Summary
Microsoft released the monthly security updates resolving a total of 61 new vulnerabilities, including three 0-day vulnerabilities.
Notes (updated 07/06/2024): a Proof of Concept (PoC) for the exploitation of the CVE-2024-30043 vulnerability appears to be available online.
Notes: The vendor states that CVE-2024-30040 and CVE-2024-30051 are actively exploited on the network.
Notes: The vendor states that a PoC for the exploitation of CVE-2024-30046 e CVE-2024-30051 is available on the network.
Risk
Estimated impact of the vulnerability on the target community: Serious/RED (77.94/100)1.
Type
- Information Disclosure
- Tampering
- Security Feature Bypass
- Remote Code Execution
- Elevation of Privilege
- Denial of Service
- Spoofing
Affected Products and Versions
- .NET and Visual Studio
- Azure Migrate
- Microsoft Bing
- Microsoft Brokering File System
- Microsoft Dynamics 365 Customer Insights
- Microsoft Edge (Chromium-based)
- Microsoft Intune
- Microsoft Office Excel
- Microsoft Office SharePoint
- Microsoft WDAC OLE DB provider for SQL
- Microsoft Windows SCSI Class System File
- Microsoft Windows Search Component
- Power BI
- Visual Studio
- Windows Cloud Files Mini Filter Driver
- Windows CNG Key Isolation Service
- Windows Common Log File System Driver
- Windows Cryptographic Services
- Windows Deployment Services
- Windows DHCP Server
- Windows DWM Core Library
- Windows Hyper-V
- Windows Kernel
- Windows Mark of the Web (MOTW)
- Windows Mobile Broadband
- Windows MSHTML Platform
- Windows NTFS
- Windows Remote Access Connection Manager
- Windows Routing and Remote Access Service (RRAS)
- Windows Task Scheduler
- Windows Win32K – GRFX
- Windows Win32K – ICOMP
Mitigation Actions
In line with vendor statements, it is recommended that impacted products be updated through the Windows Update feature.
Unique vulnerability identifiers
References
https://msrc.microsoft.com/update-guide/releaseNote/2024-May
https://msrc.microsoft.com/update-guide (NB: filter: patch tuesday – May 2024)
1This estimate is made taking into account several parameters, including: CVSS, availability of patches/workarounds and PoCs, spread of the affected software/devices in the relevant community.
