Overview
Microsoft’s May 2024 Patch Tuesday has 59 vulnerabilities, 25 of which are Remote Code Execution vulnerabilities. The SonicWall Capture Labs threat research team has analyzed and addressed Microsoft’s security advisories for the month of May 2024 and has produced coverage for 9 of the reported vulnerabilities.
Vulnerabilities with Detections
CVE |
CVE Title |
Signature |
CVE-2024-29996 |
Windows Common Log File System Driver Elevation of Privilege Vulnerability |
ASPY 568 Exploit-exe exe.MP_383 |
CVE-2024-30025 |
Windows Common Log File System Driver Elevation of Privilege Vulnerability |
ASPY 569 Exploit-exe exe.MP_384 |
CVE-2024-30032 |
Windows DWM Core Library Elevation of Privilege Vulnerability |
ASPY 570 Exploit-exe exe.MP_385 |
CVE-2024-30034 |
Windows Cloud Files Mini Filter Driver Information Disclosure Vulnerability |
ASPY 571 Exploit-exe exe.MP_386 |
CVE-2024-30035 |
Windows DWM Core Library Elevation of Privilege Vulnerability |
ASPY 572 Exploit-exe exe.MP_387 |
CVE-2024-30037 |
Windows Common Log File System Driver Elevation of Privilege Vulnerability |
ASPY 567 Exploit-exe exe.MP_382 |
CVE-2024-30044 |
Microsoft SharePoint Server Remote Code Execution Vulnerability |
IPS 15674 Microsoft SharePoint Server Remote Code Execution (CVE-2024-30044) |
CVE-2024-30050 |
Windows Mark of the Web Security Feature Bypass Vulnerability |
IPS 15666 Windows Mark of the Web Security Feature Bypass (CVE-2024-30050) |
CVE-2024-30051 |
Windows DWM Core Library Elevation of Privilege Vulnerability |
ASPY 566 Malformed-docx docx.MP_11 |
Release Breakdown
The vulnerabilities can be classified into the following categories:
For May, there are 57 critical, 1 Important, and 1 moderate vulnerabilities.
2024 Patch Tuesday Monthly Comparison
Microsoft tracks vulnerabilities that are being actively exploited at the time of discovery and those that have been disclosed publicly before the patch Tuesday release for each month. The above chart displays these metrics as seen each month.
Release Detailed Breakdown
Denial of Service Vulnerabilities
CVE-2024-30011 |
Windows Hyper-V Denial of Service Vulnerability |
CVE-2024-30019 |
DHCP Server Service Denial of Service Vulnerability |
CVE-2024-30046 |
ASP.NET Core Denial of Service Vulnerability |
Elevation of Privilege Vulnerabilities
CVE-2024-26238 |
Microsoft PLUGScheduler Scheduled Task Elevation of Privilege Vulnerability |
CVE-2024-29994 |
Microsoft Windows SCSI Class System File Elevation of Privilege Vulnerability |
CVE-2024-29996 |
Windows Common Log File System Driver Elevation of Privilege Vulnerability |
CVE-2024-30007 |
Microsoft Brokering File System Elevation of Privilege Vulnerability |
CVE-2024-30018 |
Windows Kernel Elevation of Privilege Vulnerability |
CVE-2024-30025 |
Windows Common Log File System Driver Elevation of Privilege Vulnerability |
CVE-2024-30027 |
NTFS Elevation of Privilege Vulnerability |
CVE-2024-30028 |
Win32k Elevation of Privilege Vulnerability |
CVE-2024-30030 |
Win32k Elevation of Privilege Vulnerability |
CVE-2024-30031 |
Windows CNG Key Isolation Service Elevation of Privilege Vulnerability |
CVE-2024-30032 |
Windows DWM Core Library Elevation of Privilege Vulnerability |
CVE-2024-30033 |
Windows Search Service Elevation of Privilege Vulnerability |
CVE-2024-30035 |
Windows DWM Core Library Elevation of Privilege Vulnerability |
CVE-2024-30037 |
Windows Common Log File System Driver Elevation of Privilege Vulnerability |
CVE-2024-30038 |
Win32k Elevation of Privilege Vulnerability |
CVE-2024-30049 |
Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability |
CVE-2024-30051 |
Windows DWM Core Library Elevation of Privilege Vulnerability |
Information Disclosure Vulnerabilities
CVE-2024-30008 |
Windows DWM Core Library Information Disclosure Vulnerability |
CVE-2024-30016 |
Windows Cryptographic Services Information Disclosure Vulnerability |
CVE-2024-30034 |
