Microsoft May 2024 Patch Tuesday

Published: 2024-05-14. Last Updated: 2024-05-14 17:28:16 UTC
by Renato Marinho (Version: 1)
1 comment(s)

This month we got patches for 67 vulnerabilities. Of these, 1 are critical, and 1 is being exploited according to Microsoft.

The critical vulnerability is a Remote Code Execution (RCE) affecting the Microsoft Sharepoint Server (CVE-2024-30044). According to the advisory, an authenticated attacker with Site Owner permissions or higher could upload a specially crafted file to the targeted Sharepoint Server and craft specialized API requests to trigger deserialization of file's parameters. This would enable the attacker to perform remote code execution in the context of the Sharepoint Server. The CVSS for the vulnerability is 8.8.

The zero-day vulnerability is an elevation of privilege on Windows DWM (Desktop Windows Management) Core Library (CVE-2024-30051). According to the advisory, an attacker who successfully exploited this vulnerability could gain SYSTEM privileges. The CVSS for the vulnerability is 7.8.

There is an important vulnerability affecting MinGit software (CVE-2024-32002), used by Microsoft Visual Studio, caused by an improper limitation of a pathname to a restricted directory ('Path Traversal') making it susceptible to Remote Code Execution. It is being documented in the Security Update Guide to announce that the latest builds of Visual Studio are no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information. The CVSS for the vulnerability is 9.0 – the highest for this month.

See the full list of patches:

