilege vulnerability in the Windows Win32 Kernel Subsystem. On successful exploitation, an attacker could gain SYSTEM privileges.
ZDI: CVE-2024-30050 – Windows Mark of the Web Security Feature Bypass Vulnerability. We don’t normally detail Moderate-rated bugs, but this type of security feature bypass is quite in vogue with ransomware gangs right now. They zip their payload to bypass network and host-based defenses, they use a Mark of the Web (MotW) bypass to evade SmartScreen or Protected View in Microsoft Office. While we have no indication this bug is being actively used, we see the technique used often enough to call it out. Bugs like this one show why Moderate-rated bugs shouldn’t be ignored or deprioritized.
4. Remote Code Execution - Windows Routing and Remote Access Service (RRAS) (CVE-2024-30009) - High [419]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
1.0 | 15 | Remote Code Execution | |
0.8 | 14 | Windows component | |
0.9 | 10 | CVSS Base Score is 8.8. According to Microsoft data source | |
0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
5. Remote Code Execution - Windows Cryptographic Services (CVE-2024-30020) - High [407]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
1.0 | 15 | Remote Code Execution | |
0.8 | 14 | Windows component | |
0.8 | 10 | CVSS Base Score is 8.1. According to Microsoft data source | |
0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
6. Remote Code Execution - Windows Routing and Remote Access Service (RRAS) (CVE-2024-30014) - High [407]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
1.0 | 15 | Remote Code Execution | |
0.8 | 14 | Windows component | |
0.8 | 10 | CVSS Base Score is 7.5. According to Microsoft data source | |
0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
7. Remote Code Execution - Windows Routing and Remote Access Service (RRAS) (CVE-2024-30015) - High [407]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
1.0 | 15 | Remote Code Execution | |
0.8 | 14 | Windows component | |
0.8 | 10 | CVSS Base Score is 7.5. According to Microsoft data source | |
0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
8. Remote Code Execution - Windows Routing and Remote Access Service (RRAS) (CVE-2024-30022) - High [407]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
1.0 | 15 | Remote Code Execution | |
0.8 | 14 | Windows component | |
0.8 | 10 | CVSS Base Score is 7.5. According to Microsoft data source | |
0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
9. Remote Code Execution - Windows Routing and Remote Access Service (RRAS) (CVE-2024-30023) - High [407]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
1.0 | 15 | Remote Code Execution | |
0.8 | 14 | Windows component | |
0.8 | 10 | CVSS Base Score is 7.5. According to Microsoft data source | |
0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
10. Remote Code Execution - Windows Routing and Remote Access Service (RRAS) (CVE-2024-30024) - High [407]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
1.0 | 15 | Remote Code Execution | |
0.8 | 14 | Windows component | |
0.8 | 10 | CVSS Base Score is 7.5. According to Microsoft data source | |
0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
11. Remote Code Execution - Windows Routing and Remote Access Service (RRAS) (CVE-2024-30029) - High [407]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
1.0 | 15 | Remote Code Execution | |
0.8 | 14 | Windows component | |
0.8 | 10 | CVSS Base Score is 7.5. According to Microsoft data source | |
0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
12. Elevation of Privilege - Windows Kernel (CVE-2024-30018) - Medium [397]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
0.85 | 15 | Elevation of Privilege | |
0.9 | 14 | Windows Kernel | |
0.8 | 10 | CVSS Base Score is 7.8. According to Microsoft data source | |
0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
13. Elevation of Privilege - Windows Win32k (CVE-2024-30028) - Medium [397]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
0.85 | 15 | Elevation of Privilege | |
0.9 | 14 | The Win32k.sys driver is the kernel side of some core parts of the Windows subsystem. Its main functionality is the GUI of Windows; it's responsible for window management. | |
0.8 | 10 | CVSS Base Score is 7.8. According to Microsoft data source | |
0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
14. Elevation of Privilege - Windows Win32k (CVE-2024-30030) - Medium [397]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
0.85 | 15 | Elevation of Privilege | |
0.9 | 14 | The Win32k.sys driver is the kernel side of some core parts of the Windows subsystem. Its main functionality is the GUI of Windows; it's responsible for window management. | |
0.8 | 10 | CVSS Base Score is 7.8. According to Microsoft data source | |
0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
15. Elevation of Privilege - Windows Win32k (CVE-2024-30038) - Medium [397]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
0.85 | 15 | Elevation of Privilege | |
0.9 | 14 | The Win32k.sys driver is the kernel side of some core parts of the Windows subsystem. Its main functionality is the GUI of Windows; it's responsible for window management. | |
0.8 | 10 | CVSS Base Score is 7.8. According to Microsoft data source | |
0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
Qualys: Other Microsoft Vulnerability Highlights CVE-2024-29996 and CVE-2024-30025 are elevation of privilege vulnerabilities in the Windows Common Log File System Driver. On successful exploitation, an attacker could gain SYSTEM privileges. CVE-2024-30050 is a security feature bypass vulnerability in Windows Mark of the Web. An attacker might host a file on a server and convince a targeted user to download and open the file to exploit this vulnerability. An attacker may alter the functionality of the Mark of the Web on successful exploitation. CVE-2024-30032 is an elevation of privilege vulnerability in Windows DWM Core Library. On successful exploitation, an attacker could gain SYSTEM privileges. CVE-2024-30034 and CVE-2024-30035 are information disclosure vulnerabilities in the Windows Cloud Files Mini Filter Driver. On successful exploitation, an attacker may disclose certain kernel memory content. CVE-2024-30038 is an elevation of privilege vulnerability in Win32k. Successful exploitation of the vulnerability may allow a local, authenticated attacker to gain elevated local system or administrator privileges. CVE-2024-30049 is an elevation of privilege vulnerability in the Windows Win32 Kernel Subsystem. On successful exploitation, an attacker could gain SYSTEM privileges.
16. Information Disclosure - Microsoft Edge for Android (Chromium-based) (CVE-2024-29986) - Medium [395]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0.4 | 17 | The exploit's existence is mentioned in Microsoft CVSS Temporal Metrics (Proof-of-Concept Exploit) | |
0.83 | 15 | Information Disclosure | |
0.5 | 14 | Microsoft Edge for Android (Chromium-based) | |
0.5 | 10 | CVSS Base Score is 5.4. According to Microsoft data source | |
0.2 | 10 | EPSS Probability is 0.00046, EPSS Percentile is 0.16142 |
MS PT Extended: CVE-2024-29986 was published before May 2024 Patch Tuesday from 2024-04-10 to 2024-05-13
17. Remote Code Execution - Windows Mobile Broadband Driver (CVE-2024-29997) - Medium [395]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
1.0 | 15 | Remote Code Execution | |
0.8 | 14 | Windows component | |
0.7 | 10 | CVSS Base Score is 6.8. According to Microsoft data source | |
0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
Rapid7: The Windows Mobile Broadband driver receives patches for no fewer than 11 vulnerabilities; for example, CVE-2024-29997. All 11 vulnerabilities appear very similar based on the advisories. In each case, the relatively low CVSS base score of 6.8 reflects that an attacker must be physically present and insert a malicious USB device into the target host.
