On May 14, 2024, Microsoft published their May 2024 security update with patches for 60 vulnerabilities. Among these vulnerabilities, Arctic Wolf has highlighted three in this security bulletin that were categorized as critical or actively exploited.
Impacted Product #1: Windows
Vulnerabilities Impacting Windows:
CVE-2024-30040 | CVSS: 8.8 – High
MS Severity: Important |
Exploitation Detected |
Windows MSHTML Platform Security Feature Bypass Vulnerability – An unauthenticated remote threat actor can exploit this vulnerability by convincing a user to open a malicious document. This could lead to the execution of arbitrary code in the context of the user. | ||
CVE-2024-30051 | CVSS: 7.8 – High
MS Severity: Important |
Exploitation Detected |
Windows DWM Core Library Elevation of Privilege Vulnerability – A local threat actor can exploit this vulnerability to escalate privileges.
|
Impacted Product #2: Microsoft Office
Vulnerabilities Impacting Microsoft Office:
CVE-2024-30044 | CVSS: 8.8 – High
MS Severity: Critical |
No Exploitation Detected |
Microsoft SharePoint Server Remote Code Execution (RCE) Vulnerability – A threat actor, authenticated with Site Owner permissions or higher, could upload a specially crafted file onto a targeted SharePoint Server. Subsequently, they could generate tailored API requests to trigger the deserialization of the file’s parameters, which enables RCE within the SharePoint Server’s context. |
Recommendations
Recommendation #1: Apply Security Updates to Impacted Products
Arctic Wolf strongly recommends applying the available security updates to all impacted products to prevent potential exploitation.
Note: Please follow your organizations patching and testing guidelines to avoid operational impact.
Product | Vulnerability | Article | Download |
Windows Server 2022, 23H2 Edition | CVE-2024-30040 | 5037781 | Security Update |
Windows Server 2022 | CVE-2024-30051, CVE-2024-30040 | 5037782, 5037848 | Security Update, SecurityHotpatchUpdate |
Windows Server 2019 | CVE-2024-30051, CVE-2024-30040 | 5037765 | Security Update |
Windows Server 2016 | CVE-2024-30051, CVE-2024-30040 | 5037763 | Security Update |
Windows 11 Version 23H2 for x64-based Systems | CVE-2024-30051, CVE-2024-30040 | 5037771 | Security Update |
Windows 11 Version 23H2 for ARM64-based Systems | CVE-2024-30051, CVE-2024-30040 | 5037771 | Security Update |
Windows 11 Version 22H2 for x64-based Systems | CVE-2024-30051, CVE-2024-30040 | 5037771 | Security Update |
Windows 11 Version 22H2 for ARM64-based Systems | CVE-2024-30051, CVE-2024-30040 | 5037771 | Security Update |
Windows 11 version 21H2 for x64-based Systems | CVE-2024-30051, CVE-2024-30040 | 5037770 | Security Update |
Windows 11 version 21H2 for ARM64-based Systems | CVE-2024-30051, CVE-2024-30040 | 5037770 | Security Update |
Windows 10 Version 22H2 for x64-based Systems | CVE-2024-30051, CVE-2024-30040 | 5037768 | Security Update |
Windows 10 Version 22H2 for ARM64-based Systems | CVE-2024-30051, CVE-2024-30040 | 5037768 | Security Update |
Windows 10 Version 22H2 for 32-bit Systems | CVE-2024-30051, CVE-2024-30040 | 5037768 | Security Update |
Windows 10 Version 21H2 for x64-based Systems | CVE-2024-30051, CVE-2024-30040 | 5037768 | Security Update |
Windows 10 Version 21H2 for ARM64-based Systems | CVE-2024-30051, CVE-2024-30040 | 5037768 | Security Update |
Windows 10 Version 21H2 for 32-bit Systems | CVE-2024-30051, CVE-2024-30040 | 5037768 | Security Update |
Windows 10 Version 1809 for x64-based Systems | CVE-2024-30051, CVE-2024-30040 | 5037765 | Security Update |
Windows 10 Version 1809 for ARM64-based Systems | CVE-2024-30051, CVE-2024-30040 | 5037765 | Security Update |
Windows 10 Version 1809 for 32-bit Systems | CVE-2024-30051, CVE-2024-30040 | 5037765 | Security Update |
Windows 10 Version 1607 for x64-based Systems | CVE-2024-30051, CVE-2024-30040 | 5037763 | Security Update |
Windows 10 Version 1607 for 32-bit Systems | CVE-2024-30051, CVE-2024-30040 | 5037763 | Security Update |
Windows 10 for x64-based Systems | CVE-2024-30051, CVE-2024-30040 | 5037788 | Security Update |
Windows 10 for 32-bit Systems | CVE-2024-30051, CVE-2024-30040 | 5037788 | Security Update |
Microsoft SharePoint Server Subscription Edition | CVE-2024-30044 | 5002599 | Security Update |
Microsoft SharePoint Server 2019 | CVE-2024-30044 | 5002596 | Security Update |
Microsoft SharePoint Enterprise Server 2016 | CVE-2024-30044 | 5002598 | Security Update |
References
- Microsoft Patch Tuesday (May 2024)
- CVE-2024-30040
- CVE-2024-30051
- Active Exploitation Activity (CVE-2024-30051)
- CVE-2024-30044