Service Notices

All Notices > Security Notices > Microsoft Releases May 2024 Security Updates

Microsoft Releases May 2024 Security Updates

May 16, 2024 GMT+08:00

I. Overview

Microsoft has released its May 2024 Security Updates. A total of 59 security vulnerabilities have been disclosed, among which 1 are marked as important vulnerabilities. Attackers can exploit these vulnerabilities to implement remote code execution, privilege escalation, and security feature bypass. The affected applications include components such as Microsoft Windows, Microsoft Office, Microsoft Dynamics and Visual Studio.

For details, visit the Microsoft official website:

https://msrc.microsoft.com/update-guide/releaseNote/2024-May

The following vulnerabilities require close scrutiny as their details have been disclosed or they have already been exploited by attackers:

Windows DWM Core Library Elevation of Privilege Vulnerability (CVE-2024-30051): 0-day vulnerability. Successful exploitation of this vulnerability can enable local attackers to gain the SYSTEM permission. This vulnerability has been exploited in the wild, and the risk is high.

Windows MSHTML Platform Security Feature Bypass Vulnerability (CVE-2024-30040): 0-day vulnerability. An unauthenticated attacker can induce a user to open a specially crafted malicious file to trigger the vulnerability. Successful exploitation of the vulnerability can cause arbitrary code execution on the target server. This vulnerability has been exploited in the wild, and the risk is high.

Visual Studio Denial of Service Vulnerability (CVE-2024-30046): 0-day vulnerability. Successful exploitation of this vulnerability will cause DoS. The vulnerability has been disclosed, and the risk is high.

10 vulnerabilities (such as CVE-2024-30049, CVE-2024-30038, and CVE-2024-30035) are marked as Exploitation More Likely. For details, see the official announcement. Please perform security self-check and security hardening in a timely manner to reduce attack risks.

II. Severity

Severity: important

(Severity: low, moderate, important, and critical)

III. Affected Products

Microsoft Windows, Microsoft Office, Microsoft Dynamics, Visual Studio, and other products.

IV. Vulnerability Details

CVE No.

Vulnerability

Severity

Description

CVE-2024-30044

Microsoft SharePoint Server Remote Code Execution Vulnerability

Important

An authenticated attacker with Site Owner permissions or higher could upload a specially crafted file to the targeted Sharepoint Server and craft specialized API requests to trigger deserialization of file's parameters. This would enable the attacker to perform remote code execution in the context of the Sharepoint Server.

(Note: Vulnerabilities listed above are important ones. For more information, refer to the official website of Microsoft.)

V. Security Recommendations

1. Use Windows Update or download patches from the following address to fix the vulnerabilities:

https://msrc.microsoft.com/update-guide

2. Back up data remotely to protect your data.

Note: Before fixing vulnerabilities, back up your files and conduct a thorough test.