Forum Discussion
Microsoft Patch Tuesday 2024 Year in Review Microsoft’s...
Microsoft Patch Tuesday 2024 Year in Review
Microsoft’s Patch Tuesday, a monthly release of software patches for Microsoft products, has just celebrated its 21st anniversary. After a wrap-up covering the 20th anniversary in 2023, the Tenable Security Response Team (SRT) chose to keep the tradition and cover trends and significant vulnerabilities from the 2024 Patch Tuesday releases.
In 2024, Microsoft patched 1,009 CVEs throughout the year across a multitude of products and in those updates, 22 CVE’s were identified as zero-day vulnerabilities. Of the 22 zero-day vulnerabilities patched in 2024, 36.4% were elevation of privilege (EoP) flaws. Following EoP flaws, security feature bypass vulnerabilities accounted for 27.3% of zero-days in 2024 while remote code execution vulnerabilities accounted for 18.2% of zero-day flaws.
While these zero-days made up a small portion of the overall CVE’s addressed by Microsoft in 2024, we analyzed some of the most notable zero-day vulnerabilities of 2024. For more information on this analysis, please visit our blog.
3 Replies
good morning @Scott Caveza , please are you able to help us with the list of zeroday CVEs. Because we are counting 29. and in your article you have 22. Thank you
Hi there,
Our list is as follows:
CVE-2024-21412 Internet Shortcut Files Security Feature Bypass Vulnerability
CVE-2024-21351 Windows SmartScreen Security Feature Bypass Vulnerability
CVE-2024-30051 Windows DWM Core Library Elevation of Privilege Vulnerability
CVE-2024-30040 Windows MSHTML Platform Security Feature Bypass Vulnerability
CVE-2024-38080 Windows Hyper-V Elevation of Privilege Vulnerability
CVE-2024-38112 Windows MSHTML Platform Spoofing Vulnerability
CVE-2024-38189 Microsoft Project Remote Code Execution Vulnerability
CVE-2024-38178 Scripting Engine Memory Corruption Vulnerability
CVE-2024-38193 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
CVE-2024-38106 Windows Kernel Elevation of Privilege Vulnerability
CVE-2024-38213 Windows Mark of the Web Security Feature Bypass Vulnerability
CVE-2024-38107 Windows Power Dependency Coordinator Elevation of Privilege Vulnerability
CVE-2024-38226 Microsoft Publisher Security Feature Bypass Vulnerability
CVE-2024-43491 Microsoft Windows Update Remote Code Execution Vulnerability
CVE-2024-38014 Windows Installer Elevation of Privilege Vulnerability
CVE-2024-38217 Windows Mark of the Web Security Feature Bypass Vulnerability
CVE-2024-43461 Windows MSHTML Platform Spoofing Vulnerability
CVE-2024-43572 Microsoft Management Console Remote Code Execution Vulnerability
CVE-2024-43573 Windows MSHTML Platform Spoofing Vulnerability
CVE-2024-49039 Windows Task Scheduler Elevation of Privilege Vulnerability
CVE-2024-43451 NTLM Hash Disclosure Spoofing Vulnerability
CVE-2024-49138 Windows Common Log File System Driver Elevation of Privilege Vulnerability
Thank you @Scott Caveza
