2 Zero-Day Flaw Highlights Small Microsoft May Patch -- Redmondmag.com

2 Zero-Day Flaw Highlights Small Microsoft May Patch

By Chris Paoli
05/14/2024

After April's larger-than-usual security update, Microsoft has pumped the brakes for May, issuing a slimmed-down 59 CVEs (Common Vulnerabilities and Exposures).

While IT might have a lighter load this month, they will still have their hands full as there are two zero-day flaws that should be addressed immediately.

The first is CVE-2024-30040, which addresses a security features bypass issue in the Windows MSHTML platform. According to Microsoft, if an attacker convinces a target to open a malicious file (typically through email), the attacker could "bypasses OLE mitigations in Microsoft 365 and Microsoft Office which protect users from vulnerable COM/OLE controls."

While the flaw has yet to be publicly disclosed, Microsoft has observed attacks taking advantage of it, so patch as soon as possible.

That goes for the second zero-day vulnerability of the month: CVE-2024-30051. This one addresses an elevation of privilege flaw in Windows DWM Core Library which, if gone unpatched, could lead to an attacker gaining SYSTEM privileges. Unlike the previous issue, this one is publicly disclosed, so haste is key.

Providing some more detail into this flaw is Satnam Narang, senior staff research engineer at security firm Tenable:

CVE-2024-30051 is used as part of post-compromise activity to elevate privileges as a local attacker. Typically, zero-day exploitation of an elevation of privilege flaw is often associated with targeted attack campaigns. However, we know that post-patch, threat actors continue to find success using privilege escalation flaws. For instance, a recent joint cybersecurity advisory about the Black Basta ransomware group from CISA, FBI, HHS and MS-ISAC notes the use of multiple privilege escalation flaws by Black Basta affiliates as part of their ransomware activity.

After those two items have gone through the proper testing, IT should prioritize the only item rated "Critical" this month. CVE-2024-30044 looks to fix a remote code execution flaw in Microsoft SharePoint Server. While not much is known about this flaw, Microsoft did say that a potential attack (none have been seen in the wild) would involve "a specially crafted file to the targeted SharePoint Server and craft specialized API requests to trigger deserialization of file's parameters."

The full list of this month's bulletins can be found here.

About the Author

Chris Paoli (@ChrisPaoli5) is the associate editor for Converge360.

Featured

To Support AI Workloads, Microsoft Taps Lumen for Network Boost

With AI workloads demanding more from its datacenters, Microsoft is looking to outside partners for infrastructure support.
Which Enterprises Should Ditch Passwords? All of Them!

As security biometrics continue to sophisticate, many organizations are still using flawed passwords to safeguard their data. That needs to change. Now.
CrowdStrike Blames Internal Testing Faults for Mass Outage

In an initial post-mortem, Austin-based security firm CrowdStrike said that an issue in its testing software led to the company pushing through a faulty update that took down more than 8.5 million Windows systems last week.
Build Your Own Custom Copilot, Part 2: Making the Connection

Now that you have a plan, it's time to create your personalized Copilot.
Microsoft Releases CrowdStrike Outage Recovery Tool

Microsoft has released a tool to help recover affected systems after last week's global outage caused by a faulty update pushed through by security firm CrowdStrike.