Microsoft’s May 2024 Patch Tuesday Addresses 59 CVEs

On May 14, Microsoft released its May 2024 Patch Tuesday release which patched 59 CVEs with one rated as critical, one rated as moderate and 57 rated as important.

This month's release included patches for three zero-day vulnerabilities, with two of these having been exploited in the wild. The zero-day vulnerabilities are as follows:

CVE-2024-30051 is an elevation of privilege vulnerability in the DWM Core Library in Microsoft Windows. Microsoft noted that it was exploited in the wild as a zero-day and was publicly disclosed prior to a patch being available.

CVE-2024-30040 is a security feature bypass vulnerability in the MSHTML (Trident) engine in Microsoft Windows that was exploited in the wild as a zero-day.

CVE-2024-30046 is a denial of service (DoS) vulnerability affecting multiple versions of Microsoft Visual Studio and was listed as being publicly disclosed prior to a patch being made available

This month’s update includes patches for:

• .NET and Visual Studio
• Azure Migrate
• Microsoft Bing
• Microsoft Brokering File System
• Microsoft Dynamics 365 Customer Insights
• Microsoft Intune
• Microsoft Office Excel
• Microsoft Office SharePoint
• Microsoft WDAC OLE DB provider for SQL
• Microsoft Windows SCSI Class System File
• Microsoft Windows Search Component
• Power BI
• Windows Cloud Files Mini Filter Driver
• Windows CNG Key Isolation Service
• Windows Common Log File System Driver
• Windows Cryptographic Services
• Windows Deployment Services
• Windows DHCP Server
• Windows DWM Core Library
• Windows Hyper-V
• Windows Kernel
• Windows Mark of the Web (MOTW)
• Windows Mobile Broadband
• Windows MSHTML Platform
• Windows NTFS
• Windows Remote Access Connection Manager
• Windows Routing and Remote Access Service (RRAS)
• Windows Task Scheduler
• Windows Win32K - GRFX
• Windows Win32K - ICOMP

For more information, please visit our blog.