18. Remote Code Execution - Windows Mobile Broadband Driver (CVE-2024-29998) - Medium [395]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
1.0 | 15 | Remote Code Execution | |
0.8 | 14 | Windows component | |
0.7 | 10 | CVSS Base Score is 6.8. According to Microsoft data source | |
0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
19. Remote Code Execution - Windows Mobile Broadband Driver (CVE-2024-29999) - Medium [395]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
1.0 | 15 | Remote Code Execution | |
0.8 | 14 | Windows component | |
0.7 | 10 | CVSS Base Score is 6.8. According to Microsoft data source | |
0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
20. Remote Code Execution - Windows Mobile Broadband Driver (CVE-2024-30000) - Medium [395]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
1.0 | 15 | Remote Code Execution | |
0.8 | 14 | Windows component | |
0.7 | 10 | CVSS Base Score is 6.8. According to Microsoft data source | |
0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
21. Remote Code Execution - Windows Mobile Broadband Driver (CVE-2024-30001) - Medium [395]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
1.0 | 15 | Remote Code Execution | |
0.8 | 14 | Windows component | |
0.7 | 10 | CVSS Base Score is 6.8. According to Microsoft data source | |
0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
22. Remote Code Execution - Windows Mobile Broadband Driver (CVE-2024-30002) - Medium [395]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
1.0 | 15 | Remote Code Execution | |
0.8 | 14 | Windows component | |
0.7 | 10 | CVSS Base Score is 6.8. According to Microsoft data source | |
0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
23. Remote Code Execution - Windows Mobile Broadband Driver (CVE-2024-30003) - Medium [395]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
1.0 | 15 | Remote Code Execution | |
0.8 | 14 | Windows component | |
0.7 | 10 | CVSS Base Score is 6.8. According to Microsoft data source | |
0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
24. Remote Code Execution - Windows Mobile Broadband Driver (CVE-2024-30004) - Medium [395]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
1.0 | 15 | Remote Code Execution | |
0.8 | 14 | Windows component | |
0.7 | 10 | CVSS Base Score is 6.8. According to Microsoft data source | |
0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
25. Remote Code Execution - Windows Mobile Broadband Driver (CVE-2024-30005) - Medium [395]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
1.0 | 15 | Remote Code Execution | |
0.8 | 14 | Windows component | |
0.7 | 10 | CVSS Base Score is 6.8. According to Microsoft data source | |
0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
26. Remote Code Execution - Windows Mobile Broadband Driver (CVE-2024-30012) - Medium [395]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
1.0 | 15 | Remote Code Execution | |
0.8 | 14 | Windows component | |
0.7 | 10 | CVSS Base Score is 6.8. According to Microsoft data source | |
0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
27. Remote Code Execution - Windows Mobile Broadband Driver (CVE-2024-30021) - Medium [395]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
1.0 | 15 | Remote Code Execution | |
0.8 | 14 | Windows component | |
0.7 | 10 | CVSS Base Score is 6.8. According to Microsoft data source | |
0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
28. Cross Site Scripting - Azure Migrate (CVE-2024-30053) - Medium [390]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0.4 | 17 | The exploit's existence is mentioned in Microsoft CVSS Temporal Metrics (Proof-of-Concept Exploit) | |
0.8 | 15 | Cross Site Scripting | |
0.5 | 14 | Azure Migrate | |
0.7 | 10 | CVSS Base Score is 6.5. According to Microsoft data source | |
0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
29. Remote Code Execution - .NET and Visual Studio (CVE-2024-30045) - Medium [390]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
1.0 | 15 | Remote Code Execution | |
0.7 | 14 | .NET and Visual Studio | |
0.6 | 10 | CVSS Base Score is 6.3. According to Microsoft data source | |
0.2 | 10 | EPSS Probability is 0.00046, EPSS Percentile is 0.16179 |
30. Remote Code Execution - Windows Hyper-V (CVE-2024-30010) - Medium [385]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
1.0 | 15 | Remote Code Execution | |
0.6 | 14 | Hardware virtualization component of the client editions of Windows NT | |
0.9 | 10 | CVSS Base Score is 8.8. According to Microsoft data source | |
0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
31. Remote Code Execution - Windows Hyper-V (CVE-2024-30017) - Medium [385]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
1.0 | 15 | Remote Code Execution | |
0.6 | 14 | Hardware virtualization component of the client editions of Windows NT | |
0.9 | 10 | CVSS Base Score is 8.8. According to Microsoft data source | |
0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
32. Elevation of Privilege - Microsoft Windows SCSI Class System File (CVE-2024-29994) - Medium [380]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
0.85 | 15 | Elevation of Privilege | |
0.8 | 14 | Windows component | |
0.8 | 10 | CVSS Base Score is 7.8. According to Microsoft data source | |
0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
33. Elevation of Privilege - Windows CNG Key Isolation Service (CVE-2024-30031) - Medium [380]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
0.85 | 15 | Elevation of Privilege | |
0.8 | 14 | Windows component | |
0.8 | 10 | CVSS Base Score is 7.8. According to Microsoft data source | |
0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
34. Elevation of Privilege - Windows Common Log File System Driver (CVE-2024-29996) - Medium [380]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
0.85 | 15 | Elevation of Privilege | |
0.8 | 14 | Common Log File System is a general-purpose logging subsystem that is accessible to both kernel-mode as well as user-mode applications for building high-performance transaction logs | |
0.8 | 10 | CVSS Base Score is 7.8. According to Microsoft data source | |
0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
Qualys: Other Microsoft Vulnerability Highlights CVE-2024-29996 and CVE-2024-30025 are elevation of privilege vulnerabilities in the Windows Common Log File System Driver. On successful exploitation, an attacker could gain SYSTEM privileges. CVE-2024-30050 is a security feature bypass vulnerability in Windows Mark of the Web. An attacker might host a file on a server and convince a targeted user to download and open the file to exploit this vulnerability. An attacker may alter the functionality of the Mark of the Web on successful exploitation. CVE-2024-30032 is an elevation of privilege vulnerability in Windows DWM Core Library. On successful exploitation, an attacker could gain SYSTEM privileges. CVE-2024-30034 and CVE-2024-30035 are information disclosure vulnerabilities in the Windows Cloud Files Mini Filter Driver. On successful exploitation, an attacker may disclose certain kernel memory content. CVE-2024-30038 is an elevation of privilege vulnerability in Win32k. Successful exploitation of the vulnerability may allow a local, authenticated attacker to gain elevated local system or administrator privileges. CVE-2024-30049 is an elevation of privilege vulnerability in the Windows Win32 Kernel Subsystem. On successful exploitation, an attacker could gain SYSTEM privileges.
35. Elevation of Privilege - Windows Common Log File System Driver (CVE-2024-30025) - Medium [380]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
0.85 | 15 | Elevation of Privilege | |
0.8 | 14 | Common Log File System is a general-purpose logging subsystem that is accessible to both kernel-mode as well as user-mode applications for building high-performance transaction logs | |
0.8 | 10 | CVSS Base Score is 7.8. According to Microsoft data source | |
0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
Qualys: Other Microsoft Vulnerability Highlights CVE-2024-29996 and CVE-2024-30025 are elevation of privilege vulnerabilities in the Windows Common Log File System Driver. On successful exploitation, an attacker could gain SYSTEM privileges. CVE-2024-30050 is a security feature bypass vulnerability in Windows Mark of the Web. An attacker might host a file on a server and convince a targeted user to download and open the file to exploit this vulnerability. An attacker may alter the functionality of the Mark of the Web on successful exploitation. CVE-2024-30032 is an elevation of privilege vulnerability in Windows DWM Core Library. On successful exploitation, an attacker could gain SYSTEM privileges. CVE-2024-30034 and CVE-2024-30035 are information disclosure vulnerabilities in the Windows Cloud Files Mini Filter Driver. On successful exploitation, an attacker may disclose certain kernel memory content. CVE-2024-30038 is an elevation of privilege vulnerability in Win32k. Successful exploitation of the vulnerability may allow a local, authenticated attacker to gain elevated local system or administrator privileges. CVE-2024-30049 is an elevation of privilege vulnerability in the Windows Win32 Kernel Subsystem. On successful exploitation, an attacker could gain SYSTEM privileges.
36. Elevation of Privilege - Windows Common Log File System Driver (CVE-2024-30037) - Medium [380]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
0.85 | 15 | Elevation of Privilege | |
0.8 | 14 | Common Log File System is a general-purpose logging subsystem that is accessible to both kernel-mode as well as user-mode applications for building high-performance transaction logs | |
0.8 | 10 | CVSS Base Score is 7.5. According to Microsoft data source | |
0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
37. Elevation of Privilege - Windows DWM Core Library (CVE-2024-30032) - Medium [380]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
0.85 | 15 | Elevation of Privilege | |
0.8 | 14 | Windows component | |
0.8 | 10 | CVSS Base Score is 7.8. According to Microsoft data source | |
0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
Qualys: Other Microsoft Vulnerability Highlights CVE-2024-29996 and CVE-2024-30025 are elevation of privilege vulnerabilities in the Windows Common Log File System Driver. On successful exploitation, an attacker could gain SYSTEM privileges. CVE-2024-30050 is a security feature bypass vulnerability in Windows Mark of the Web. An attacker might host a file on a server and convince a targeted user to download and open the file to exploit this vulnerability. An attacker may alter the functionality of the Mark of the Web on successful exploitation. CVE-2024-30032 is an elevation of privilege vulnerability in Windows DWM Core Library. On successful exploitation, an attacker could gain SYSTEM privileges. CVE-2024-30034 and CVE-2024-30035 are information disclosure vulnerabilities in the Windows Cloud Files Mini Filter Driver. On successful exploitation, an attacker may disclose certain kernel memory content. CVE-2024-30038 is an elevation of privilege vulnerability in Win32k. Successful exploitation of the vulnerability may allow a local, authenticated attacker to gain elevated local system or administrator privileges. CVE-2024-30049 is an elevation of privilege vulnerability in the Windows Win32 Kernel Subsystem. On successful exploitation, an attacker could gain SYSTEM privileges.
Tenable: In addition to CVE-2024-30051, Microsoft patched two other EoP vulnerabilities in the DWM Core Library (CVE-2024-30032, CVE-2024-30035) and an information disclosure vulnerability (CVE-2024-30008). All three flaws were disclosed to Microsoft by Zhang WangJunJie and He YiSheng of the Hillstone Network Security Research Institute.
38. Elevation of Privilege - Windows DWM Core Library (CVE-2024-30035) - Medium [380]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
0.85 | 15 | Elevation of Privilege | |
0.8 | 14 | Windows component | |
0.8 | 10 | CVSS Base Score is 7.8. According to Microsoft data source | |
0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
Qualys: Other Microsoft Vulnerability Highlights CVE-2024-29996 and CVE-2024-30025 are elevation of privilege vulnerabilities in the Windows Common Log File System Driver. On successful exploitation, an attacker could gain SYSTEM privileges. CVE-2024-30050 is a security feature bypass vulnerability in Windows Mark of the Web. An attacker might host a file on a server and convince a targeted user to download and open the file to exploit this vulnerability. An attacker may alter the functionality of the Mark of the Web on successful exploitation. CVE-2024-30032 is an elevation of privilege vulnerability in Windows DWM Core Library. On successful exploitation, an attacker could gain SYSTEM privileges. CVE-2024-30034 and CVE-2024-30035 are information disclosure vulnerabilities in the Windows Cloud Files Mini Filter Driver. On successful exploitation, an attacker may disclose certain kernel memory content. CVE-2024-30038 is an elevation of privilege vulnerability in Win32k. Successful exploitation of the vulnerability may allow a local, authenticated attacker to gain elevated local system or administrator privileges. CVE-2024-30049 is an elevation of privilege vulnerability in the Windows Win32 Kernel Subsystem. On successful exploitation, an attacker could gain SYSTEM privileges.
