Back to overview

Threat intelligence

MICROSOFT SECURITY BULLETIN COVERAGE FOR MAY 2024

by Security News

Overview

Microsoft’s May 2024 Patch Tuesday has 59 vulnerabilities, 25 of which are Remote Code Execution vulnerabilities. The SonicWall Capture Labs threat research team has analyzed and addressed Microsoft’s security advisories for the month of May 2024 and has produced coverage for 9 of the reported vulnerabilities.

Vulnerabilities with Detections

CVECVE TitleSignature
CVE-2024-29996Windows Common Log File System Driver Elevation of Privilege VulnerabilityASPY 568 Exploit-exe exe.MP_383
CVE-2024-30025Windows Common Log File System Driver Elevation of Privilege VulnerabilityASPY 569 Exploit-exe exe.MP_384
CVE-2024-30032Windows DWM Core Library Elevation of Privilege VulnerabilityASPY 570 Exploit-exe exe.MP_385
CVE-2024-30034Windows Cloud Files Mini Filter Driver Information Disclosure VulnerabilityASPY 571 Exploit-exe exe.MP_386
CVE-2024-30035Windows DWM Core Library Elevation of Privilege VulnerabilityASPY 572 Exploit-exe exe.MP_387
CVE-2024-30037Windows Common Log File System Driver Elevation of Privilege VulnerabilityASPY 567 Exploit-exe exe.MP_382
CVE-2024-30044Microsoft SharePoint Server Remote Code Execution VulnerabilityIPS 15674 Microsoft SharePoint Server Remote Code Execution (CVE-2024-30044)
CVE-2024-30050Windows Mark of the Web Security Feature Bypass VulnerabilityIPS 15666 Windows Mark of the Web Security Feature Bypass (CVE-2024-30050)
CVE-2024-30051Windows DWM Core Library Elevation of Privilege VulnerabilityASPY 566 Malformed-docx docx.MP_11

Release Breakdown

The vulnerabilities can be classified into the following categories:

For May, there are 57 critical, 1 Important, and 1 moderate vulnerabilities.

2024 Patch Tuesday Monthly Comparison

Microsoft tracks vulnerabilities that are being actively exploited at the time of discovery and those that have been disclosed publicly before the patch Tuesday release for each month. The above chart displays these metrics as seen each month.

Release Detailed Breakdown

Denial of Service Vulnerabilities

CVE-2024-30011Windows Hyper-V Denial of Service Vulnerability
CVE-2024-30019DHCP Server Service Denial of Service Vulnerability
CVE-2024-30046ASP.NET Core Denial of Service Vulnerability

Elevation of Privilege Vulnerabilities

CVE-2024-26238Microsoft PLUGScheduler Scheduled Task Elevation of Privilege Vulnerability
CVE-2024-29994Microsoft Windows SCSI Class System File Elevation of Privilege Vulnerability
CVE-2024-29996Windows Common Log File System Driver Elevation of Privilege Vulnerability
CVE-2024-30007Microsoft Brokering File System Elevation of Privilege Vulnerability
CVE-2024-30018Windows Kernel Elevation of Privilege Vulnerability
CVE-2024-30025Windows Common Log File System Driver Elevation of Privilege Vulnerability
CVE-2024-30027NTFS Elevation of Privilege Vulnerability
CVE-2024-30028Win32k Elevation of Privilege Vulnerability
CVE-2024-30030Win32k Elevation of Privilege Vulnerability
CVE-2024-30031Windows CNG Key Isolation Service Elevation of Privilege Vulnerability
CVE-2024-30032Windows DWM Core Library Elevation of Privilege Vulnerability
CVE-2024-30033Windows Search Service Elevation of Privilege Vulnerability
CVE-2024-30035Windows DWM Core Library Elevation of Privilege Vulnerability
CVE-2024-30037Windows Common Log File System Driver Elevation of Privilege Vulnerability
CVE-2024-30038Win32k Elevation of Privilege Vulnerability
CVE-2024-30049Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability
CVE-2024-30051Windows DWM Core Library Elevation of Privilege Vulnerability

