Microsoft addresses 59 CVEs in its May 2024 Patch Tuesday release with one critical vulnerability and three zero-day vulnerabilities, two of which were exploited in the wild.
Windows DWM Core Library Elevation of Privilege Vulnerability
CVE-2024-30051 with a CVSSv3 score of 7.8, is an EoP vulnerability in the DWM Core Library in Microsoft Windows. It was exploited in the wild as a zero-day and was publicly disclosed prior to a patch being available. A local attacker with a presence on a vulnerable system could exploit this vulnerability to gain SYSTEM privileges. This vulnerability was discovered by researchers from Google Threat Analysis Group, Google Mandiant and Kaspersky.
Microsoft also patched two other EoP vulnerabilities in the DWM Core Library (CVE-2024-30032, CVE-2024-30035) and an information disclosure vulnerability (CVE-2024-30008).
Windows MSHTML Platform Security Feature Bypass Vulnerability
CVE-2024-30040 with a CVSSv3 score of 8.8 is a security feature bypass vulnerability in the MSHTML (Trident) engine in Microsoft Windows that was exploited in the wild as a zero-day. An attacker could exploit this vulnerability by using social engineering tactics via email, social media, or instant messaging to convince a target user to open a specially crafted document. Once exploited, an attacker could execute code on the target system.
Visual Studio Denial of Service Vulnerability
CVE-2024-30046 with a CVSSv3 score of 5.9, is a denial of service (DoS) vulnerability affecting multiple versions of Microsoft Visual Studio 2022. It is rated as “Exploitation Less Likely” according to Microsoft’s Exploitability Index and its Attack Complexity rating is listed as High. This is because an attacker would need to “invest time in repeated exploitation attempts” through the sending of “constant or intermittent data” to a targeted system. DoS attacks often require a steady stream of requests to overwhelm a target system, so these ratings are expected.
Microsoft SharePoint Server Remote Code Execution Vulnerability
CVE-2024-30044 with a CVSSv3 score of 8.8 is a RCE vulnerability in Microsoft SharePoint Server. This vulnerability is rated as Exploitation More Likely. The exploitation of this flaw requires an attacker authenticated to a vulnerable SharePoint Server with Site Owner permissions to perform two steps:
The attacker must upload a specially crafted file to the vulnerable SharePoint Server
- The attacker then send specially crafted API requests to the SharePoint Server to “trigger deserialization of file’s parameters.” Successful exploitation would result in remote code execution “in the context of the SharePoint Server.”
Other Notable Vulnerabilities
CVE-2024-29996 and CVE-2024-30025 are elevation of privilege vulnerabilities in the Windows Common Log File System Driver. On successful exploitation, an attacker could gain SYSTEM privileges.
CVE-2024-30050 is a security feature bypass vulnerability in Windows Mark of the Web. An attacker might host a file on a server and convince a targeted user to download and open the file to exploit this vulnerability. An attacker may alter the functionality of the Mark of the Web on successful exploitation.
CVE-2024-30038 is an elevation of privilege vulnerability in Win32k. Successful exploitation of the vulnerability may allow a local, authenticated attacker to gain elevated local system or administrator privileges.
CVE-2024-30049 is an elevation of privilege vulnerability in the Windows Win32 Kernel Subsystem. On successful exploitation, an attacker could gain SYSTEM privileges.