Windows Cloud Files Mini Filter Driver Information Disclosure Vulnerability |
CVE-2024-30036 |
Windows Deployment Services Information Disclosure Vulnerability |
CVE-2024-30039 |
Windows Remote Access Connection Manager Information Disclosure Vulnerability |
CVE-2024-30043 |
Microsoft SharePoint Server Information Disclosure Vulnerability |
CVE-2024-30054 |
Microsoft Power BI Client JavaScript SDK Information Disclosure Vulnerability |
Remote Code Execution Vulnerabilities
CVE-2024-29997 |
Windows Mobile Broadband Driver Remote Code Execution Vulnerability |
CVE-2024-29998 |
Windows Mobile Broadband Driver Remote Code Execution Vulnerability |
CVE-2024-29999 |
Windows Mobile Broadband Driver Remote Code Execution Vulnerability |
CVE-2024-30000 |
Windows Mobile Broadband Driver Remote Code Execution Vulnerability |
CVE-2024-30001 |
Windows Mobile Broadband Driver Remote Code Execution Vulnerability |
CVE-2024-30002 |
Windows Mobile Broadband Driver Remote Code Execution Vulnerability |
CVE-2024-30003 |
Windows Mobile Broadband Driver Remote Code Execution Vulnerability |
CVE-2024-30004 |
Windows Mobile Broadband Driver Remote Code Execution Vulnerability |
CVE-2024-30005 |
Windows Mobile Broadband Driver Remote Code Execution Vulnerability |
CVE-2024-30006 |
Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability |
CVE-2024-30009 |
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability |
CVE-2024-30010 |
Windows Hyper-V Remote Code Execution Vulnerability |
CVE-2024-30012 |
Windows Mobile Broadband Driver Remote Code Execution Vulnerability |
CVE-2024-30014 |
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability |
CVE-2024-30015 |
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability |
CVE-2024-30017 |
Windows Hyper-V Remote Code Execution Vulnerability |
CVE-2024-30020 |
Windows Cryptographic Services Remote Code Execution Vulnerability |
CVE-2024-30021 |
Windows Mobile Broadband Driver Remote Code Execution Vulnerability |
CVE-2024-30022 |
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability |
CVE-2024-30023 |
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability |
CVE-2024-30024 |
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability |
CVE-2024-30029 |
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability |
CVE-2024-30042 |
Microsoft Excel Remote Code Execution Vulnerability |
CVE-2024-30044 |
Microsoft SharePoint Server Remote Code Execution Vulnerability |
CVE-2024-30045 |
.NET and Visual Studio Remote Code Execution Vulnerability |
Security Feature Bypass Vulnerabilities
CVE-2024-30040 |
Windows MSHTML Platform Security Feature Bypass Vulnerability |
CVE-2024-30050 |
Windows Mark of the Web Security Feature Bypass Vulnerability |
Spoofing Vulnerabilities
CVE-2024-30041 |
Microsoft Bing Search Spoofing Vulnerability |
CVE-2024-30047 |
Dynamics 365 Customer Insights Spoofing Vulnerability |
CVE-2024-30048 |
Dynamics 365 Customer Insights Spoofing Vulnerability |
CVE-2024-30053 |
Azure Migrate Cross-Site Scripting Vulnerability |
Tampering Vulnerabilities
CVE-2024-30059 |
Microsoft Intune for Android Mobile Application Management Tampering Vulnerability |
The SonicWall Capture Labs Threat Research Team gathers, analyzes and vets cross-vector threat information from the SonicWall Capture Threat network, consisting of global devices and resources, including more than 1 million security sensors in nearly 200 countries and territories. The research team identifies, analyzes, and mitigates critical vulnerabilities and malware daily through in-depth research, which drives protection for all SonicWall customers. In addition to safeguarding networks globally, the research team supports the larger threat intelligence community by releasing weekly deep technical analyses of the most critical threats to small businesses, providing critical knowledge that defenders need to protect their networks.