May 15, 2024 at 04:24AM
In May 2024, Microsoft’s Patch Tuesday updates addressed 61 security flaws, including two zero-days actively exploited. A Critical flaw in the Windows MSHTML Platform and an Important one in the Desktop Window Manager were exploited in attacks. The vulnerabilities require urgent fixes to prevent widespread exploitation. Other vendors have also released security updates.
Key takeaways from the meeting notes:
– Microsoft has addressed a total of 61 new security flaws in its software as part of its Patch Tuesday updates for May 2024, including two zero-days that have been actively exploited.
– Of the 61 flaws, one is rated Critical, 59 are rated Important, and one is rated Moderate in severity.
– Two zero-day vulnerabilities that have been actively exploited are:
– CVE-2024-30040 (CVSS score: 8.8) – Windows MSHTML Platform Security Feature Bypass Vulnerability
– CVE-2024-30051 (CVSS score: 7.8) – Windows Desktop Window Manager (DWM) Core Library Elevation of Privilege Vulnerability
– The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added these vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, requiring federal agencies to apply the latest fixes by June 4, 2024.
– Microsoft has also resolved several other vulnerabilities, including remote code execution bugs and privilege escalation flaws in various Windows components.
– Akamai has outlined a new privilege escalation technique affecting Active Directory (AD) environments that takes advantage of the DHCP administrators group.
– Security updates have also been released by other vendors over the past few weeks to rectify several vulnerabilities.
Let me know if you need any further clarification or additional information.