Information Disclosure Vulnerabilities

CVE-2024-30008Windows DWM Core Library Information Disclosure  Vulnerability
CVE-2024-30016Windows Cryptographic Services Information Disclosure Vulnerability
CVE-2024-30034Windows Cloud Files Mini Filter Driver Information Disclosure Vulnerability
CVE-2024-30036Windows Deployment Services Information Disclosure Vulnerability
CVE-2024-30039Windows Remote Access Connection Manager Information Disclosure Vulnerability
CVE-2024-30043Microsoft SharePoint Server Information Disclosure Vulnerability
CVE-2024-30054Microsoft Power BI Client JavaScript SDK Information Disclosure Vulnerability

Remote Code Execution Vulnerabilities

CVE-2024-29997Windows Mobile Broadband Driver Remote Code Execution Vulnerability
CVE-2024-29998Windows Mobile Broadband Driver Remote Code Execution Vulnerability
CVE-2024-29999Windows Mobile Broadband Driver Remote Code Execution Vulnerability
CVE-2024-30000Windows Mobile Broadband Driver Remote Code Execution Vulnerability
CVE-2024-30001Windows Mobile Broadband Driver Remote Code Execution Vulnerability
CVE-2024-30002Windows Mobile Broadband Driver Remote Code Execution Vulnerability
CVE-2024-30003Windows Mobile Broadband Driver Remote Code Execution Vulnerability
CVE-2024-30004Windows Mobile Broadband Driver Remote Code Execution Vulnerability
CVE-2024-30005Windows Mobile Broadband Driver Remote Code Execution Vulnerability
CVE-2024-30006Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
CVE-2024-30009Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
CVE-2024-30010Windows Hyper-V Remote Code Execution Vulnerability
CVE-2024-30012Windows Mobile Broadband Driver Remote Code Execution Vulnerability
CVE-2024-30014Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
CVE-2024-30015Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
CVE-2024-30017Windows Hyper-V Remote Code Execution Vulnerability
CVE-2024-30020Windows Cryptographic Services Remote Code Execution Vulnerability
CVE-2024-30021Windows Mobile Broadband Driver Remote Code Execution Vulnerability
CVE-2024-30022Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
CVE-2024-30023Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
CVE-2024-30024Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
CVE-2024-30029Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
CVE-2024-30042Microsoft Excel Remote Code Execution Vulnerability
CVE-2024-30044Microsoft SharePoint Server Remote Code Execution Vulnerability
CVE-2024-30045.NET and Visual Studio Remote Code Execution Vulnerability

Security Feature Bypass Vulnerabilities

CVE-2024-30040Windows MSHTML Platform Security Feature Bypass Vulnerability
CVE-2024-30050Windows Mark of the Web Security Feature Bypass Vulnerability

Spoofing Vulnerabilities

CVE-2024-30041Microsoft Bing Search Spoofing Vulnerability
CVE-2024-30047Dynamics 365 Customer Insights Spoofing Vulnerability
CVE-2024-30048Dynamics 365 Customer Insights Spoofing Vulnerability
CVE-2024-30053Azure Migrate Cross-Site Scripting Vulnerability

Tampering Vulnerabilities

CVE-2024-30059Microsoft Intune for Android Mobile Application Management Tampering Vulnerability

Share This Article

An Article By

Security News

The SonicWall Capture Labs Threat Research Team gathers, analyzes and vets cross-vector threat information from the SonicWall Capture Threat network, consisting of global devices and resources, including more than 1 million security sensors in nearly 200 countries and territories. The research team identifies, analyzes, and mitigates critical vulnerabilities and malware daily through in-depth research, which drives protection for all SonicWall customers. In addition to safeguarding networks globally, the research team supports the larger threat intelligence community by releasing weekly deep technical analyses of the most critical threats to small businesses, providing critical knowledge that defenders need to protect their networks.