Tenable: In addition to CVE-2024-30051, Microsoft patched two other EoP vulnerabilities in the DWM Core Library (CVE-2024-30032, CVE-2024-30035) and an information disclosure vulnerability (CVE-2024-30008). All three flaws were disclosed to Microsoft by Zhang WangJunJie and He YiSheng of the Hillstone Network Security Research Institute.
39. Elevation of Privilege - Windows NTFS (CVE-2024-30027) - Medium [380]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
0.85 | 15 | Elevation of Privilege | |
0.8 | 14 | The default file system of the Windows NT family | |
0.8 | 10 | CVSS Base Score is 7.8. According to Microsoft data source | |
0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
40. Elevation of Privilege - Windows Win32 Kernel Subsystem (CVE-2024-30049) - Medium [380]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
0.85 | 15 | Elevation of Privilege | |
0.8 | 14 | Windows component | |
0.8 | 10 | CVSS Base Score is 7.8. According to Microsoft data source | |
0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
Qualys: Other Microsoft Vulnerability Highlights CVE-2024-29996 and CVE-2024-30025 are elevation of privilege vulnerabilities in the Windows Common Log File System Driver. On successful exploitation, an attacker could gain SYSTEM privileges. CVE-2024-30050 is a security feature bypass vulnerability in Windows Mark of the Web. An attacker might host a file on a server and convince a targeted user to download and open the file to exploit this vulnerability. An attacker may alter the functionality of the Mark of the Web on successful exploitation. CVE-2024-30032 is an elevation of privilege vulnerability in Windows DWM Core Library. On successful exploitation, an attacker could gain SYSTEM privileges. CVE-2024-30034 and CVE-2024-30035 are information disclosure vulnerabilities in the Windows Cloud Files Mini Filter Driver. On successful exploitation, an attacker may disclose certain kernel memory content. CVE-2024-30038 is an elevation of privilege vulnerability in Win32k. Successful exploitation of the vulnerability may allow a local, authenticated attacker to gain elevated local system or administrator privileges. CVE-2024-30049 is an elevation of privilege vulnerability in the Windows Win32 Kernel Subsystem. On successful exploitation, an attacker could gain SYSTEM privileges.
41. Memory Corruption - Chromium (CVE-2024-3834) - Medium [377]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
0.5 | 15 | Memory Corruption | |
0.8 | 14 | Chromium is a free and open-source web browser project, mainly developed and maintained by Google | |
0.9 | 10 | CVSS Base Score is 8.8. According to NVD data source | |
0.4 | 10 | EPSS Probability is 0.00096, EPSS Percentile is 0.40206 |
MS PT Extended: CVE-2024-3834 was published before May 2024 Patch Tuesday from 2024-04-10 to 2024-05-13
42. Memory Corruption - Chromium (CVE-2024-3837) - Medium [377]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
0.5 | 15 | Memory Corruption | |
0.8 | 14 | Chromium is a free and open-source web browser project, mainly developed and maintained by Google | |
0.9 | 10 | CVSS Base Score is 8.8. According to NVD data source | |
0.4 | 10 | EPSS Probability is 0.00096, EPSS Percentile is 0.40206 |
MS PT Extended: CVE-2024-3837 was published before May 2024 Patch Tuesday from 2024-04-10 to 2024-05-13
43. Security Feature Bypass - Microsoft Edge (CVE-2024-29991) - Medium [377]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
0.9 | 15 | Security Feature Bypass | |
0.8 | 14 | Web browser | |
0.5 | 10 | CVSS Base Score is 5.0. According to Microsoft data source | |
0.2 | 10 | EPSS Probability is 0.00056, EPSS Percentile is 0.22692 |
MS PT Extended: CVE-2024-29991 was published before May 2024 Patch Tuesday from 2024-04-10 to 2024-05-13
44. Information Disclosure - Microsoft Edge (CVE-2024-29987) - Medium [376]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
0.83 | 15 | Information Disclosure | |
0.8 | 14 | Web browser | |
0.7 | 10 | CVSS Base Score is 6.5. According to Microsoft data source | |
0.1 | 10 | EPSS Probability is 0.00043, EPSS Percentile is 0.08448 |
MS PT Extended: CVE-2024-29987 was published before May 2024 Patch Tuesday from 2024-04-10 to 2024-05-13
45. Remote Code Execution - Microsoft Excel (CVE-2024-30042) - Medium [373]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
1.0 | 15 | Remote Code Execution | |
0.6 | 14 | MS Office product | |
0.8 | 10 | CVSS Base Score is 7.8. According to Microsoft data source | |
0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
Rapid7: Microsoft Excel receives a patch for CVE-2024-30042. Successful exploitation requires that an attacker convince the user to open a malicious file, which leads to code execution, presumably in the context of the user.
46. Tampering - Microsoft Intune for Android Mobile Application Management (CVE-2024-30059) - Medium [370]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0.8 | 17 | The exploit's existence is mentioned in Microsoft CVSS Temporal Metrics (Autonomous Exploit) | |
0.3 | 15 | Tampering | |
0.5 | 14 | Microsoft Intune for Android Mobile Application Management | |
0.6 | 10 | CVSS Base Score is 6.1. According to Microsoft data source | |
0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
47. Remote Code Execution - Microsoft SharePoint Server (CVE-2024-30044) - Medium [369]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
1.0 | 15 | Remote Code Execution | |
0.5 | 14 | Microsoft SharePoint Server | |
0.9 | 10 | CVSS Base Score is 8.8. According to Microsoft data source | |
0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
Qualys: CVE-2024-30044: Microsoft SharePoint Server Remote Code Execution Vulnerability Microsoft SharePoint is a web-based platform that allows organizations to create websites for storing, organizing, sharing, and accessing information. SharePoint is available in Microsoft 365 and can be used on PCs, Macs, and mobile devices. An authenticated attacker with Site Owner permissions or higher could upload a specially crafted file to the targeted SharePoint Server and craft specialized API requests to trigger the deserialization of the file’s parameters. Successful exploitation of the vulnerability may allow an attacker to perform remote code execution in the context of the SharePoint Server.
Tenable: CVE-2024-30044 | Microsoft SharePoint Server Remote Code Execution Vulnerability
Tenable: CVE-2024-30044 is a RCE vulnerability in Microsoft SharePoint Server. It was assigned a CVSSv3 score of 8.8 and is rated critical. This vulnerability is rated as “Exploitation More Likely.” However, exploitation of this flaw requires an attacker authenticated to a vulnerable SharePoint Server with Site Owner permissions to perform two steps: 1.) the attacker must upload a specially crafted file to the vulnerable SharePoint Server and 2.) send specially crafted API requests to the SharePoint Server in order to “trigger deserialization of file’s parameters.” Successful exploitation would result in remote code execution “in the context of the SharePoint Server.”
Rapid7: SharePoint admins are no strangers to patches for critical RCE vulnerabilities. CVE-2024-30044 allows an authenticated attacker with Site Owner permissions or higher to achieve code execution in the context of SharePoint Server via upload of a specially crafted file, followed by specific API calls to trigger deserialization of the file’s parameters.
Rapid7: Microsoft considers exploitation of CVE-2024-30044 more likely, and the low attack complexity and network attack contribute to a relatively high CVSS 3.1 base score of 8.8. The advisory also lists the privileges required vector component as low, which is debatable given the Site Owner authentication requirement for exploitation.
48. Remote Code Execution - Microsoft WDAC OLE DB provider for SQL Server (CVE-2024-30006) - Medium [369]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
1.0 | 15 | Remote Code Execution | |
0.5 | 14 | Microsoft WDAC OLE DB provider for SQL Server | |
0.9 | 10 | CVSS Base Score is 8.8. According to Microsoft data source | |
0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
49. Elevation of Privilege - Windows Search Service (CVE-2024-30033) - Medium [368]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
0.85 | 15 | Elevation of Privilege | |
0.8 | 14 | Windows component | |
0.7 | 10 | CVSS Base Score is 7.0. According to Microsoft data source | |
0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
ZDI: CVE-2024-30033 – Windows Search Service Elevation of Privilege Vulnerability. This is another bug reported through the ZDI program and has a similar impact to the bug currently being exploited, although it manifests through a different mechanism. This is a link following bug in the Windows Search service. By creating a pseudo-symlink, an attacker could redirect a delete call to delete a different file or folder as SYSTEM. We discussed how this could be used to elevate privileges here. The delete happens when restarting the service. A low-privileged user can't restart the service directly. However, this could easily be combined with a bug that allows a low-privileged user to terminate any process by PID. After failure, the service will restart automatically, successfully triggering this vulnerability.
