⚡ TL;DR | Go Straight to the May 2024 Patch Tuesday Audit Report
Patch Tuesday is once again upon us. As always, our team has put together the monthly Patch Tuesday Report to help you manage your update progress. The audit report gives you a quick and clear overview of your Windows machines and their patching status. The May 2024 edition of Patch Tuesday brings us 61 new fixes, with 1 rated as critical. We’ve listed the most important changes below.
Windows MSHTML Platform Security Feature Bypass Vulnerability
The frist highlight of this month isn’t a vulnerability rated as „critical“, however its one that has already been exploited. CVE-2024-30040 is a vulnerability bypasses OLE mitigations in Microsoft 365 and Microsoft Office.
OLE (Object Linking and Embedding) mitigations in Microsoft 365 refer to security measures designed to protect against vulnerabilities related to OLE technology, commonly used for embedding objects between documents, by restricting its usage to prevent potential exploitation by malicious actors.
To exploit this vulnerability an attacker would need to convince a user to open a malicious document at which point the attacker could execute arbitrary code in the context of that user.
Windows DWM Core Library Vulnerabilities
Next up are multiple vulnerabilities in the Windows DWM Core Library. The Windows Desktop Window Manager (DWM) Core Library is a component responsible for managing graphical elements, including rendering windows and applying visual effects, to provide a consistent user interface experience in Windows operating systems.
The most critical vulnerability is CVE-2024-30051 which has also been exploited already. This elevation of privilege vulnerability could give an attacker SYSTEM privileges if exploited successfully. Microsoft hasn’t shared details on how exploitation can take place.
Additionally, there were three other vulnerabilities in the Windows DWM Core Library, two EoP and one information disclosure vulnerability.
Microsoft SharePoint Server Remote Code Execution Vulnerability
Last but not least, we have the only critical vulnerability of this month. A SharePoint RCE vulnerability. While there is no exploitation detected yet, Microsoft has listed it as being „more likely“ to be exploited.
In order to exploit the vulnerability, Microsoft lists the following for CVE-2024-30044:
An authenticated attacker with Site Owner permissions or higher could upload a specially crafted file to the targeted Sharepoint Server and craft specialized API requests to trigger deserialization of file’s parameters. This would enable the attacker to perform remote code execution in the context of the Sharepoint Server.
msrc.microsoft.com
Run the Patch Tuesday May 2024 Audit
To help manage your update progress, we’ve created the Patch Tuesday Audit that checks if the assets in your network are on the latest patch updates. The report has been color-coded to see which machines are up-to-date and which ones still need to be updated. As always, system administrators are urged to update their environment as soon as possible to ensure all endpoints are secured.
The Lansweeper Patch Tuesday report is automatically added to your Lansweeper Site. Lansweeper Sites is included in all our licenses without any additional cost and allows you to federate all your installations into one single view so all you need to do is look at one report, automatically added every patch Tuesday!
Patch Tuesday May 2024 CVE Codes & Titles
| CVE Number | CVE Title |
| CVE-2024-30040 | Windows MSHTML Platform Security Feature Bypass Vulnerability |
| CVE-2024-30051 | Windows DWM Core Library Elevation of Privilege Vulnerability |
| CVE-2024-28902 | Windows Remote Access Connection Manager Information Disclosure Vulnerability |
| CVE-2024-26207 | Windows Remote Access Connection Manager Information Disclosure Vulnerability |
| CVE-2024-26217 | Windows Remote Access Connection Manager Information Disclosure Vulnerability |
| CVE-2024-28900 | Windows Remote Access Connection Manager Information Disclosure Vulnerability |
| CVE-2024-23593 | Lenovo: CVE-2024-23593 Modify Boot Manager and Escalate Privileges |
| CVE-2024-32002 | CVE-2024-32002 Recursive clones on case-insensitive filesystems that support symlinks are susceptible to Remote Code Execution |
| CVE-2024-29997 | Windows Mobile Broadband Driver Remote Code Execution Vulnerability |
| CVE-2024-29998 | Windows Mobile Broadband Driver Remote Code Execution Vulnerability |
| CVE-2024-29999 | Windows Mobile Broadband Driver Remote Code Execution Vulnerability |
| CVE-2024-30000 | Windows Mobile Broadband Driver Remote Code Execution Vulnerability |
