Sign in Subscribe
Patch Tuesday

Microsoft's May 2024 Patch Tuesday: A Technical Analysis

Jim Gogarty

Jim Gogarty

5 min read
Microsoft's May 2024 Patch Tuesday: A Technical Analysis
Photo by Clint Patterson / Unsplash

Hello readers! As your trusted technical support and cybersecurity specialist, I'm here to break down Microsoft's latest Patch Tuesday notes for May 2024. This month's updates are noteworthy, addressing 61 flaws, including three zero-days.

Critical Updates :

Microsoft SharePoint Server Remote Code Execution Vulnerability.

The most critical vulnerability addressed in this Patch Tuesday is a Remote Code Execution Vulnerability in Microsoft on-prem SharePoint Server. This vulnerability could allow an attacker to execute arbitrary code in the user's context.

The Microsoft SharePoint Server Remote Code Execution Vulnerability, identified as CVE-2024-30044, could allow an attacker to execute arbitrary code in the user's context. An authenticated attacker with Manage List permissions could execute code remotely on the SharePoint Server in a network-based attack. This vulnerability's impact is significant as it could potentially allow an attacker to take control of the affected system.

Windows MSHTML Platform Security Feature Bypass Vulnerability (CVE-2024-30040)

This actively exploited vulnerability is a security feature bypass in the Windows MSHTML Platform. An attacker could exploit this vulnerability by convincing a user to open a malicious document, potentially leading to code execution.

What is it?

A security feature bypass vulnerability is a type of security flaw that allows an attacker to bypass certain security features or restrictions in a system. In this case, the vulnerability is in the Windows MSHTML Platform.

The Windows MSHTML Platform, also known as Trident, is a proprietary browser engine developed by Microsoft. It debuted with the release of Internet Explorer 4 in 1997.

MSHTML renders web pages in Internet Explorer. Other applications also use it through the WebBrowser control. It presents a COM interface for accessing and editing web pages in any COM-supported environment, like C++ and .NET.

For instance, a web browser control can be added to a C++ program, and MSHTML can then be used to access the page currently displayed in the web browser and retrieve element values. Events from the web browser control can also be captured.

It's important to note that while MSHTML is primarily associated with Internet Explorer, it's also used in Internet Explorer mode in Microsoft Edge and other applications.

How does it work?

Specific details are still unavailable of how this vulnerability works.

Impact

The severity of this vulnerability is high, with a CVSS score of 8.8. Successful exploitation of this vulnerability would allow the attacker to circumvent the mitigation previously added to protect against an Object Linking and Embedding attack. Therefore, applying the security update as soon as possible is crucial.

Windows DWM Core Library Elevation of Privilege Vulnerability (CVE-2024-30051).

This is another actively exploited vulnerability in the Windows DWM Core Library. Successful exploitation could result in the attacker gaining SYSTEM privileges. Recent Qakbot malware phishing attacks have used malicious documents to exploit this flaw and gain SYSTEM privileges on Windows devices.

What is it?

The Windows DWM Core Library is a system manager that generates every visual element on a PC or laptop, including visual effects in menus, wallpapers, and themes. DWM stands for Desktop Window Manager.

It has been a part of Microsoft Windows since Windows Vista and is also known as the Desktop Compositing Engine (DCE). The DWM Core Library is responsible for the graphical user interface and the visual effects you see on your screen.

For instance, when you minimize a window, the animation you see is managed by the DWM Core Library. It also manages the live taskbar thumbnails and even the Windows Flip 3D switcher.

An Elevation of Privilege (EoP) vulnerability allows an attacker to execute code with elevated permissions. In this case, an attacker who successfully exploited this vulnerability could gain SYSTEM privilege.

Impact

The severity of this vulnerability is high, with a CVSS score of 7.8. Successful exploitation of this vulnerability would allow the attacker to gain SYSTEM privileges.

Notable Updates for Windows 11 and Windows 10

Windows 11 Updates

  • This update addresses a known issue that might cause your VPN connection to fail.
  • The Recommended section of the Start menu will show some Microsoft Store apps. These apps come from a small set of curated developers.
  • In the coming weeks, your most frequently used apps might appear in the Recommended section of the Start menu. This applies to apps that you have not already pinned to the Start menu or the taskbar.
  • Widgets icons on the taskbar are no longer pixelated or fuzzy. This update also starts the rollout of a larger set of animated icons.
  • Widgets on the lock screen are more reliable and have improved quality. This update also supports more visuals.
  • Touch keyboard updates make the Japanese 106 keyboard layout appear as expected when you sign in.
  • Addresses an issue that affects Settings. It stops responding when you dismiss a flyout menu.
  • Servicing Stack Update - 22621.3522 and 22631.3522: This update makes quality improvements to the servicing stack, which is the component that installs Windows updates.

Windows 10 Updates

KB5037768 Update:

Key Changes:

  • This update addresses a known issue that might cause your VPN connection to fail.
  • Widgets on the lock screen have been made more reliable and have improved quality.
  • An issue that affects some wireless earbuds has been addressed. Bluetooth connections are not stable on devices that have firmware from April 2023 and later.
  • Changes have been made to Windows Search to make it more reliable and easier to find an app after you install it.
  • Servicing Stack Update - 19044.4351 and 19045.4351: This update makes quality improvements to the servicing stack, which is the component that installs Windows updates.

Other Noteworthy Updates

In addition to the critical updates, this Patch Tuesday also includes fixes for:

  • 17 Elevation of Privilege Vulnerabilities
  • 2 Security Feature Bypass Vulnerabilities
  • 27 Remote Code Execution Vulnerabilities
  • 7 Information Disclosure Vulnerabilities
  • 3 Denial of Service Vulnerabilities
  • 4 Spoofing Vulnerabilities

While I strive to provide accurate and up-to-date information, it’s important to remember that the tech landscape is ever-evolving. Therefore, always exercise caution and consider this blog as a starting point for your own research.

Patch Testing Advisory

Before rolling out any patches or updates, it’s crucial to conduct thorough testing in a non-production environment. This step is essential to ensure compatibility and to prevent any potential disruptions to your users. By taking this precaution, you safeguard your systems and maintain a smooth operational flow.

Disclaimer: The insights and recommendations shared here are based on the information available at the time of writing and may not reflect the most current developments.

Sources:

Microsoft Patch Notes for May 2024

May 14, 2024 Security update (KB5037782) - Microsoft Support

Microsoft May 2024 Patch Tuesday fixes 3 zero-days, 61 flaws

May 14, 2024—KB5037771 (OS Builds 22621.3593 and 22631.3593)

Microsoft May 2024 Patch Tuesday fixes 3 zero-days, 61 flaws. https://www.bleepingcomputer.com/news/microsoft/microsoft-may-2024-patch-tuesday-fixes-3-zero-days-61-flaws/.

May 14, 2024 Security update (KB5037782) - Microsoft Support. https://support.microsoft.com/en-us/topic/may-14-2024-security-update-kb5037782-855ea96b-1b19-4dea-ac87-2136d448a6d8.

Microsoft Releases May 2024 Patch Tuesday Updates for Windows 11 and Windows 10. https://www.thurrott.com/windows/302522/may-2024-patch-tuesday-updates.

Patch Tuesday, May 2024 Edition. https://krebsonsecurity.com/2024/05/patch-tuesday-may-2024-edition/.

Read more