50. Information Disclosure - Windows Deployment Services (CVE-2024-30036) - Medium [364]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
0.83 | 15 | Information Disclosure | |
0.8 | 14 | Windows component | |
0.7 | 10 | CVSS Base Score is 6.5. According to Microsoft data source | |
0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
51. Memory Corruption - Chromium (CVE-2024-3839) - Medium [353]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
0.5 | 15 | Memory Corruption | |
0.8 | 14 | Chromium is a free and open-source web browser project, mainly developed and maintained by Google | |
0.7 | 10 | CVSS Base Score is 6.5. According to NVD data source | |
0.4 | 10 | EPSS Probability is 0.0009, EPSS Percentile is 0.38043 |
MS PT Extended: CVE-2024-3839 was published before May 2024 Patch Tuesday from 2024-04-10 to 2024-05-13
52. Information Disclosure - Windows Cloud Files Mini Filter Driver (CVE-2024-30034) - Medium [352]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
0.83 | 15 | Information Disclosure | |
0.8 | 14 | Windows component | |
0.6 | 10 | CVSS Base Score is 5.5. According to Microsoft data source | |
0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
Qualys: Other Microsoft Vulnerability Highlights CVE-2024-29996 and CVE-2024-30025 are elevation of privilege vulnerabilities in the Windows Common Log File System Driver. On successful exploitation, an attacker could gain SYSTEM privileges. CVE-2024-30050 is a security feature bypass vulnerability in Windows Mark of the Web. An attacker might host a file on a server and convince a targeted user to download and open the file to exploit this vulnerability. An attacker may alter the functionality of the Mark of the Web on successful exploitation. CVE-2024-30032 is an elevation of privilege vulnerability in Windows DWM Core Library. On successful exploitation, an attacker could gain SYSTEM privileges. CVE-2024-30034 and CVE-2024-30035 are information disclosure vulnerabilities in the Windows Cloud Files Mini Filter Driver. On successful exploitation, an attacker may disclose certain kernel memory content. CVE-2024-30038 is an elevation of privilege vulnerability in Win32k. Successful exploitation of the vulnerability may allow a local, authenticated attacker to gain elevated local system or administrator privileges. CVE-2024-30049 is an elevation of privilege vulnerability in the Windows Win32 Kernel Subsystem. On successful exploitation, an attacker could gain SYSTEM privileges.
53. Information Disclosure - Windows Cryptographic Services (CVE-2024-30016) - Medium [352]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
0.83 | 15 | Information Disclosure | |
0.8 | 14 | Windows component | |
0.6 | 10 | CVSS Base Score is 5.5. According to Microsoft data source | |
0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
54. Information Disclosure - Windows DWM Core Library (CVE-2024-30008) - Medium [352]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
0.83 | 15 | Information Disclosure | |
0.8 | 14 | Windows component | |
0.6 | 10 | CVSS Base Score is 5.5. According to Microsoft data source | |
0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
Tenable: In addition to CVE-2024-30051, Microsoft patched two other EoP vulnerabilities in the DWM Core Library (CVE-2024-30032, CVE-2024-30035) and an information disclosure vulnerability (CVE-2024-30008). All three flaws were disclosed to Microsoft by Zhang WangJunJie and He YiSheng of the Hillstone Network Security Research Institute.
55. Information Disclosure - Windows Remote Access Connection Manager (CVE-2024-30039) - Medium [352]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
0.83 | 15 | Information Disclosure | |
0.8 | 14 | Windows component | |
0.6 | 10 | CVSS Base Score is 5.5. According to Microsoft data source | |
0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
56. Remote Code Execution - Git (CVE-2024-32002) - Medium [352]
Description: {'ms_cve_data_all': 'CVE-2024-32002 Recursive clones on case-insensitive filesystems that support symlinks are susceptible to Remote Code Execution', 'nvd_cve_data_all': 'Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, repositories with submodules can be crafted in a way that exploits a bug in Git whereby it can be fooled into writing files not into the submodule's worktree but into a `.git/` directory. This allows writing a hook that will be executed while the clone operation is still running, giving the user no opportunity to inspect the code that is being executed. The problem has been patched in versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4. If symbolic link support is disabled in Git (e.g. via `git config --global core.symlinks false`), the described attack won't work. As always, it is best to avoid cloning repositories from untrusted sources.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': '', 'combined_cve_data_all': ''}
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
1.0 | 15 | Remote Code Execution | |
0.4 | 14 | Git | |
0.9 | 10 | CVSS Base Score is 9.0. According to Microsoft data source | |
0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
Tenable: Microsoft patched 59 CVEs in its May 2024 Patch Tuesday release, with one rated critical, 57 rated as important and 1 rated as moderate. Two CVEs were excluded from our count (CVE-2024-32002, CVE-2024-32004) as they are GitHub assigned CVEs and not issued by Microsoft.
Rapid7: Back in 2021, Microsoft started publishing the Assigning CNA (CVE Numbering Authority) field on advisories. A welcome trend of publishing advisories for third-party software included in Microsoft products continues this month with two vulnerabilities in MinGit patched as part of the May 2024 Windows security updates. MinGit is published by GitHub and consumed by Visual Studio. CVE-2024-32002 describes a RCE vulnerability on case-insensitive filesystems that support symlinks — macOS APFS comes to mind — and CVE-2024-32004 describes RCE while cloning specially-crafted local repositories.
57. Elevation of Privilege - Microsoft Brokering File System (CVE-2024-30007) - Medium [342]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
0.85 | 15 | Elevation of Privilege | |
0.5 | 14 | Microsoft Brokering File System | |
0.9 | 10 | CVSS Base Score is 8.8. According to Microsoft data source | |
0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
58. Remote Code Execution - Git (CVE-2024-32004) - Medium [340]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
1.0 | 15 | Remote Code Execution | |
0.4 | 14 | Git | |
0.8 | 10 | CVSS Base Score is 8.1. According to Microsoft data source | |
0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
Tenable: Microsoft patched 59 CVEs in its May 2024 Patch Tuesday release, with one rated critical, 57 rated as important and 1 rated as moderate. Two CVEs were excluded from our count (CVE-2024-32002, CVE-2024-32004) as they are GitHub assigned CVEs and not issued by Microsoft.
Rapid7: Back in 2021, Microsoft started publishing the Assigning CNA (CVE Numbering Authority) field on advisories. A welcome trend of publishing advisories for third-party software included in Microsoft products continues this month with two vulnerabilities in MinGit patched as part of the May 2024 Windows security updates. MinGit is published by GitHub and consumed by Visual Studio. CVE-2024-32002 describes a RCE vulnerability on case-insensitive filesystems that support symlinks — macOS APFS comes to mind — and CVE-2024-32004 describes RCE while cloning specially-crafted local repositories.
59. Elevation of Privilege - Microsoft PLUGScheduler Scheduled Task (CVE-2024-26238) - Medium [330]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
0.85 | 15 | Elevation of Privilege | |
0.5 | 14 | Microsoft PLUGScheduler Scheduled Task | |
0.8 | 10 | CVSS Base Score is 7.8. According to Microsoft data source | |
0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
60. Memory Corruption - Chromium (CVE-2024-4671) - Medium [329]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
0.5 | 15 | Memory Corruption | |
0.8 | 14 | Chromium is a free and open-source web browser project, mainly developed and maintained by Google | |
0.0 | 10 | CVSS Base Score is NA. No data. | |
0.9 | 10 | EPSS Probability is 0.01972, EPSS Percentile is 0.88704 |
MS PT Extended: CVE-2024-4671 was published before May 2024 Patch Tuesday from 2024-04-10 to 2024-05-13
61. Remote Code Execution - Chromium (CVE-2024-3157) - Medium [323]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
1.0 | 15 | Remote Code Execution | |
0.8 | 14 | Chromium is a free and open-source web browser project, mainly developed and maintained by Google | |
0.0 | 10 | CVSS Base Score is NA. No data. | |
0.1 | 10 | EPSS Probability is 0.00045, EPSS Percentile is 0.14589 |
MS PT Extended: CVE-2024-3157 was published before May 2024 Patch Tuesday from 2024-04-10 to 2024-05-13
62. Remote Code Execution - Chromium (CVE-2024-4761) - Medium [323]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
1.0 | 15 | Remote Code Execution | |
0.8 | 14 | Chromium is a free and open-source web browser project, mainly developed and maintained by Google | |
0.0 | 10 | CVSS Base Score is NA. No data. | |
0.1 | 10 | EPSS Probability is 0.00043, EPSS Percentile is 0.08448 |
63. Information Disclosure - Microsoft Power BI Client JavaScript SDK (CVE-2024-30054) - Medium [314]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
0.83 | 15 | Information Disclosure | |
0.5 | 14 | Microsoft Power BI Client JavaScript SDK | |
0.7 | 10 | CVSS Base Score is 6.5. According to Microsoft data source | |
0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
64. Information Disclosure - Microsoft SharePoint Server (CVE-2024-30043) - Medium [314]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
0.83 | 15 | Information Disclosure | |
0.5 | 14 | Microsoft SharePoint Server | |
0.7 | 10 | CVSS Base Score is 6.5. According to Microsoft data source | |
0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
ZDI: CVE-2024-30043 – Microsoft SharePoint Server Information Disclosure Vulnerability. This vulnerability was reported to Microsoft by ZDI researcher Piotr Bazydło and represents an XML external entity injection (XXE) vulnerability in Microsoft SharePoint Server 2019. An authenticated attacker could use this bug to read local files with SharePoint Farm service account user privileges. They could also perform an HTTP-based server-side request forgery (SSRF), and – most importantly – perform NLTM relaying as the SharePoint Farm service account. Bugs like this show why info disclosure vulnerabilities shouldn’t be ignored or deprioritized.
