Microsoft has recently released its Patch Tuesday updates for May 2024, addressing a total of 61 security flaws in its software. Among these vulnerabilities, two zero-days have been actively exploited in the wild. The severity ratings for the flaws include one Critical, 59 Important, and one Moderate. Additionally, 30 vulnerabilities in the Chromium-based Edge browser have been resolved, including two recently disclosed zero-days that have been identified as being exploited in attacks.
The two security flaws that have been weaponized in the wild are CVE-2024-30040 and CVE-2024-30051. CVE-2024-30040 is a Windows MSHTML Platform Security Feature Bypass Vulnerability with a CVSS score of 8.8, while CVE-2024-30051 is a Windows Desktop Window Manager Core Library Elevation of Privilege Vulnerability with a CVSS score of 7.8. The vulnerabilities allow attackers to execute arbitrary code and gain SYSTEM privileges, respectively.
To exploit CVE-2024-30040, an unauthenticated attacker needs to convince a user to open a malicious document. The attacker can then execute arbitrary code in the context of the user. Interestingly, the user does not need to click or open the file to activate the infection. On the other hand, exploiting CVE-2024-30051 requires tricking the user into manipulating a specially crafted file, which can be distributed via email or instant message.
Multiple groups of researchers, including Kaspersky, DBAPPSecurity WeBin Lab, Google Threat Analysis Group, and Mandiant, have been credited with discovering and reporting the flaws. The widespread exploitation of CVE-2024-30051 suggests that multiple threat actors have access to it.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added both vulnerabilities to its Known Exploited Vulnerabilities catalog, requiring federal agencies to apply the latest fixes by June 4, 2024. This ensures that the vulnerabilities are addressed promptly to mitigate the risks associated with them.
In addition to the zero-day vulnerabilities, Microsoft has resolved several other vulnerabilities in its software. This includes remote code execution bugs, with nine impacting Windows Mobile Broadband Driver and seven affecting Windows Routing and Remote Access Service (RRAS). Privilege escalation flaws have also been fixed in the Common Log File System (CLFS) driver, Win32k, Windows Search Service, and Windows Kernel.
It is worth mentioning that Kaspersky previously revealed that threat actors actively exploit privilege escalation flaws in various Windows components because they offer an easy way to gain NT AUTHORITY\SYSTEM privileges. These flaws can be utilized to escalate privileges and gain unauthorized access within a system.
Additionally, Akamai has identified a new privilege escalation technique that affects Active Directory (AD) environments. This technique takes advantage of the DHCP administrators group and can enable attackers to gain domain admin privileges. Moreover, it can also be used to establish a stealthy domain persistence mechanism.
The list of security flaws addressed by Microsoft also includes a security feature bypass vulnerability impacting Windows Mark-of-the-Web (MotW). This vulnerability, with a CVSS score of 5.4, can be exploited by using a malicious file to evade defenses and exploit the system.
It is vital for organizations and users to promptly apply the necessary software patches and updates released by Microsoft and other vendors. Patching vulnerabilities is crucial for maintaining the security and integrity of systems and preventing exploitation by malicious actors.
In conclusion, Microsoft’s Patch Tuesday updates for May 2024 have addressed a total of 61 security flaws, including two zero-days actively exploited in the wild. Promptly applying the necessary patches and updates is essential to mitigate the risks associated with these vulnerabilities and ensure the overall security of systems and networks.
Source link
