Microsoft Patches 61 Security Flaws, Including Two Actively Exploited Zero-Days
In its May 2024 Patch Tuesday release, Microsoft has rolled out fixes for 61 security vulnerabilities, including two zero-day flaws that are currently being exploited in active cyber-attacks. These updates are crucial for protecting systems running Windows and other Microsoft software from a wide array of potential threats.
Overview of the Security Updates
Among the 61 flaws addressed, one is classified as Critical, 59 are deemed Important, and one is rated as Moderate in severity. Additionally, Microsoft has resolved 30 vulnerabilities in its Chromium-based Edge browser over the past month, including two zero-days (CVE-2024-4671 and CVE-2024-4761) that have been actively targeted in recent attacks.
The two most notable vulnerabilities patched this month are:
CVE-2024-30040 (CVSS score: 8.8): This Windows MSHTML Platform vulnerability allows attackers to bypass security features, potentially enabling them to execute arbitrary code by tricking a user into opening a malicious document. Worryingly, the infection can be triggered without the user actively clicking or interacting with the file, making it a particularly insidious threat.
CVE-2024-30051 (CVSS score: 7.8): This flaw in the Windows Desktop Window Manager (DWM) Core Library could allow attackers to escalate privileges, granting them SYSTEM-level access to the affected device. With this level of access, attackers can take full control of the system, executing any commands, accessing or modifying data, and even creating new user accounts. Researchers from Kaspersky, DBAPPSecurity WeBin Lab, Google Threat Analysis Group, and Mandiant have all been credited with identifying and reporting this vulnerability, highlighting its significant impact.
How These Vulnerabilities Are Exploited
CVE-2024-30040 is particularly concerning due to its potential for remote code execution through a security feature bypass. Attackers typically deliver specially crafted files via email or instant messages, and the malicious code can be executed even if the user does not actively open the file. This makes it a highly effective tool for cyber criminals looking to compromise systems with minimal user interaction.
CVE-2024-30051, on the other hand, is an elevation of privilege vulnerability that could enable attackers to gain SYSTEM-level access, which allows them to take complete control of a compromised machine. Such control could be used to install malware, exfiltrate data, or carry out other malicious activities, making this vulnerability a prime target for sophisticated threat actors.
The Importance of Prompt Patching
The active exploitation of these zero-day vulnerabilities underscores the importance of keeping systems up to date with the latest security patches. Neglecting to apply these updates could leave systems vulnerable to a variety of attacks, potentially leading to significant data breaches, financial losses, and reputational damage.
Microsoft’s Patch Tuesday updates are a vital part of an organisation’s cyber security strategy. By applying these patches, users can protect their systems from known vulnerabilities and reduce the risk of exploitation. It's crucial for organisations to ensure timely deployment of these updates and to educate users on recognizing and avoiding phishing attacks and other tactics that exploit these vulnerabilities.
In addition to applying these patches, organisations should consider adopting advanced security measures such as endpoint detection and response (EDR) tools, which can help identify and mitigate threats before they cause serious harm.
As cyber threats continue to evolve, staying informed and proactive about applying security updates will be essential to maintaining robust defences.
Find out more about our 24/7/365 Security Operations Centre here.
