2 Zero-Day Flaw Highlights Small Microsoft May Patch -- Redmondmag.com

2 Zero-Day Flaw Highlights Small Microsoft May Patch

By Chris Paoli
05/14/2024

After April's larger-than-usual security update, Microsoft has pumped the brakes for May, issuing a slimmed-down 59 CVEs (Common Vulnerabilities and Exposures).

While IT might have a lighter load this month, they will still have their hands full as there are two zero-day flaws that should be addressed immediately.

The first is CVE-2024-30040, which addresses a security features bypass issue in the Windows MSHTML platform. According to Microsoft, if an attacker convinces a target to open a malicious file (typically through email), the attacker could "bypasses OLE mitigations in Microsoft 365 and Microsoft Office which protect users from vulnerable COM/OLE controls."

While the flaw has yet to be publicly disclosed, Microsoft has observed attacks taking advantage of it, so patch as soon as possible.

That goes for the second zero-day vulnerability of the month: CVE-2024-30051. This one addresses an elevation of privilege flaw in Windows DWM Core Library which, if gone unpatched, could lead to an attacker gaining SYSTEM privileges. Unlike the previous issue, this one is publicly disclosed, so haste is key.

Providing some more detail into this flaw is Satnam Narang, senior staff research engineer at security firm Tenable:

CVE-2024-30051 is used as part of post-compromise activity to elevate privileges as a local attacker. Typically, zero-day exploitation of an elevation of privilege flaw is often associated with targeted attack campaigns. However, we know that post-patch, threat actors continue to find success using privilege escalation flaws. For instance, a recent joint cybersecurity advisory about the Black Basta ransomware group from CISA, FBI, HHS and MS-ISAC notes the use of multiple privilege escalation flaws by Black Basta affiliates as part of their ransomware activity.

After those two items have gone through the proper testing, IT should prioritize the only item rated "Critical" this month. CVE-2024-30044 looks to fix a remote code execution flaw in Microsoft SharePoint Server. While not much is known about this flaw, Microsoft did say that a potential attack (none have been seen in the wild) would involve "a specially crafted file to the targeted SharePoint Server and craft specialized API requests to trigger deserialization of file's parameters."

The full list of this month's bulletins can be found here.

About the Author

Chris Paoli (@ChrisPaoli5) is the associate editor for Converge360.

Featured

Security Giant Kaspersky Shutters U.S. Operations

Days before a ban on sales of its security software was set to take effect, Kaspersky announced it would end its U.S. operations.
CISOs Believe AI Has 'Already Surpassed' Their IT Security Teams: Survey

AI has its naysayers, but many chief information security officers (CISOs) are not among them.
The Worst Features in the New Outlook

It might sound like not a big deal, but it is incredibly annoying.
Microsoft Addresses Security Tool Sprawl with New Entra and Sentinel Releases

Microsoft this week announced the general availability of two new security solutions designed to help organizations achieve and manage zero trust environments.
Microsoft Dodges Antitrust Watchdogs by Exiting OpenAI Board

Microsoft is vacating its non-voting seat on OpenAI's board "effective immediately," reported Financial Times on Wednesday.