Share this article
Latest news
With KB5043178 to Release Preview Channel, Microsoft advises Windows 11 users to plug in when the battery is low
Copilot in Outlook will generate personalized themes for you to customize the app
Microsoft will raise the price of its 365 Suite to include AI capabilities
Death Stranding Director’s Cut is now Xbox X|S at a huge discount
Outlook will let users create custom account icons so they can tell their accounts apart easier
Microsoft Patch Tuesday, May'24: Over 60 vulnerabilities fixed
Install the security patches immediately
3 min. read
Published onMay 15, 2024
published onMay 15, 2024
Share this article
Read our disclosure page to find out how can you help Windows Report sustain the editorial teamRead more
If you are a part of the Microsoft ecosystem, it’s vital to understand what vulnerabilities were fixed in the latest Patch Tuesday. InMay 2024, Microsoft released patches for 60 vulnerabilities, including two zero days.
For the unversed,Zero Dayvulnerabilities are the ones that have been identified and disclosed, but a patch hasn’t been released yet.
Vulnerabilities addressed in Microsoft Patch Tuesday, May 2024
The two zero days patched this time around are:
CVE-2024-30051(Windows DWM Core Library Elevation of Privilege Vulnerability)
One of the most severe existing vulnerabilities, it received aCVSSrating of7.8. Other than that the fact that it allowed an attacker to gain access to the system, Microsoft failed to share much about the vulnerability.
Available reports suggest that the vulnerability was being actively exploited to load malware on the end user’s PC, including theQakbot banking trojan.
CVE-2024-30040 (Windows MSHTML Platform Security Feature Bypass Vulnerability)
Granted aCVSSscore of8.8, Microsoft explains that for this vulnerability to be exploited, attackers have to convince the end user to load a malicious file (even a document), which would then allow them the code execution privileges.
Both these vulnerabilities are critical and actively exploited. We recommend you download the patch right away from the dedicated page, depending on the Windows version and the system architecture.
Of thesecurity updates released by Microsoft, here’s a quick classification:
These include security updates forMicrosoft Edge (Chromium-based),Microsoft 365,Power BI,Windows Cloud Files Mini Filter Driver,Windows Task Scheduler,Microsoft Windows Search Component, andWindows Common Log File System Driver, amongst others.
It’s also vital to separately mention theCVE-2024-30044 SharePoint Server Remote Code Executionvulnerability, the only one in the list to be marked asCritical. It has aCVSSscore of8.8. Microsoft’s official website, while explaining the exploitation process, reads,
Download the security patches for all the vulnerabilities that apply to you, and work stress-free in a secure environment.
Also, Microsoft has confirmed that thehotpatching featureis now available. So you won’t have to reboot the device after installing the update for the changes to come into effect!
Do you know any vulnerabilities that weren’t addressed in this Microsoft Patch Tuesday? Share with our readers in the comments section.
More about the topics:microsoft edge,patch tuesday
Kazim Ali Alvi
Windows Hardware Expert
Kazim has always been fond of technology, be it scrolling through the settings on his iPhone, Android device, or Windows PC. He’s specialized in hardware devices, always ready to remove a screw or two to find out the real cause of a problem.
Long-time Windows user, Kazim is ready to provide a solution for your every software & hardware error on Windows 11, Windows 10 and any previous iteration. He’s also one of our experts in Networking & Security.
User forum
0 messages
Sort by:LatestOldestMost Votes
Comment*
Name*
Email*
Commenting as.Not you?
Save information for future comments
Comment
Δ
Kazim Ali Alvi
Windows Hardware Expert
Kazim is specialized in hardware devices, always ready to remove a screw or two to find out the real cause of a problem.
