Security News

MICROSOFT SECURITY BULLETIN COVERAGE FOR MAY 2024

By

Overview

Microsoft’s May 2024 Patch Tuesday has 59 vulnerabilities, 25 of which are Remote Code Execution vulnerabilities. The SonicWall Capture Labs threat research team has analyzed and addressed Microsoft’s security advisories for the month of May 2024 and has produced coverage for 9 of the reported vulnerabilities.

Vulnerabilities with Detections

CVE CVE Title Signature
CVE-2024-29996 Windows Common Log File System Driver Elevation of Privilege Vulnerability ASPY 568 Exploit-exe exe.MP_383
CVE-2024-30025 Windows Common Log File System Driver Elevation of Privilege Vulnerability ASPY 569 Exploit-exe exe.MP_384
CVE-2024-30032 Windows DWM Core Library Elevation of Privilege Vulnerability ASPY 570 Exploit-exe exe.MP_385
CVE-2024-30034 Windows Cloud Files Mini Filter Driver Information Disclosure Vulnerability ASPY 571 Exploit-exe exe.MP_386
CVE-2024-30035 Windows DWM Core Library Elevation of Privilege Vulnerability ASPY 572 Exploit-exe exe.MP_387
CVE-2024-30037 Windows Common Log File System Driver Elevation of Privilege Vulnerability ASPY 567 Exploit-exe exe.MP_382
CVE-2024-30044 Microsoft SharePoint Server Remote Code Execution Vulnerability IPS 15674 Microsoft SharePoint Server Remote Code Execution (CVE-2024-30044)
CVE-2024-30050 Windows Mark of the Web Security Feature Bypass Vulnerability IPS 15666 Windows Mark of the Web Security Feature Bypass (CVE-2024-30050)
CVE-2024-30051 Windows DWM Core Library Elevation of Privilege Vulnerability ASPY 566 Malformed-docx docx.MP_11

Release Breakdown

The vulnerabilities can be classified into the following categories:

For May, there are 57 critical, 1 Important, and 1 moderate vulnerabilities.

2024 Patch Tuesday Monthly Comparison

Microsoft tracks vulnerabilities that are being actively exploited at the time of discovery and those that have been disclosed publicly before the patch Tuesday release for each month. The above chart displays these metrics as seen each month.

Release Detailed Breakdown

Denial of Service Vulnerabilities

CVE-2024-30011 Windows Hyper-V Denial of Service Vulnerability
CVE-2024-30019 DHCP Server Service Denial of Service Vulnerability
CVE-2024-30046 ASP.NET Core Denial of Service Vulnerability

Elevation of Privilege Vulnerabilities

CVE-2024-26238 Microsoft PLUGScheduler Scheduled Task Elevation of Privilege Vulnerability
CVE-2024-29994 Microsoft Windows SCSI Class System File Elevation of Privilege Vulnerability
CVE-2024-29996 Windows Common Log File System Driver Elevation of Privilege Vulnerability
CVE-2024-30007 Microsoft Brokering File System Elevation of Privilege Vulnerability
CVE-2024-30018 Windows Kernel Elevation of Privilege Vulnerability
CVE-2024-30025 Windows Common Log File System Driver Elevation of Privilege Vulnerability
CVE-2024-30027 NTFS Elevation of Privilege Vulnerability
CVE-2024-30028 Win32k Elevation of Privilege Vulnerability
CVE-2024-30030 Win32k Elevation of Privilege Vulnerability
CVE-2024-30031 Windows CNG Key Isolation Service Elevation of Privilege Vulnerability
CVE-2024-30032 Windows DWM Core Library Elevation of Privilege Vulnerability
CVE-2024-30033 Windows Search Service Elevation of Privilege Vulnerability
CVE-2024-30035 Windows DWM Core Library Elevation of Privilege Vulnerability
CVE-2024-30037 Windows Common Log File System Driver Elevation of Privilege Vulnerability
CVE-2024-30038 Win32k Elevation of Privilege Vulnerability
CVE-2024-30049 Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability
CVE-2024-30051 Windows DWM Core Library Elevation of Privilege Vulnerability

