.webp)
Summary
Microsoft released their security updates for May of 2024 which include fixes for two zero-day vulnerabilities: CVE-2024-30040 (CVSSv3: 8.8) and CVE-2024-30051 (CVSSv3:7.8). CVE-2024-30051 (Windows DWM Core Library Elevation of Privilege Vulnerability) allows for a local attacker to exploit this vulnerability to gain system-level privileges. CVE-2024-30040 (Windows MSHTML Platform Security Feature Bypass Vulnerability) allows a remote attacker to bypass OLE mitigations in M365 and Microsoft Office that protect users from vulnerable COM/OLE controls. It requires an attacker to convince a user to load a malicious file into a vulnerable system and manipulate it. This can allow an unauthenticated attacker to achieve remote arbitrary code execution from the context of the user. Both of these vulnerabilities are known to be exploited and have each been added to CISA’s Known Exploited Vulnerabilities Catalog, giving them a heightened patch priority and associated risk.
Impact Assessment
Both vulnerabilities are known to be exploited and can be used to execute code or obtain heighted privileges. These vulnerabilities, if exploited would have a high impact on any system affected by these vulnerabilities.
These vulnerabilities impact the Windows Operating System (Windows 10/11, Windows Server 2016/2019/2022). A detailed list of the affected products as well as patches and KB articles are detailed on the vulnerability pages for each vulnerability at the Microsoft Security Response Center Security Update Guide.
Remediation
Applying the latest Windows updates to endpoints through the latest cumulative update. You can also obtain individual packages for the updates through the Microsoft Update Catalog.
What it means for you
If you utilize Windows systems, checking for updates and applying them to your machine is what must be done at a user level.
If you oversee applying patches to an organization, ensuring a policy is in place for automatic provisioning of Windows updates is essential. Due to the high risk these vulnerabilities bring due to being actively exploited, it is essential to expedite the process that endpoints and servers receive this update.
Business Implications
Exploitation of any of these vulnerabilities can allow an attacker to gain elevated privileges within a system or execute arbitrary code. This enables the attacker to create a backdoor in an organization’s environment and perform lateral movement. This can cause monetary, data, and reputational loss as a result. This depends on the attacker’s motive, as malware such as ransomware could be downloaded, data could be leaked and sold, or the organization could be brought does through a denial-of-service situation.
Access Point Consulting Recommends
Patch: We recommend patching these vulnerabilities and apply Windows and Windows Server updates as soon as they are available. This is due to two actively exploited zero days being patched through these latest updates.
Associated Bulletins
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30040
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30051
https://msrc.microsoft.com/update-guide/
.jpg)
