Microsoft has addressed a complete of 61 new security flaws in its software package as component of its Patch Tuesday updates for Might 2024, together with two zero-times which have been actively exploited in the wild.
Of the 61 flaws, one is rated Critical, 59 are rated Crucial, and a single is rated Average in severity. This is in addition to 30 vulnerabilities solved in the Chromium-based mostly Edge browser above the previous thirty day period, like two a short while ago disclosed zero-times (CVE-2024-4671 and CVE-2024-4761) that have been tagged as exploited in attacks.
The two security shortcomings that have been weaponized in the wild are underneath –
- CVE-2024-30040 (CVSS rating: 8.8) – Windows MSHTML System Security Function Bypass Vulnerability
- CVE-2024-30051 (CVSS score: 7.8) – Windows Desktop Window Manager (DWM) Main Library Elevation of Privilege Vulnerability
“An unauthenticated attacker who properly exploited this vulnerability could acquire code execution through convincing a consumer to open up a malicious doc at which level the attacker could execute arbitrary code in the context of the person,” the tech giant stated in an advisory for CVE-2024-30040.
Nevertheless, profitable exploitation requires an attacker to encourage the user to load a specially crafted file on to a susceptible system, distributed either via email or an instant message, and trick them into manipulating it. Curiously, the target would not have to click on or open up the malicious file to activate the infection.
On the other hand, CVE-2024-30051 could allow for a danger actor to achieve Procedure privileges. Three groups of scientists from Kaspersky, DBAPPSecurity WeBin Lab, Google Menace Assessment Group, and Mandiant have been credited with discovering and reporting the flaw, indicating possible common exploitation.
“We have found it utilized jointly with QakBot and other malware, and imagine that multiple danger actors have obtain to it,” Kaspersky scientists Boris Larin and Mert Degirmenci stated.
Each vulnerabilities have been extra by the U.S. Cybersecurity and Infrastructure Security Agency (CISA) to its Recognised Exploited Vulnerabilities (KEV) catalog, requiring federal organizations to utilize the most recent fixes by June 4, 2024.
Also solved by Microsoft are many remote code execution bugs, which includes nine impacting Windows Cellular Broadband Driver and 7 affecting Windows Routing and Distant Access Assistance (RRAS).
Other noteworthy flaws encompass privilege escalation flaws in the Typical Log File Process (CLFS) driver – CVE-2024-29996, CVE-2024-30025 (CVSS scores: 7.8), and CVE-2024-30037 (CVSS score: 7.5) – Get32k (CVE-2024-30028 and CVE-2024-30030, CVSS scores: 7.8), Windows Look for Assistance (CVE-2024-30033, CVSS rating: 7.), and Windows Kernel (CVE-2024-30018, CVSS rating: 7.8).
In March 2024, Kaspersky exposed that danger actors are trying to actively exploit now-patched privilege escalation flaws in a variety of Windows elements owing to the point that “it’s a pretty straightforward way to get a quick NT AUTHORITYSYSTEM.”
Akamai has additional outlined a new privilege escalation strategy affecting Energetic Listing (Ad) environments that can take gain of the DHCP directors group.
“In situations the place the DHCP server job is set up on a Area Controller (DC), this could enable them to gain domain admin privileges,” the enterprise famous. “In addition to giving a privilege escalation primitive, the exact approach could also be applied to make a stealthy area persistence mechanism.
Rounding off the listing is a security feature bypass vulnerability (CVE-2024-30050, CVSS rating: 5.4) impacting Windows Mark-of-the-Web (MotW) that could be exploited by signifies of a malicious file to evade defenses.
Software package Patches from Other Sellers
In addition to Microsoft, security updates have also been produced by other sellers over the previous several months to rectify numerous vulnerabilities, together with —
- Adobe
- Android
- Apple
- Arm
- ASUS
- Atos
- Broadcom (which includes VMware)
- Cacti
- Cisco
- Citrix
- CODESYS
- Dell
- Drupal
- F5
- Fortinet
- GitLab
- Google Chrome
- Google Cloud
- Google Have on OS
- Hikvision
- Hitachi Vitality
- HP
- HP Organization
- HP Company Aruba Networks
- IBM
- Intel
- Jenkins
- Juniper Networks
- Lenovo
- Linux distributions Debian, Oracle Linux, Red Hat, SUSE, and Ubuntu
- MediaTek
- Mitsubishi Electric
- MongoDB
- Mozilla Thunderbird
- NVIDIA
- ownCloud
- Palo Alto Networks
- Progress Program
- QNAP
- Qualcomm
- Rockwell Automation
- Samsung
- SAP
- Schneider Electrical
- Siemens
- SolarWinds
- SonicWall
- Tinyproxy
- Veeam
- Veritas
- Zimbra
- Zoom, and
- Zyxel
Found this write-up interesting? Comply with us on Twitter and LinkedIn to go through much more special information we submit.
Some parts of this article are sourced from:
thehackernews.com