| CVE-2024-30001 | Windows Mobile Broadband Driver Remote Code Execution Vulnerability |
| CVE-2024-30002 | Windows Mobile Broadband Driver Remote Code Execution Vulnerability |
| CVE-2024-30003 | Windows Mobile Broadband Driver Remote Code Execution Vulnerability |
| CVE-2024-30004 | Windows Mobile Broadband Driver Remote Code Execution Vulnerability |
| CVE-2024-30005 | Windows Mobile Broadband Driver Remote Code Execution Vulnerability |
| CVE-2024-30006 | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability |
| CVE-2024-30007 | Microsoft Brokering File System Elevation of Privilege Vulnerability |
| CVE-2024-30008 | Windows DWM Core Library Information Disclosure Vulnerability |
| CVE-2024-30009 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability |
| CVE-2024-30010 | Windows Hyper-V Remote Code Execution Vulnerability |
| CVE-2024-30011 | Windows Hyper-V Denial of Service Vulnerability |
| CVE-2024-30012 | Windows Mobile Broadband Driver Remote Code Execution Vulnerability |
| CVE-2024-30014 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability |
| CVE-2024-30015 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability |
| CVE-2024-30016 | Windows Cryptographic Services Information Disclosure Vulnerability |
| CVE-2024-30017 | Windows Hyper-V Remote Code Execution Vulnerability |
| CVE-2024-30018 | Windows Kernel Elevation of Privilege Vulnerability |
| CVE-2024-30019 | DHCP Server Service Denial of Service Vulnerability |
| CVE-2024-30020 | Windows Cryptographic Services Remote Code Execution Vulnerability |
| CVE-2024-30021 | Windows Mobile Broadband Driver Remote Code Execution Vulnerability |
| CVE-2024-30022 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability |
| CVE-2024-30023 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability |
| CVE-2024-30053 | Azure Migrate Cross-Site Scripting Vulnerability |
| CVE-2024-26238 | Microsoft PLUGScheduler Scheduled Task Elevation of Privilege Vulnerability |
| CVE-2024-29994 | Microsoft Windows SCSI Class System File Elevation of Privilege Vulnerability |
| CVE-2024-30024 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability |
| CVE-2024-30027 | NTFS Elevation of Privilege Vulnerability |
| CVE-2024-30028 | Win32k Elevation of Privilege Vulnerability |
| CVE-2024-30029 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability |
| CVE-2024-30030 | Win32k Elevation of Privilege Vulnerability |
| CVE-2024-30031 | Windows CNG Key Isolation Service Elevation of Privilege Vulnerability |
| CVE-2024-30033 | Windows Search Service Elevation of Privilege Vulnerability |
| CVE-2024-30036 | Windows Deployment Services Information Disclosure Vulnerability |
| CVE-2024-30039 | Windows Remote Access Connection Manager Information Disclosure Vulnerability |
| CVE-2024-30041 | Microsoft Bing Search Spoofing Vulnerability |
| CVE-2024-30042 | Microsoft Excel Remote Code Execution Vulnerability |
| CVE-2024-30043 | Microsoft SharePoint Server Information Disclosure Vulnerability |
| CVE-2024-30045 | .NET and Visual Studio Remote Code Execution Vulnerability |
| CVE-2024-30046 | Visual Studio Denial of Service Vulnerability |
| CVE-2024-30047 | Dynamics 365 Customer Insights Spoofing Vulnerability |
| CVE-2024-30048 | Dynamics 365 Customer Insights Spoofing Vulnerability |
| CVE-2024-32004 | GitHub: CVE-2024-32004 Remote Code Execution while cloning special-crafted local repositories |
| CVE-2024-30054 | Microsoft Power BI Client JavaScript SDK Information Disclosure Vulnerability |
| CVE-2024-26211 | Windows Remote Access Connection Manager Elevation of Privilege Vulnerability |
| CVE-2024-29996 | Windows Common Log File System Driver Elevation of Privilege Vulnerability |
| CVE-2024-30044 | Microsoft SharePoint Server Remote Code Execution Vulnerability |
| CVE-2024-30050 | Windows Mark of the Web Security Feature Bypass Vulnerability |
| CVE-2024-30025 | Windows Common Log File System Driver Elevation of Privilege Vulnerability |
| CVE-2024-30032 | Windows DWM Core Library Elevation of Privilege Vulnerability |
| CVE-2024-30034 | Windows Cloud Files Mini Filter Driver Information Disclosure Vulnerability |
| CVE-2024-30035 | Windows DWM Core Library Elevation of Privilege Vulnerability |
| CVE-2024-30037 | Windows Common Log File System Driver Elevation of Privilege Vulnerability |
| CVE-2024-30038 | Win32k Elevation of Privilege Vulnerability |
| CVE-2024-30049 | Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability |
| CVE-2024-30059 | Microsoft Intune for Android Mobile Application Management Tampering Vulnerability |