Summary
| CVE ID | Vulnerability Title | Severity |
| CVE-2024-30044 | Microsoft SharePoint Server Remote Code Execution Vulnerability | Critical |
| CVE-2024-30045 | .NET and Visual Studio Remote Code Execution Vulnerability | Important |
| CVE-2024-30053 | Azure Migrate Cross-Site Scripting Vulnerability | Important |
| CVE-2024-30041 | Microsoft Bing Search Spoofing Vulnerability | Important |
| CVE-2024-30007 | Microsoft Brokering File System Elevation of Privilege Vulnerability | Important |
| CVE-2024-30048 | Dynamics 365 Customer Insights Spoofing Vulnerability | Important |
| CVE-2024-30047 | Dynamics 365 Customer Insights Spoofing Vulnerability | Important |
| CVE-2024-30059 | Microsoft Intune for Android Mobile Application Management Tampering Vulnerability | Important |
| CVE-2024-30042 | Microsoft Excel Remote Code Execution Vulnerability | Important |
| CVE-2024-30043 | Microsoft SharePoint Server Information Disclosure Vulnerability | Important |
| CVE-2024-30006 | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | Important |
| CVE-2024-29994 | Microsoft Windows SCSI Class System File Elevation of Privilege Vulnerability | Important |
| CVE-2024-30033 | Windows Search Service Elevation of Privilege Vulnerability | Important |
| CVE-2024-30054 | Microsoft Power BI Client JavaScript SDK Information Disclosure Vulnerability | Important |
| CVE-2024-30046 | Visual Studio Denial of Service Vulnerability | Important |
| CVE-2024-32004 | GitHub: CVE-2024-32004 Remote Code Execution while cloning special-crafted local repositories | Important |
| CVE-2024-32002 | CVE-2024-32002 Recursive clones on case-insensitive filesystems that support symlinks are susceptible to Remote Code Execution | Important |
| CVE-2024-30034 | Windows Cloud Files Mini Filter Driver Information Disclosure Vulnerability | Important |
| CVE-2024-30031 | Windows CNG Key Isolation Service Elevation of Privilege Vulnerability | Important |
| CVE-2024-29996 | Windows Common Log File System Driver Elevation of Privilege Vulnerability | Important |
| CVE-2024-30037 | Windows Common Log File System Driver Elevation of Privilege Vulnerability | Important |
| CVE-2024-30025 | Windows Common Log File System Driver Elevation of Privilege Vulnerability | Important |
| CVE-2024-30020 | Windows Cryptographic Services Remote Code Execution Vulnerability | Important |
| CVE-2024-30016 | Windows Cryptographic Services Information Disclosure Vulnerability | Important |
| CVE-2024-30036 | Windows Deployment Services Information Disclosure Vulnerability | Important |
| CVE-2024-30019 | DHCP Server Service Denial of Service Vulnerability | Important |
| CVE-2024-30008 | Windows DWM Core Library Information Disclosure Vulnerability | Important |
| CVE-2024-30051 | Windows DWM Core Library Elevation of Privilege Vulnerability | Important |
| CVE-2024-30035 | Windows DWM Core Library Elevation of Privilege Vulnerability | Important |
| CVE-2024-30032 | Windows DWM Core Library Elevation of Privilege Vulnerability | Important |
| CVE-2024-30011 | Windows Hyper-V Denial of Service Vulnerability | Important |
| CVE-2024-30017 | Windows Hyper-V Remote Code Execution Vulnerability | Important |
| CVE-2024-30010 | Windows Hyper-V Remote Code Execution Vulnerability | Important |
| CVE-2024-30018 | Windows Kernel Elevation of Privilege Vulnerability | Important |
| CVE-2024-30002 | Windows Mobile Broadband Driver Remote Code Execution Vulnerability | Important |
| CVE-2024-29997 | Windows Mobile Broadband Driver Remote Code Execution Vulnerability | Important |
| CVE-2024-30003 | Windows Mobile Broadband Driver Remote Code Execution Vulnerability | Important |
| CVE-2024-30012 | Windows Mobile Broadband Driver Remote Code Execution Vulnerability | Important |
| CVE-2024-29999 | Windows Mobile Broadband Driver Remote Code Execution Vulnerability | Important |
| CVE-2024-29998 | Windows Mobile Broadband Driver Remote Code Execution Vulnerability | Important |
| CVE-2024-30000 | Windows Mobile Broadband Driver Remote Code Execution Vulnerability | Important |
| CVE-2024-30005 | Windows Mobile Broadband Driver Remote Code Execution Vulnerability | Important |
| CVE-2024-30004 | Windows Mobile Broadband Driver Remote Code Execution Vulnerability | Important |
| CVE-2024-30021 | Windows Mobile Broadband Driver Remote Code Execution Vulnerability | Important |
| CVE-2024-30001 | Windows Mobile Broadband Driver Remote Code Execution Vulnerability | Important |
| CVE-2024-30040 | Windows MSHTML Platform Security Feature Bypass Vulnerability | Important |
| CVE-2024-30027 | NTFS Elevation of Privilege Vulnerability | Important |
| CVE-2024-30039 | Windows Remote Access Connection Manager Information Disclosure Vulnerability | Important |
| CVE-2024-30009 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | Important |
| CVE-2024-30024 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | Important |
| CVE-2024-30015 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | Important |
| CVE-2024-30029 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | Important |
| CVE-2024-30023 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | Important |
| CVE-2024-30014 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | Important |
| CVE-2024-30022 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | Important |
| CVE-2024-26238 | Microsoft PLUGScheduler Scheduled Task Elevation of Privilege Vulnerability | Important |
| CVE-2024-30030 | Win32k Elevation of Privilege Vulnerability | Important |
| CVE-2024-30038 | Win32k Elevation of Privilege Vulnerability | Important |
| CVE-2024-30049 | Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability | Important |
| CVE-2024-30028 | Win32k Elevation of Privilege Vulnerability | Important |