65. Denial of Service - Windows Hyper-V (CVE-2024-30011) - Medium [308]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
0.7 | 15 | Denial of Service | |
0.6 | 14 | Hardware virtualization component of the client editions of Windows NT | |
0.7 | 10 | CVSS Base Score is 6.5. According to Microsoft data source | |
0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
66. Security Feature Bypass - Chromium (CVE-2024-3840) - Medium [305]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
0.9 | 15 | Security Feature Bypass | |
0.8 | 14 | Chromium is a free and open-source web browser project, mainly developed and maintained by Google | |
0.0 | 10 | CVSS Base Score is NA. No data. | |
0.1 | 10 | EPSS Probability is 0.00044, EPSS Percentile is 0.1238 |
MS PT Extended: CVE-2024-3840 was published before May 2024 Patch Tuesday from 2024-04-10 to 2024-05-13
67. Security Feature Bypass - Chromium (CVE-2024-3841) - Medium [305]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
0.9 | 15 | Security Feature Bypass | |
0.8 | 14 | Chromium is a free and open-source web browser project, mainly developed and maintained by Google | |
0.0 | 10 | CVSS Base Score is NA. No data. | |
0.1 | 10 | EPSS Probability is 0.00044, EPSS Percentile is 0.1238 |
MS PT Extended: CVE-2024-3841 was published before May 2024 Patch Tuesday from 2024-04-10 to 2024-05-13
68. Security Feature Bypass - Chromium (CVE-2024-3843) - Medium [305]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
0.9 | 15 | Security Feature Bypass | |
0.8 | 14 | Chromium is a free and open-source web browser project, mainly developed and maintained by Google | |
0.0 | 10 | CVSS Base Score is NA. No data. | |
0.1 | 10 | EPSS Probability is 0.00044, EPSS Percentile is 0.1238 |
MS PT Extended: CVE-2024-3843 was published before May 2024 Patch Tuesday from 2024-04-10 to 2024-05-13
69. Security Feature Bypass - Chromium (CVE-2024-3845) - Medium [305]
Description: Inappropriate implementation in Networks in Google Chrome prior to 124.0.6367.60
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
0.9 | 15 | Security Feature Bypass | |
0.8 | 14 | Chromium is a free and open-source web browser project, mainly developed and maintained by Google | |
0.0 | 10 | CVSS Base Score is NA. No data. | |
0.1 | 10 | EPSS Probability is 0.00044, EPSS Percentile is 0.1238 |
MS PT Extended: CVE-2024-3845 was published before May 2024 Patch Tuesday from 2024-04-10 to 2024-05-13
70. Security Feature Bypass - Chromium (CVE-2024-3847) - Medium [305]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
0.9 | 15 | Security Feature Bypass | |
0.8 | 14 | Chromium is a free and open-source web browser project, mainly developed and maintained by Google | |
0.0 | 10 | CVSS Base Score is NA. No data. | |
0.1 | 10 | EPSS Probability is 0.00044, EPSS Percentile is 0.1238 |
MS PT Extended: CVE-2024-3847 was published before May 2024 Patch Tuesday from 2024-04-10 to 2024-05-13
71. Spoofing - Chromium (CVE-2024-3838) - Medium [300]
Description: Inappropriate implementation in Autofill in Google Chrome prior to 124.0.6367.60 allowed an attacker who convinced a user to install a malicious app to perform UI
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
0.4 | 15 | Spoofing | |
0.8 | 14 | Chromium is a free and open-source web browser project, mainly developed and maintained by Google | |
0.6 | 10 | CVSS Base Score is 5.5. According to NVD data source | |
0.2 | 10 | EPSS Probability is 0.00047, EPSS Percentile is 0.16499 |
MS PT Extended: CVE-2024-3838 was published before May 2024 Patch Tuesday from 2024-04-10 to 2024-05-13
72. Denial of Service - DHCP Server Service (CVE-2024-30019) - Medium [291]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
0.7 | 15 | Denial of Service | |
0.5 | 14 | DHCP Server Service | |
0.7 | 10 | CVSS Base Score is 6.5. According to Microsoft data source | |
0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
73. Spoofing - Microsoft Edge (CVE-2024-30055) - Medium [276]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
0.4 | 15 | Spoofing | |
0.8 | 14 | Web browser | |
0.5 | 10 | CVSS Base Score is 5.4. According to Microsoft data source | |
0.1 | 10 | EPSS Probability is 0.00043, EPSS Percentile is 0.08448 |
MS PT Extended: CVE-2024-30055 was published before May 2024 Patch Tuesday from 2024-04-10 to 2024-05-13
74. Denial of Service - Visual Studio (CVE-2024-30046) - Medium [258]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
0.7 | 15 | Denial of Service | |
0.3 | 14 | Integrated development environment | |
0.6 | 10 | CVSS Base Score is 5.9. According to Microsoft data source | |
0.1 | 10 | EPSS Probability is 0.00043, EPSS Percentile is 0.0849 |
Tenable: CVE-2024-30046 | Visual Studio Denial of Service Vulnerability
Tenable: CVE-2024-30046 is a denial of service (DoS) vulnerability affecting multiple versions of Microsoft Visual Studio 2022. It was assigned a CVSSv3 score of 5.9 and is rated important. It is listed as being publicly disclosed prior to a patch being made available. It is rated as “Exploitation Less Likely” according to Microsoft’s Exploitability Index and its Attack Complexity rating is listed as High. This is due to the fact that an attacker would need to “invest time in repeated exploitation attempts” through the sending of “constant or intermittent data” to a targeted system. DoS attacks often require a steady stream of requests in order to overwhelm a target system, so these ratings are expected.
Rapid7: Microsoft describes CVE-2024-30046 as requiring a highly complex attack to win a race condition through “[the investment of] time in repeated exploitation attempts through sending constant or intermittent data”. Since all data sent anywhere is transmitted either constantly or intermittently, and the rest of the advisory is short on detail, the potential impact of exploitation remains unclear.
75. Spoofing - Dynamics 365 Customer Insights (CVE-2024-30047) - Medium [250]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
0.4 | 15 | Spoofing | |
0.5 | 14 | Dynamics 365 Customer Insights | |
0.8 | 10 | CVSS Base Score is 7.6. According to Microsoft data source | |
0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
76. Spoofing - Dynamics 365 Customer Insights (CVE-2024-30048) - Medium [250]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
0.4 | 15 | Spoofing | |
0.5 | 14 | Dynamics 365 Customer Insights | |
0.8 | 10 | CVSS Base Score is 7.6. According to Microsoft data source | |
0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
77. Memory Corruption - Chromium (CVE-2024-3914) - Medium [246]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
0.5 | 15 | Memory Corruption | |
0.8 | 14 | Chromium is a free and open-source web browser project, mainly developed and maintained by Google | |
0.0 | 10 | CVSS Base Score is NA. No data. | |
0.2 | 10 | EPSS Probability is 0.00046, EPSS Percentile is 0.15104 |
MS PT Extended: CVE-2024-3914 was published before May 2024 Patch Tuesday from 2024-04-10 to 2024-05-13
78. Memory Corruption - Chromium (CVE-2024-3515) - Medium [234]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
0.5 | 15 | Memory Corruption | |
0.8 | 14 | Chromium is a free and open-source web browser project, mainly developed and maintained by Google | |
0.0 | 10 | CVSS Base Score is NA. No data. | |
0.1 | 10 | EPSS Probability is 0.00045, EPSS Percentile is 0.14589 |
MS PT Extended: CVE-2024-3515 was published before May 2024 Patch Tuesday from 2024-04-10 to 2024-05-13
79. Memory Corruption - Chromium (CVE-2024-3516) - Medium [234]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
0.5 | 15 | Memory Corruption | |
0.8 | 14 | Chromium is a free and open-source web browser project, mainly developed and maintained by Google | |
0.0 | 10 | CVSS Base Score is NA. No data. | |
0.1 | 10 | EPSS Probability is 0.00045, EPSS Percentile is 0.14589 |
MS PT Extended: CVE-2024-3516 was published before May 2024 Patch Tuesday from 2024-04-10 to 2024-05-13
80. Memory Corruption - Chromium (CVE-2024-4058) - Medium [234]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
0.5 | 15 | Memory Corruption | |
0.8 | 14 | Chromium is a free and open-source web browser project, mainly developed and maintained by Google | |
0.0 | 10 | CVSS Base Score is NA. No data. | |
0.1 | 10 | EPSS Probability is 0.00045, EPSS Percentile is 0.14626 |
MS PT Extended: CVE-2024-4058 was published before May 2024 Patch Tuesday from 2024-04-10 to 2024-05-13
81. Memory Corruption - Chromium (CVE-2024-4059) - Medium [234]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
0.5 | 15 | Memory Corruption | |
0.8 | 14 | Chromium is a free and open-source web browser project, mainly developed and maintained by Google | |
0.0 | 10 | CVSS Base Score is NA. No data. | |
0.1 | 10 | EPSS Probability is 0.00045, EPSS Percentile is 0.14626 |
MS PT Extended: CVE-2024-4059 was published before May 2024 Patch Tuesday from 2024-04-10 to 2024-05-13
82. Memory Corruption - Chromium (CVE-2024-4060) - Medium [234]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
0.5 | 15 | Memory Corruption | |
0.8 | 14 | Chromium is a free and open-source web browser project, mainly developed and maintained by Google | |
