Microsoft Addresses 61 Security Vulnerabilities in May Patch Update
In its latest Patch Tuesday update for May 2024, Microsoft has resolved 61 newly identified security vulnerabilities across its software products, amongst them two zero-day flaws that have been actively exploited in the wild. These updates follow a proactive security strategy aimed at combating the evolving threat landscape characterized by targeted cyberattacks.
Among the vulnerabilities patched, one has been classified as critical, while 59 are deemed important, and one is rated moderate. This security update aligns with the ongoing efforts of the cybersecurity community to mitigate risks associated with software vulnerabilities. Additionally, Microsoft resolved 30 vulnerabilities in its Chromium-based Edge browser over the past month, including two zero-day vulnerabilities, CVE-2024-4671 and CVE-2024-4761, which have also been confirmed to be under active exploitation.
The specific vulnerabilities that have been weaponized in the wild include CVE-2024-30040, a Windows MSHTML Platform Security Feature Bypass Vulnerability with a CVSS score of 8.8, and CVE-2024-30051, a Windows Desktop Window Manager Core Library Elevation of Privilege Vulnerability rated at 7.8. The exploitation of CVE-2024-30040 can allow unauthenticated attackers to execute arbitrary code by deceiving users into opening malicious documents. This initial access may occur without necessitating direct interaction from the victim, indicating a sophisticated level of exploitation tactics.
CVE-2024-30051, on the other hand, offers the potential for threat actors to gain SYSTEM privileges. The discovery and reporting of this flaw have been credited to collaborative efforts by research teams at Kaspersky, DBAPPSecurity WeBin Lab, Google Threat Analysis Group, and Mandiant, hinting at a collective recognition of the vulnerability’s severity and potential wide-ranging impact.
Both vulnerabilities have been included in the U.S. Cybersecurity and Infrastructure Security Agency’s (CISA) Known Exploited Vulnerabilities catalog, mandating that federal entities apply the necessary patches by June 4, 2024. Furthermore, Microsoft has addressed numerous reported remote code execution vulnerabilities, including those that affect the Windows Mobile Broadband Driver and the Windows Routing and Remote Access Service (RRAS).
The list of notable vulnerabilities also encompasses multiple privilege escalation flaws. Among these, CVE-2024-29996 and CVE-2024-30025, with CVSS scores of 7.8, pose significant risks, especially within the Common Log File System (CLFS) driver. The rapid identification and patching of these vulnerabilities illustrate Microsoft’s commitment to enhancing software security in response to evolving threats.
In a broader context, organizations need to remain vigilant as threat actors persistently seek to exploit known weaknesses in software systems. Kaspersky researchers noted the use of these vulnerabilities in tandem with malware such as QakBot, emphasizing the risks to enterprise environments. This observation highlights the ongoing challenge for organizations to implement robust security measures and regularly update their systems to protect against evolving threats.
As Microsoft emphasizes the prioritization of security in its initiatives following scrutiny over previous breaches, recent advisories indicate that corporate leaders must ensure their teams are aware of the latest updates and vulnerabilities. Notably, accountability measures are being instituted within Microsoft’s leadership to ensure progress in meeting cybersecurity objectives remains a core focus.
In light of these developments, it is crucial for businesses—particularly those operating within the U.S.—to not only apply necessary patches but also adopt a proactive stance in assessing their cybersecurity frameworks. By understanding the tactics and techniques outlined in the MITRE ATT&CK framework, organizations can better prepare for potential attacks, ensuring their systems remain secure against both prevalent and emerging threats.
