< BACK TO BLOG

May 16, 2024
by Andres Ramos

Critical and Actively Exploited Vulnerabilities in Microsoft’s May 2024 Patch Tuesday Update

On May 14, 2024, Microsoft published their May 2024 security update with patches for 60 vulnerabilities. Among these vulnerabilities, Arctic Wolf has highlighted three in this security bulletin that were categorized as critical or actively exploited.

Impacted Product #1: Windows

Vulnerabilities Impacting Windows:

CVE-2024-30040	CVSS: 8.8 – High MS Severity: Important	Exploitation Detected
Windows MSHTML Platform Security Feature Bypass Vulnerability – An unauthenticated remote threat actor can exploit this vulnerability by convincing a user to open a malicious document. This could lead to the execution of arbitrary code in the context of the user.
CVE-2024-30051	CVSS: 7.8 – High MS Severity: Important	Exploitation Detected
Windows DWM Core Library Elevation of Privilege Vulnerability – A local threat actor can exploit this vulnerability to escalate privileges. A security vendor reported observing exploitation of this vulnerability in the wild alongside Qakbot and other malware. Further technical details about this vulnerability will be released once users have had time to patch their Windows systems.

Impacted Product #2: Microsoft Office

Vulnerabilities Impacting Microsoft Office:

CVE-2024-30044

CVSS: 8.8 – High

MS Severity: Critical

No Exploitation Detected

Microsoft SharePoint Server Remote Code Execution (RCE) Vulnerability – A threat actor, authenticated with Site Owner permissions or higher, could upload a specially crafted file onto a targeted SharePoint Server. Subsequently, they could generate tailored API requests to trigger the deserialization of the file’s parameters, which enables RCE within the SharePoint Server’s context.

Recommendations

Recommendation #1: Apply Security Updates to Impacted Products

Arctic Wolf strongly recommends applying the available security updates to all impacted products to prevent potential exploitation.

Note: Please follow your organizations patching and testing guidelines to avoid operational impact.

Product	Vulnerability	Article	Download
Windows Server 2022, 23H2 Edition	CVE-2024-30040	5037781	Security Update
Windows Server 2022	CVE-2024-30051, CVE-2024-30040	5037782, 5037848	Security Update, SecurityHotpatchUpdate
Windows Server 2019	CVE-2024-30051, CVE-2024-30040	5037765	Security Update
Windows Server 2016	CVE-2024-30051, CVE-2024-30040	5037763	Security Update
Windows 11 Version 23H2 for x64-based Systems	CVE-2024-30051, CVE-2024-30040	5037771	Security Update
Windows 11 Version 23H2 for ARM64-based Systems	CVE-2024-30051, CVE-2024-30040	5037771	Security Update
Windows 11 Version 22H2 for x64-based Systems	CVE-2024-30051, CVE-2024-30040	5037771	Security Update
Windows 11 Version 22H2 for ARM64-based Systems	CVE-2024-30051, CVE-2024-30040	5037771	Security Update
Windows 11 version 21H2 for x64-based Systems	CVE-2024-30051, CVE-2024-30040	5037770	Security Update
Windows 11 version 21H2 for ARM64-based Systems	CVE-2024-30051, CVE-2024-30040	5037770	Security Update
Windows 10 Version 22H2 for x64-based Systems	CVE-2024-30051, CVE-2024-30040	5037768	Security Update
Windows 10 Version 22H2 for ARM64-based Systems	CVE-2024-30051, CVE-2024-30040	5037768	Security Update
Windows 10 Version 22H2 for 32-bit Systems	CVE-2024-30051, CVE-2024-30040	5037768	Security Update
Windows 10 Version 21H2 for x64-based Systems	CVE-2024-30051, CVE-2024-30040	5037768	Security Update
Windows 10 Version 21H2 for ARM64-based Systems	CVE-2024-30051, CVE-2024-30040	5037768	Security Update
Windows 10 Version 21H2 for 32-bit Systems	CVE-2024-30051, CVE-2024-30040	5037768	Security Update
Windows 10 Version 1809 for x64-based Systems	CVE-2024-30051, CVE-2024-30040	5037765	Security Update
Windows 10 Version 1809 for ARM64-based Systems	CVE-2024-30051, CVE-2024-30040	5037765	Security Update
Windows 10 Version 1809 for 32-bit Systems	CVE-2024-30051, CVE-2024-30040	5037765	Security Update
Windows 10 Version 1607 for x64-based Systems	CVE-2024-30051, CVE-2024-30040	5037763	Security Update
Windows 10 Version 1607 for 32-bit Systems	CVE-2024-30051, CVE-2024-30040	5037763	Security Update
Windows 10 for x64-based Systems	CVE-2024-30051, CVE-2024-30040	5037788	Security Update
Windows 10 for 32-bit Systems	CVE-2024-30051, CVE-2024-30040	5037788	Security Update
Microsoft SharePoint Server Subscription Edition	CVE-2024-30044	5002599	Security Update
Microsoft SharePoint Server 2019	CVE-2024-30044	5002596	Security Update
Microsoft SharePoint Enterprise Server 2016	CVE-2024-30044	5002598	Security Update