0.0 | 10 | CVSS Base Score is NA. No data. | |
0.1 | 10 | EPSS Probability is 0.00045, EPSS Percentile is 0.14626 |
MS PT Extended: CVE-2024-4060 was published before May 2024 Patch Tuesday from 2024-04-10 to 2024-05-13
83. Memory Corruption - Chromium (CVE-2024-4331) - Medium [234]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
0.5 | 15 | Memory Corruption | |
0.8 | 14 | Chromium is a free and open-source web browser project, mainly developed and maintained by Google | |
0.0 | 10 | CVSS Base Score is NA. No data. | |
0.1 | 10 | EPSS Probability is 0.00045, EPSS Percentile is 0.14626 |
MS PT Extended: CVE-2024-4331 was published before May 2024 Patch Tuesday from 2024-04-10 to 2024-05-13
84. Memory Corruption - Chromium (CVE-2024-4368) - Medium [234]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
0.5 | 15 | Memory Corruption | |
0.8 | 14 | Chromium is a free and open-source web browser project, mainly developed and maintained by Google | |
0.0 | 10 | CVSS Base Score is NA. No data. | |
0.1 | 10 | EPSS Probability is 0.00045, EPSS Percentile is 0.14626 |
MS PT Extended: CVE-2024-4368 was published before May 2024 Patch Tuesday from 2024-04-10 to 2024-05-13
85. Memory Corruption - Chromium (CVE-2024-4558) - Medium [234]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
0.5 | 15 | Memory Corruption | |
0.8 | 14 | Chromium is a free and open-source web browser project, mainly developed and maintained by Google | |
0.0 | 10 | CVSS Base Score is NA. No data. | |
0.1 | 10 | EPSS Probability is 0.00043, EPSS Percentile is 0.0849 |
MS PT Extended: CVE-2024-4558 was published before May 2024 Patch Tuesday from 2024-04-10 to 2024-05-13
86. Memory Corruption - Chromium (CVE-2024-4559) - Medium [234]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
0.5 | 15 | Memory Corruption | |
0.8 | 14 | Chromium is a free and open-source web browser project, mainly developed and maintained by Google | |
0.0 | 10 | CVSS Base Score is NA. No data. | |
0.1 | 10 | EPSS Probability is 0.00043, EPSS Percentile is 0.0849 |
MS PT Extended: CVE-2024-4559 was published before May 2024 Patch Tuesday from 2024-04-10 to 2024-05-13
87. Spoofing - Chromium (CVE-2024-3844) - Medium [216]
Description: Inappropriate implementation in Extensions in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to perform UI
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
0.4 | 15 | Spoofing | |
0.8 | 14 | Chromium is a free and open-source web browser project, mainly developed and maintained by Google | |
0.0 | 10 | CVSS Base Score is NA. No data. | |
0.1 | 10 | EPSS Probability is 0.00044, EPSS Percentile is 0.1238 |
MS PT Extended: CVE-2024-3844 was published before May 2024 Patch Tuesday from 2024-04-10 to 2024-05-13
88. Spoofing - Chromium (CVE-2024-3846) - Medium [216]
Description: Inappropriate implementation in Prompts in Google Chrome prior to 124.0.6367.60 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
0.4 | 15 | Spoofing | |
0.8 | 14 | Chromium is a free and open-source web browser project, mainly developed and maintained by Google | |
0.0 | 10 | CVSS Base Score is NA. No data. | |
0.1 | 10 | EPSS Probability is 0.00044, EPSS Percentile is 0.1238 |
MS PT Extended: CVE-2024-3846 was published before May 2024 Patch Tuesday from 2024-04-10 to 2024-05-13
89. Spoofing - Microsoft Bing Search (CVE-2024-30041) - Low [164]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
0.4 | 15 | Spoofing | |
0.2 | 14 | Microsoft Bing Search | |
0.5 | 10 | CVSS Base Score is 5.4. According to Microsoft data source | |
0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
90. Unknown Vulnerability Type - Chromium (CVE-2024-3832) - Low [145]
Description: {'ms_cve_data_all': 'Chromium: CVE-2024-3832 Object corruption in V8. This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.\n', 'nvd_cve_data_all': 'Object corruption in V8 in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High)', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'Object corruption in V8 in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High)', 'combined_cve_data_all': ''}
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
0 | 15 | Unknown Vulnerability Type | |
0.8 | 14 | Chromium is a free and open-source web browser project, mainly developed and maintained by Google | |
0.0 | 10 | CVSS Base Score is NA. No data. | |
0.1 | 10 | EPSS Probability is 0.00045, EPSS Percentile is 0.14626 |
MS PT Extended: CVE-2024-3832 was published before May 2024 Patch Tuesday from 2024-04-10 to 2024-05-13
91. Unknown Vulnerability Type - Chromium (CVE-2024-3833) - Low [145]
Description: {'ms_cve_data_all': 'Chromium: CVE-2024-3833 Object corruption in WebAssembly. This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.\n', 'nvd_cve_data_all': 'Object corruption in WebAssembly in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High)', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'Object corruption in WebAssembly in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High)', 'combined_cve_data_all': ''}
Component | Value | Weight | Comment |
---|---|---|---|
0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
0 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
0 | 15 | Unknown Vulnerability Type | |
0.8 | 14 | Chromium is a free and open-source web browser project, mainly developed and maintained by Google | |
0.0 | 10 | CVSS Base Score is NA. No data. | |
0.1 | 10 | EPSS Probability is 0.00044, EPSS Percentile is 0.1238 |
MS PT Extended: CVE-2024-3833 was published before May 2024 Patch Tuesday from 2024-04-10 to 2024-05-13
Qualys: CVE-2024-30040: Windows MSHTML Platform Security Feature Bypass Vulnerability Windows MSHTML is a browser engine that renders web pages frequently connected to Internet Explorer. Even though the Internet Explorer (IE) 11 desktop application has reached the end of support, MSHTML vulnerabilities are still relevant today and are being patched by Microsoft. The vulnerability can bypass OLE mitigations in Microsoft 365 and Microsoft Office, which protect users from vulnerable COM/OLE controls. An unauthenticated attacker may exploit this vulnerability to execute code by convincing a user to open a malicious document.
Tenable: Microsoft’s May 2024 Patch Tuesday Addresses 59 CVEs (CVE-2024-30051, CVE-2024-30040)
Tenable: CVE-2024-30040 | Windows MSHTML Platform Security Feature Bypass Vulnerability
Tenable: CVE-2024-30040 is a security feature bypass vulnerability in the MSHTML (Trident) engine in Microsoft Windows that was exploited in the wild as a zero-day. It was assigned a CVSSv3 score of 8.8 and is rated as important. An attacker could exploit this vulnerability by using social engineering tactics via email, social media or instant messaging to convince a target user to open a specially crafted document. Once exploited, an attacker could execute code on the target system. Discovery of this flaw is unattributed.
Rapid7: The Windows MSHTML platform receives a patch for CVE-2024-30040, a security feature bypass vulnerability for which Microsoft has evidence of exploitation in the wild, and which CISA has also listed on KEV.
Rapid7: As Rapid7 has previously noted, MSHTML (also known as Trident) is still fully present in Windows — and unpatched assets are thus vulnerable to CVE-2024-30040 — regardless of whether or not a Windows asset has Internet Explorer 11 fully disabled.
Qualys: CVE-2024-30051: Windows DWM Core Library Elevation of Privilege Vulnerability The Microsoft Windows Desktop Window Manager (DWM) Core Library is a system manager that generates every visible element on a PC or laptop, including visual effects in menus, wallpapers, themes, and more. It has been a part of Microsoft Windows since Windows Vista and is also known as the Desktop Compositing Engine (DCE). On successful exploitation, an attacker could gain SYSTEM privileges.
Tenable: Microsoft’s May 2024 Patch Tuesday Addresses 59 CVEs (CVE-2024-30051, CVE-2024-30040)
Tenable: CVE-2024-30051 | Windows DWM Core Library Elevation of Privilege Vulnerability
Tenable: CVE-2024-30051 is an EoP vulnerability in the DWM Core Library in Microsoft Windows. It was assigned a CVSSv3 score of 7.8 and is rated as important. Microsoft noted that it was exploited in the wild as a zero-day and was publicly disclosed prior to a patch being available. A local attacker with a presence on a vulnerable system could exploit this vulnerability to gain SYSTEM privileges. Discovery of this flaw is credited to several researchers at Google Threat Analysis Group, Google Mandiant and Kaspersky. It is also credited to Quan Jin of DBAPPSecurity WeBin Lab, who disclosed CVE-2023-36033, another zero-day vulnerability in the DWM Core Library exploited in the wild that was patched in November 2023. Researchers at Kaspersky have linked this zero-day vulnerability to QakBot and other malware.
Tenable: In addition to CVE-2024-30051, Microsoft patched two other EoP vulnerabilities in the DWM Core Library (CVE-2024-30032, CVE-2024-30035) and an information disclosure vulnerability (CVE-2024-30008). All three flaws were disclosed to Microsoft by Zhang WangJunJie and He YiSheng of the Hillstone Network Security Research Institute.
