Microsoft released security updates for 61 vulnerabilities in the May 2024 Patch Tuesday release. There are two vulnerabilities that were patched on zero day, affecting Windows MSHTML (CVE-2024-30040) and the Desktop Window Manager (DWM) core library (CVE-2024 -30051), and one patched critical vulnerability affecting Microsoft SharePoint Server (CVE-2024-30044).
May 2024 Risk Analysis
The top risk type this month is remote code execution (44%) followed by elevation of privilege (28%) and information disclosure (11%). This follows a trend set last month.
Figure 1. Details of May 2024 Patch Tuesday attack types
Windows products received the most patches this month with 47 patches, followed by Extended Security Update (ESU) with 25 patches and Developer Tools with 4 patches.
Figure 2. Details of product families affected by Tuesday's May 2024 patch
Zero day affecting the Windows MSHTML platform
CVE-2024-30040 is a security feature bypass vulnerability affecting the Microsoft Windows MSHTML platform with a Critical severity rating and CVSS score of 8.8. Successful exploitation of this vulnerability would allow an attacker to circumvent mitigations previously added to protect against an object linking and embedding attack, and download a malicious payload to an unsuspecting host.
This malicious payload can lead to malicious embedded content and the victim user is likely to click on this content, leading to unwanted consequences. The MSHTML platform is used across Microsoft 365 and Microsoft Office products. Given the exploit status of this vulnerability, a patch must be made immediately to prevent exploitation.
Description of the severity of CVSS CVE scores
Important
8.8 CVE-2024-30040 Windows MSHTML Platform Security Feature Bypass Vulnerability
Table 1. Critical vulnerabilities in the Windows MSHTML Platform
Core library for zero-day impact desktop window manager
CVE-2024-30051 is an elevation of privilege vulnerability affecting the Microsoft Windows Desktop Window Manager (DWM) core library with a critical severity rating and CVSS score of 7.8. This library is responsible for interacting with applications to display content to the user. Successful exploitation of this vulnerability would allow an attacker to gain system-wide permissions.
CrowdStrike has detected active exploit attempts for this vulnerability. Given this exploit case, a patch must be made immediately to prevent the exploit.
Description of the severity of CVSS CVE scores
Important
7.8 CVE-2024-30051 Windows DWM Core Library Elevation of Privilege Vulnerability
Table 2. Critical vulnerabilities in the Windows Desktop Window Manager core library
A critical security vulnerability affecting Microsoft SharePoint Server
CVE-2024-30044 is a critical remote code execution (RCE) vulnerability affecting Microsoft Windows Hyper-V with a CVSS score of 8.1. Successful exploitation of this vulnerability would allow an authenticated attacker with site owner privileges to inject and execute arbitrary code on SharePoint Server.
Description of the severity of CVSS CVE scores
Very important
8.1 CVE-2024-21407 Microsoft SharePoint Server Remote Code Execution Vulnerability
Table 3. Critical vulnerabilities in Microsoft SharePoint Server
Not all relevant vulnerabilities have patches: consider mitigation strategies
As we've learned with other high-profile vulnerabilities, such as Log4j, not all exploitable vulnerabilities can be easily patched. As with the ProxyNotShell vulnerabilities, it is extremely important to develop a response plan for how to defend your environments in the absence of a patching protocol.
Regularly reviewing your patching strategy should remain part of your program, but you should also look more holistically at your organization's approaches to cybersecurity and improve your overall security posture.
The CrowdStrike Falcon® platform regularly collects and analyzes trillions of endpoint events daily from millions of sensors deployed in 176 countries. Watch this demo to see the Falcon platform in action.
He learns more
Learn more about how CrowdStrike Falcon® Exposure Management can help you quickly and easily discover and prioritize vulnerabilities and other types of exposure here.
About CVSS results
The Common Vulnerability Scoring System (CVSS) is a free and open industry standard used by CrowdStrike and many other cybersecurity organizations to assess and report the severity and characteristics of software vulnerabilities. The base CVSS score ranges from 0.0 to 10.0, and the National Vulnerability Database (NVD) adds a severity rating to the CVSS scores. Learn more about logging vulnerabilities in this article.