Information Disclosure Vulnerabilities

CVE-2024-30008 Windows DWM Core Library Information Disclosure  Vulnerability
CVE-2024-30016 Windows Cryptographic Services Information Disclosure Vulnerability
CVE-2024-30034 Windows Cloud Files Mini Filter Driver Information Disclosure Vulnerability
CVE-2024-30036 Windows Deployment Services Information Disclosure Vulnerability
CVE-2024-30039 Windows Remote Access Connection Manager Information Disclosure Vulnerability
CVE-2024-30043 Microsoft SharePoint Server Information Disclosure Vulnerability
CVE-2024-30054 Microsoft Power BI Client JavaScript SDK Information Disclosure Vulnerability

Remote Code Execution Vulnerabilities

CVE-2024-29997 Windows Mobile Broadband Driver Remote Code Execution Vulnerability
CVE-2024-29998 Windows Mobile Broadband Driver Remote Code Execution Vulnerability
CVE-2024-29999 Windows Mobile Broadband Driver Remote Code Execution Vulnerability
CVE-2024-30000 Windows Mobile Broadband Driver Remote Code Execution Vulnerability
CVE-2024-30001 Windows Mobile Broadband Driver Remote Code Execution Vulnerability
CVE-2024-30002 Windows Mobile Broadband Driver Remote Code Execution Vulnerability
CVE-2024-30003 Windows Mobile Broadband Driver Remote Code Execution Vulnerability
CVE-2024-30004 Windows Mobile Broadband Driver Remote Code Execution Vulnerability
CVE-2024-30005 Windows Mobile Broadband Driver Remote Code Execution Vulnerability
CVE-2024-30006 Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
CVE-2024-30009 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
CVE-2024-30010 Windows Hyper-V Remote Code Execution Vulnerability
CVE-2024-30012 Windows Mobile Broadband Driver Remote Code Execution Vulnerability
CVE-2024-30014 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
CVE-2024-30015 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
CVE-2024-30017 Windows Hyper-V Remote Code Execution Vulnerability
CVE-2024-30020 Windows Cryptographic Services Remote Code Execution Vulnerability
CVE-2024-30021 Windows Mobile Broadband Driver Remote Code Execution Vulnerability
CVE-2024-30022 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
CVE-2024-30023 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
CVE-2024-30024 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
CVE-2024-30029 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
CVE-2024-30042 Microsoft Excel Remote Code Execution Vulnerability
CVE-2024-30044 Microsoft SharePoint Server Remote Code Execution Vulnerability
CVE-2024-30045 .NET and Visual Studio Remote Code Execution Vulnerability

Security Feature Bypass Vulnerabilities

CVE-2024-30040 Windows MSHTML Platform Security Feature Bypass Vulnerability
CVE-2024-30050 Windows Mark of the Web Security Feature Bypass Vulnerability

Spoofing Vulnerabilities

CVE-2024-30041 Microsoft Bing Search Spoofing Vulnerability
CVE-2024-30047 Dynamics 365 Customer Insights Spoofing Vulnerability
CVE-2024-30048 Dynamics 365 Customer Insights Spoofing Vulnerability
CVE-2024-30053 Azure Migrate Cross-Site Scripting Vulnerability

Tampering Vulnerabilities

CVE-2024-30059 Microsoft Intune for Android Mobile Application Management Tampering Vulnerability
Security News
The SonicWall Capture Labs Threat Research Team gathers, analyzes and vets cross-vector threat information from the SonicWall Capture Threat network, consisting of global devices and resources, including more than 1 million security sensors in nearly 200 countries and territories. The research team identifies, analyzes, and mitigates critical vulnerabilities and malware daily through in-depth research, which drives protection for all SonicWall customers. In addition to safeguarding networks globally, the research team supports the larger threat intelligence community by releasing weekly deep technical analyses of the most critical threats to small businesses, providing critical knowledge that defenders need to protect their networks.
Recommended Cyber Security Stories
CoronaVirus Ransomware
Infostealer Trojan that tracks user activity (November 22, 2013)
Badlock: Windows SAM and LSAD Downgrade Vulnerability
SAP GUI Arbitrary Command Execution (Mar 25, 2010)
Oracle AutoVueX ActiveX Arbitrary File Creation (Nov 3, 2011)
Win 8 Security System FakeAV with Rootkit discovered in the wild (Sep 7, 2012)
Memcached integer overflow CVE-2016-8704 (Dec 9, 2016)
MS Windows IPP Buffer Overflow (Oct 17, 2008)