Rapid7: The first of today’s zero-day vulnerabilities is CVE-2024-30051, an elevation of privilege (EoP) vulnerability in the Windows Desktop Windows Manager (DWM) Core Library which is listed on the CISA KEV list. Successful exploitation grants SYSTEM privileges. First introduced as part of Windows Vista, DWM is responsible for drawing everything on the display of a Windows system.
Rapid7: Reporters Securelist have linked exploitation of CVE-2024-30051 with deployment of QakBot malware, and the vulnerability while investigating a partial proof-of-concept contained within an unusual file originally submitted to VirusTotal by an unknown party. Securelist further notes that the exploitation method for CVE-2024-30051 is identical to a previous DWM zero-day vulnerability CVE-2023-36033, which Microsoft patched back in November 2023.
ZDI: CVE-2024-30051 – Windows DWM Core Library Elevation of Privilege Vulnerability. This bug allows attackers to escalate the SYSTEM on affected systems. These types of bugs are usually combined with a code execution bug to take over a target and are often used by ransomware. Microsoft credits four different groups for reporting the bug, which indicates the attacks are widespread. They also indicate the vulnerability is publicly known. Don’t wait to test and deploy this update as exploits are likely to increase now that a patch is available to reverse engineer.
Qualys: Other Microsoft Vulnerability Highlights CVE-2024-29996 and CVE-2024-30025 are elevation of privilege vulnerabilities in the Windows Common Log File System Driver. On successful exploitation, an attacker could gain SYSTEM privileges. CVE-2024-30050 is a security feature bypass vulnerability in Windows Mark of the Web. An attacker might host a file on a server and convince a targeted user to download and open the file to exploit this vulnerability. An attacker may alter the functionality of the Mark of the Web on successful exploitation. CVE-2024-30032 is an elevation of privilege vulnerability in Windows DWM Core Library. On successful exploitation, an attacker could gain SYSTEM privileges. CVE-2024-30034 and CVE-2024-30035 are information disclosure vulnerabilities in the Windows Cloud Files Mini Filter Driver. On successful exploitation, an attacker may disclose certain kernel memory content. CVE-2024-30038 is an elevation of privilege vulnerability in Win32k. Successful exploitation of the vulnerability may allow a local, authenticated attacker to gain elevated local system or administrator privileges. CVE-2024-30049 is an elevation of privilege vulnerability in the Windows Win32 Kernel Subsystem. On successful exploitation, an attacker could gain SYSTEM privileges.
ZDI: CVE-2024-30050 – Windows Mark of the Web Security Feature Bypass Vulnerability. We don’t normally detail Moderate-rated bugs, but this type of security feature bypass is quite in vogue with ransomware gangs right now. They zip their payload to bypass network and host-based defenses, they use a Mark of the Web (MotW) bypass to evade SmartScreen or Protected View in Microsoft Office. While we have no indication this bug is being actively used, we see the technique used often enough to call it out. Bugs like this one show why Moderate-rated bugs shouldn’t be ignored or deprioritized.
MS PT Extended: CVE-2024-29991 was published before May 2024 Patch Tuesday from 2024-04-10 to 2024-05-13
MS PT Extended: CVE-2024-3840 was published before May 2024 Patch Tuesday from 2024-04-10 to 2024-05-13
MS PT Extended: CVE-2024-3841 was published before May 2024 Patch Tuesday from 2024-04-10 to 2024-05-13
MS PT Extended: CVE-2024-3843 was published before May 2024 Patch Tuesday from 2024-04-10 to 2024-05-13
MS PT Extended: CVE-2024-3847 was published before May 2024 Patch Tuesday from 2024-04-10 to 2024-05-13
MS PT Extended: CVE-2024-3845 was published before May 2024 Patch Tuesday from 2024-04-10 to 2024-05-13
Rapid7: The Windows Mobile Broadband driver receives patches for no fewer than 11 vulnerabilities; for example, CVE-2024-29997. All 11 vulnerabilities appear very similar based on the advisories. In each case, the relatively low CVSS base score of 6.8 reflects that an attacker must be physically present and insert a malicious USB device into the target host.
Rapid7: Microsoft Excel receives a patch for CVE-2024-30042. Successful exploitation requires that an attacker convince the user to open a malicious file, which leads to code execution, presumably in the context of the user.
Qualys: CVE-2024-30044: Microsoft SharePoint Server Remote Code Execution Vulnerability Microsoft SharePoint is a web-based platform that allows organizations to create websites for storing, organizing, sharing, and accessing information. SharePoint is available in Microsoft 365 and can be used on PCs, Macs, and mobile devices. An authenticated attacker with Site Owner permissions or higher could upload a specially crafted file to the targeted SharePoint Server and craft specialized API requests to trigger the deserialization of the file’s parameters. Successful exploitation of the vulnerability may allow an attacker to perform remote code execution in the context of the SharePoint Server.
Tenable: CVE-2024-30044 | Microsoft SharePoint Server Remote Code Execution Vulnerability
Tenable: CVE-2024-30044 is a RCE vulnerability in Microsoft SharePoint Server. It was assigned a CVSSv3 score of 8.8 and is rated critical. This vulnerability is rated as “Exploitation More Likely.” However, exploitation of this flaw requires an attacker authenticated to a vulnerable SharePoint Server with Site Owner permissions to perform two steps: 1.) the attacker must upload a specially crafted file to the vulnerable SharePoint Server and 2.) send specially crafted API requests to the SharePoint Server in order to “trigger deserialization of file’s parameters.” Successful exploitation would result in remote code execution “in the context of the SharePoint Server.”
Rapid7: SharePoint admins are no strangers to patches for critical RCE vulnerabilities. CVE-2024-30044 allows an authenticated attacker with Site Owner permissions or higher to achieve code execution in the context of SharePoint Server via upload of a specially crafted file, followed by specific API calls to trigger deserialization of the file’s parameters.
Rapid7: Microsoft considers exploitation of CVE-2024-30044 more likely, and the low attack complexity and network attack contribute to a relatively high CVSS 3.1 base score of 8.8. The advisory also lists the privileges required vector component as low, which is debatable given the Site Owner authentication requirement for exploitation.
Tenable: Microsoft patched 59 CVEs in its May 2024 Patch Tuesday release, with one rated critical, 57 rated as important and 1 rated as moderate. Two CVEs were excluded from our count (CVE-2024-32002, CVE-2024-32004) as they are GitHub assigned CVEs and not issued by Microsoft.
Rapid7: Back in 2021, Microsoft started publishing the Assigning CNA (CVE Numbering Authority) field on advisories. A welcome trend of publishing advisories for third-party software included in Microsoft products continues this month with two vulnerabilities in MinGit patched as part of the May 2024 Windows security updates. MinGit is published by GitHub and consumed by Visual Studio. CVE-2024-32002 describes a RCE vulnerability on case-insensitive filesystems that support symlinks — macOS APFS comes to mind — and CVE-2024-32004 describes RCE while cloning specially-crafted local repositories.
MS PT Extended: CVE-2024-3157 was published before May 2024 Patch Tuesday from 2024-04-10 to 2024-05-13
Qualys: Other Microsoft Vulnerability Highlights CVE-2024-29996 and CVE-2024-30025 are elevation of privilege vulnerabilities in the Windows Common Log File System Driver. On successful exploitation, an attacker could gain SYSTEM privileges. CVE-2024-30050 is a security feature bypass vulnerability in Windows Mark of the Web. An attacker might host a file on a server and convince a targeted user to download and open the file to exploit this vulnerability. An attacker may alter the functionality of the Mark of the Web on successful exploitation. CVE-2024-30032 is an elevation of privilege vulnerability in Windows DWM Core Library. On successful exploitation, an attacker could gain SYSTEM privileges. CVE-2024-30034 and CVE-2024-30035 are information disclosure vulnerabilities in the Windows Cloud Files Mini Filter Driver. On successful exploitation, an attacker may disclose certain kernel memory content. CVE-2024-30038 is an elevation of privilege vulnerability in Win32k. Successful exploitation of the vulnerability may allow a local, authenticated attacker to gain elevated local system or administrator privileges. CVE-2024-30049 is an elevation of privilege vulnerability in the Windows Win32 Kernel Subsystem. On successful exploitation, an attacker could gain SYSTEM privileges.
Qualys: Other Microsoft Vulnerability Highlights CVE-2024-29996 and CVE-2024-30025 are elevation of privilege vulnerabilities in the Windows Common Log File System Driver. On successful exploitation, an attacker could gain SYSTEM privileges. CVE-2024-30050 is a security feature bypass vulnerability in Windows Mark of the Web. An attacker might host a file on a server and convince a targeted user to download and open the file to exploit this vulnerability. An attacker may alter the functionality of the Mark of the Web on successful exploitation. CVE-2024-30032 is an elevation of privilege vulnerability in Windows DWM Core Library. On successful exploitation, an attacker could gain SYSTEM privileges. CVE-2024-30034 and CVE-2024-30035 are information disclosure vulnerabilities in the Windows Cloud Files Mini Filter Driver. On successful exploitation, an attacker may disclose certain kernel memory content. CVE-2024-30038 is an elevation of privilege vulnerability in Win32k. Successful exploitation of the vulnerability may allow a local, authenticated attacker to gain elevated local system or administrator privileges. CVE-2024-30049 is an elevation of privilege vulnerability in the Windows Win32 Kernel Subsystem. On successful exploitation, an attacker could gain SYSTEM privileges.