References

Andres Ramos

Andres Ramos is a Threat Intelligence Researcher at Arctic Wolf with a strong background in tracking emerging threats and producing actionable intelligence for both technical and non-technical stakeholders. He has a diverse background encompassing various domains of cyber security, holds a degree in Cybersecurity Engineering, and is a CISSP.

Continue Reading

Couple talking to a credit union employee.

Why Credit Unions Need to Improve Their Cybersecurity

© 2024 Arctic Wolf Networks Inc. All Rights Reserved.
Privacy Notice	Terms of Use	Cookie Policy	Accessibility Statement	Information Security	Sustainability Statement	Cookies Settings

SOLUTIONS

INDUSTRIES

Quickly detect, respond, and recover from advanced threats.

Detect and respond to advanced threats targeting your cloud infrastructure and applications.

Discover, assess, and harden your environment against digital risks.

Explore, harden, and simplify your cloud environment against misconfiguration vulnerabilities.

Engage and prepare employees to recognize and neutralize social engineering attacks.

Recover quickly from cyber attacks and breaches, from threat containment to business restoration.

HOW IT WORKS

Delivering security operations outcomes.

Collect, enrich, analyze.

Ecosystem integrations and technology partnerships.

Tailored security expertise and guided risk mitigation.

Security experts proactively protecting you 24×7.

Meet some of the security experts working alongside you and your team.

TRENDING RESOURCES

Learn how organizations across the globe are responding to threats and challenges, and implementing proactive measures to mitigate cyber risk.

Understanding ransomware — from its origins to its impacts to the TTPs that allow ransomware gangs to exploit victim organizations and make off with millions in ransom payments and extortion fees.

The elite security researchers, data scientists, and security developers of Arctic Wolf Labs share forward-thinking insights along with practical guidance you can apply to protect your organization.

SECURITY BULLETINS

Okta Cross-origin Authentication Feature in Customer Identity Cloud Targeted in Credential Stuffing Attacks

CVE-2024-24919: Information Disclosure Vulnerability Leveraged to Target Check Point VPNs

Multiple Critical SQL Injection Vulnerabilities in Ivanti Endpoint Manager

COMPANY

Critical and Actively Exploited Vulnerabilities in Microsoft’s May 2024 Patch Tuesday Update

Impacted Product #1: Windows

Vulnerabilities Impacting Windows:

Recommendations

Recommendation #1: Apply Security Updates to Impacted Products

References

Andres Ramos

Continue Reading

Arctic Wolf Networks 8939 Columbine Rd, Suite 150 Eden Prairie, MN 55347

1.888.272.8429

© 2024 Arctic Wolf Networks Inc. All Rights Reserved.

Arctic Wolf Networks
8939 Columbine Rd, Suite 150
Eden Prairie, MN 55347