Qualys: Other Microsoft Vulnerability Highlights CVE-2024-29996 and CVE-2024-30025 are elevation of privilege vulnerabilities in the Windows Common Log File System Driver. On successful exploitation, an attacker could gain SYSTEM privileges. CVE-2024-30050 is a security feature bypass vulnerability in Windows Mark of the Web. An attacker might host a file on a server and convince a targeted user to download and open the file to exploit this vulnerability. An attacker may alter the functionality of the Mark of the Web on successful exploitation. CVE-2024-30032 is an elevation of privilege vulnerability in Windows DWM Core Library. On successful exploitation, an attacker could gain SYSTEM privileges. CVE-2024-30034 and CVE-2024-30035 are information disclosure vulnerabilities in the Windows Cloud Files Mini Filter Driver. On successful exploitation, an attacker may disclose certain kernel memory content. CVE-2024-30038 is an elevation of privilege vulnerability in Win32k. Successful exploitation of the vulnerability may allow a local, authenticated attacker to gain elevated local system or administrator privileges. CVE-2024-30049 is an elevation of privilege vulnerability in the Windows Win32 Kernel Subsystem. On successful exploitation, an attacker could gain SYSTEM privileges.
Tenable: In addition to CVE-2024-30051, Microsoft patched two other EoP vulnerabilities in the DWM Core Library (CVE-2024-30032, CVE-2024-30035) and an information disclosure vulnerability (CVE-2024-30008). All three flaws were disclosed to Microsoft by Zhang WangJunJie and He YiSheng of the Hillstone Network Security Research Institute.
Qualys: Other Microsoft Vulnerability Highlights CVE-2024-29996 and CVE-2024-30025 are elevation of privilege vulnerabilities in the Windows Common Log File System Driver. On successful exploitation, an attacker could gain SYSTEM privileges. CVE-2024-30050 is a security feature bypass vulnerability in Windows Mark of the Web. An attacker might host a file on a server and convince a targeted user to download and open the file to exploit this vulnerability. An attacker may alter the functionality of the Mark of the Web on successful exploitation. CVE-2024-30032 is an elevation of privilege vulnerability in Windows DWM Core Library. On successful exploitation, an attacker could gain SYSTEM privileges. CVE-2024-30034 and CVE-2024-30035 are information disclosure vulnerabilities in the Windows Cloud Files Mini Filter Driver. On successful exploitation, an attacker may disclose certain kernel memory content. CVE-2024-30038 is an elevation of privilege vulnerability in Win32k. Successful exploitation of the vulnerability may allow a local, authenticated attacker to gain elevated local system or administrator privileges. CVE-2024-30049 is an elevation of privilege vulnerability in the Windows Win32 Kernel Subsystem. On successful exploitation, an attacker could gain SYSTEM privileges.
ZDI: CVE-2024-30033 – Windows Search Service Elevation of Privilege Vulnerability. This is another bug reported through the ZDI program and has a similar impact to the bug currently being exploited, although it manifests through a different mechanism. This is a link following bug in the Windows Search service. By creating a pseudo-symlink, an attacker could redirect a delete call to delete a different file or folder as SYSTEM. We discussed how this could be used to elevate privileges here. The delete happens when restarting the service. A low-privileged user can't restart the service directly. However, this could easily be combined with a bug that allows a low-privileged user to terminate any process by PID. After failure, the service will restart automatically, successfully triggering this vulnerability.
MS PT Extended: CVE-2024-29986 was published before May 2024 Patch Tuesday from 2024-04-10 to 2024-05-13
MS PT Extended: CVE-2024-29987 was published before May 2024 Patch Tuesday from 2024-04-10 to 2024-05-13
Qualys: Other Microsoft Vulnerability Highlights CVE-2024-29996 and CVE-2024-30025 are elevation of privilege vulnerabilities in the Windows Common Log File System Driver. On successful exploitation, an attacker could gain SYSTEM privileges. CVE-2024-30050 is a security feature bypass vulnerability in Windows Mark of the Web. An attacker might host a file on a server and convince a targeted user to download and open the file to exploit this vulnerability. An attacker may alter the functionality of the Mark of the Web on successful exploitation. CVE-2024-30032 is an elevation of privilege vulnerability in Windows DWM Core Library. On successful exploitation, an attacker could gain SYSTEM privileges. CVE-2024-30034 and CVE-2024-30035 are information disclosure vulnerabilities in the Windows Cloud Files Mini Filter Driver. On successful exploitation, an attacker may disclose certain kernel memory content. CVE-2024-30038 is an elevation of privilege vulnerability in Win32k. Successful exploitation of the vulnerability may allow a local, authenticated attacker to gain elevated local system or administrator privileges. CVE-2024-30049 is an elevation of privilege vulnerability in the Windows Win32 Kernel Subsystem. On successful exploitation, an attacker could gain SYSTEM privileges.
Tenable: In addition to CVE-2024-30051, Microsoft patched two other EoP vulnerabilities in the DWM Core Library (CVE-2024-30032, CVE-2024-30035) and an information disclosure vulnerability (CVE-2024-30008). All three flaws were disclosed to Microsoft by Zhang WangJunJie and He YiSheng of the Hillstone Network Security Research Institute.
ZDI: CVE-2024-30043 – Microsoft SharePoint Server Information Disclosure Vulnerability. This vulnerability was reported to Microsoft by ZDI researcher Piotr Bazydło and represents an XML external entity injection (XXE) vulnerability in Microsoft SharePoint Server 2019. An authenticated attacker could use this bug to read local files with SharePoint Farm service account user privileges. They could also perform an HTTP-based server-side request forgery (SSRF), and – most importantly – perform NLTM relaying as the SharePoint Farm service account. Bugs like this show why info disclosure vulnerabilities shouldn’t be ignored or deprioritized.
MS PT Extended: CVE-2024-3515 was published before May 2024 Patch Tuesday from 2024-04-10 to 2024-05-13
MS PT Extended: CVE-2024-3914 was published before May 2024 Patch Tuesday from 2024-04-10 to 2024-05-13
MS PT Extended: CVE-2024-4060 was published before May 2024 Patch Tuesday from 2024-04-10 to 2024-05-13
MS PT Extended: CVE-2024-4059 was published before May 2024 Patch Tuesday from 2024-04-10 to 2024-05-13
MS PT Extended: CVE-2024-3516 was published before May 2024 Patch Tuesday from 2024-04-10 to 2024-05-13
MS PT Extended: CVE-2024-4671 was published before May 2024 Patch Tuesday from 2024-04-10 to 2024-05-13
MS PT Extended: CVE-2024-3834 was published before May 2024 Patch Tuesday from 2024-04-10 to 2024-05-13
MS PT Extended: CVE-2024-3839 was published before May 2024 Patch Tuesday from 2024-04-10 to 2024-05-13
MS PT Extended: CVE-2024-4331 was published before May 2024 Patch Tuesday from 2024-04-10 to 2024-05-13
MS PT Extended: CVE-2024-4559 was published before May 2024 Patch Tuesday from 2024-04-10 to 2024-05-13
MS PT Extended: CVE-2024-4368 was published before May 2024 Patch Tuesday from 2024-04-10 to 2024-05-13
MS PT Extended: CVE-2024-4558 was published before May 2024 Patch Tuesday from 2024-04-10 to 2024-05-13
MS PT Extended: CVE-2024-3837 was published before May 2024 Patch Tuesday from 2024-04-10 to 2024-05-13
MS PT Extended: CVE-2024-4058 was published before May 2024 Patch Tuesday from 2024-04-10 to 2024-05-13
Tenable: CVE-2024-30046 | Visual Studio Denial of Service Vulnerability
Tenable: CVE-2024-30046 is a denial of service (DoS) vulnerability affecting multiple versions of Microsoft Visual Studio 2022. It was assigned a CVSSv3 score of 5.9 and is rated important. It is listed as being publicly disclosed prior to a patch being made available. It is rated as “Exploitation Less Likely” according to Microsoft’s Exploitability Index and its Attack Complexity rating is listed as High. This is due to the fact that an attacker would need to “invest time in repeated exploitation attempts” through the sending of “constant or intermittent data” to a targeted system. DoS attacks often require a steady stream of requests in order to overwhelm a target system, so these ratings are expected.
Rapid7: Microsoft describes CVE-2024-30046 as requiring a highly complex attack to win a race condition through “[the investment of] time in repeated exploitation attempts through sending constant or intermittent data”. Since all data sent anywhere is transmitted either constantly or intermittently, and the rest of the advisory is short on detail, the potential impact of exploitation remains unclear.
MS PT Extended: CVE-2024-3838 was published before May 2024 Patch Tuesday from 2024-04-10 to 2024-05-13
MS PT Extended: CVE-2024-3844 was published before May 2024 Patch Tuesday from 2024-04-10 to 2024-05-13
MS PT Extended: CVE-2024-3846 was published before May 2024 Patch Tuesday from 2024-04-10 to 2024-05-13
MS PT Extended: CVE-2024-30055 was published before May 2024 Patch Tuesday from 2024-04-10 to 2024-05-13
MS PT Extended: CVE-2024-3833 was published before May 2024 Patch Tuesday from 2024-04-10 to 2024-05-13
MS PT Extended: CVE-2024-3832 was published before May 2024 Patch Tuesday from 2024-04-10 to 2024-05-13