Description
CVE Disclosed Exploited Exploitability (old versions) current version Severity CVSS Base (AVG) CVSS Temporal (AVG)
.NET and Visual Studio Remote Code Execution Vulnerability
CVE-2024-30045 No No - - Important 6.3 5.5
Azure Migrate Cross-Site Scripting Vulnerability
CVE-2024-30053 No No - - Important 6.5 5.9
CVE-2024-32002 Recursive clones on case-insensitive filesystems that support symlinks are susceptible to Remote Code Execution
CVE-2024-32002 No No - - Important 9.0 7.8
Chromium: CVE-2024-4331 Use after free in Picture In Picture
CVE-2024-4331 No No - - -    
Chromium: CVE-2024-4368 Use after free in Dawn
CVE-2024-4368 No No - - -    
Chromium: CVE-2024-4558 Use after free in ANGLE
CVE-2024-4558 No No - - -    
Chromium: CVE-2024-4559 Heap buffer overflow in WebAudio
CVE-2024-4559 No No - - -    
Chromium: CVE-2024-4671 Use after free in Visuals
CVE-2024-4671 No No - - -    
DHCP Server Service Denial of Service Vulnerability
CVE-2024-30019 No No - - Important 6.5 5.7
Dynamics 365 Customer Insights Spoofing Vulnerability
CVE-2024-30047 No No - - Important 7.6 6.6
CVE-2024-30048 No No - - Important 7.6 6.6
GitHub: CVE-2024-32004 Remote Code Execution while cloning special-crafted local repositories
CVE-2024-32004 No No - - Important 8.1 7.1
Microsoft Bing Search Spoofing Vulnerability
CVE-2024-30041 No No - - Important 5.4 4.7
Microsoft Brokering File System Elevation of Privilege Vulnerability
CVE-2024-30007 No No - - Important 8.8 7.7
Microsoft Edge (Chromium-based) Spoofing Vulnerability
CVE-2024-30055 No No Less Likely Less Likely Low 5.4 4.7
Microsoft Excel Remote Code Execution Vulnerability
CVE-2024-30042 No No - - Important 7.8 6.8
Microsoft Intune for Android Mobile Application Management Tampering Vulnerability
CVE-2024-30059 No No - - Important 6.1 5.8
Microsoft PLUGScheduler Scheduled Task Elevation of Privilege Vulnerability
CVE-2024-26238 No No - - Important 7.8 6.8
Microsoft Power BI Client JavaScript SDK Information Disclosure Vulnerability
CVE-2024-30054 No No - - Important 6.5 5.7
Microsoft SharePoint Server Information Disclosure Vulnerability
CVE-2024-30043 No No - - Important 6.5 5.7
Microsoft SharePoint Server Remote Code Execution Vulnerability
CVE-2024-30044 No No - - Critical 8.8 7.7
Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
CVE-2024-30006 No No - - Important 8.8 7.7
Microsoft Windows SCSI Class System File Elevation of Privilege Vulnerability
CVE-2024-29994 No No - - Important 7.8 6.8
NTFS Elevation of Privilege Vulnerability
CVE-2024-30027 No No - - Important 7.8 6.8
Visual Studio Denial of Service Vulnerability
CVE-2024-30046 Yes No - - Important 5.9 5.2
Win32k Elevation of Privilege Vulnerability
CVE-2024-30028 No No - - Important 7.8 6.8
CVE-2024-30030 No No - - Important 7.8 6.8
CVE-2024-30038 No No - - Important 7.8 6.8
Windows CNG Key Isolation Service Elevation of Privilege Vulnerability
CVE-2024-30031 No No - - Important 7.8 6.8
Windows Cloud Files Mini Filter Driver Information Disclosure Vulnerability
CVE-2024-30034 No No - - Important 5.5 4.8
Windows Common Log File System Driver Elevation of Privilege Vulnerability
CVE-2024-29996 No No - - Important 7.8 6.8
CVE-2024-30025 No No - - Important 7.8 6.8
CVE-2024-30037 No No - - Important 7.5 6.5
Windows Cryptographic Services Information Disclosure Vulnerability
CVE-2024-30016 No No - - Important 5.5 4.8
Windows Cryptographic Services Remote Code Execution Vulnerability
CVE-2024-30020 No No - - Important 8.1 7.1
Windows DWM Core Library Elevation of Privilege Vulnerability
CVE-2024-30032 No No - - Important 7.8 6.8
CVE-2024-30035 No No - - Important 7.8 6.8
CVE-2024-30051 Yes Yes - - Important 7.8 7.2
Windows DWM Core Library Information Disclosure Vulnerability
CVE-2024-30008 No No - - Important 5.5 4.8
Windows Deployment Services Information Disclosure Vulnerability
CVE-2024-30036 No No - - Important 6.5 5.7
Windows Hyper-V Denial of Service Vulnerability
CVE-2024-30011 No No - - Important 6.5 5.7
Windows Hyper-V Remote Code Execution Vulnerability
CVE-2024-30010 No No - - Important 8.8 7.7
CVE-2024-30017 No No - - Important 8.8 7.7
Windows Kernel Elevation of Privilege Vulnerability
CVE-2024-30018 No No - - Important 7.8 6.8
Windows MSHTML Platform Security Feature Bypass Vulnerability
CVE-2024-30040 No Yes - - Important 8.8 8.2
Windows Mark of the Web Security Feature Bypass Vulnerability
CVE-2024-30050 No No - - Moderate 5.4 5.0
Windows Mobile Broadband Driver Remote Code Execution Vulnerability
CVE-2024-29997 No No - - Important 6.8 5.9
CVE-2024-29998 No No - - Important 6.8 5.9
CVE-2024-29999 No No - - Important 6.8 5.9
CVE-2024-30000 No No - - Important 6.8 5.9
CVE-2024-30001 No No - - Important 6.8 5.9
CVE-2024-30002 No No - - Important 6.8 5.9
CVE-2024-30003 No No - - Important 6.8 5.9
CVE-2024-30004 No No - - Important 6.8 5.9
CVE-2024-30005 No No - - Important 6.8 5.9
CVE-2024-30012 No No - - Important 6.8 5.9
CVE-2024-30021 No No - - Important 6.8 5.9
Windows Remote Access Connection Manager Information Disclosure Vulnerability
CVE-2024-30039 No No - - Important 5.5 4.8
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
CVE-2024-30009 No No - - Important 8.8 7.7
CVE-2024-30014 No No - - Important 7.5 6.6
CVE-2024-30015 No No - - Important 7.5 6.5
CVE-2024-30022 No No - - Important 7.5 6.5
CVE-2024-30023 No No - - Important 7.5 6.5
CVE-2024-30024 No No - - Important 7.5 6.5
CVE-2024-30029 No No - - Important 7.5 6.5
Windows Search Service Elevation of Privilege Vulnerability
CVE-2024-30033 No No - - Important 7.0 6.1
Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability
CVE-2024-30049 No No - - Important 7.8 6.8

 

--
Renato Marinho
Morphus Labs| LinkedIn|Twitter

Keywords:
1 comment(s)
ISC Stormcast For Tuesday, May 14th, 2024 https://isc.sans.edu/podcastdetail/8980

Apple Patches Everything: macOS, iOS, iPadOS, watchOS, tvOS updated.

Published: 2024-05-14. Last Updated: 2024-05-14 01:43:19 UTC
by Johannes Ullrich (Version: 1)
0 comment(s)

Apple today released updates for its various operating systems. The updates cover iOS, iPadOS, macOS, watchOS and tvOS. A standalone update for Safari was released for older versions of macOS. One already exploited vulnerability, CVE-2024-23296 is patched for older versions of macOS and iOS. In March, Apple patched this vulnerability for more recent versions of iOS and macOS.

 

Safari 17.5 iOS 17.5 and iPadOS 17.5 iOS 16.7.8 and iPadOS 16.7.8 macOS Sonoma 14.5 macOS Ventura 13.6.7 macOS Monterey 12.7.5 watchOS 10.5 tvOS 17.5
CVE-2024-27834 [moderate] WebKit
The issue was addressed with improved checks.
An attacker with arbitrary read and write capability may be able to bypass Pointer Authentication
x x   x     x x
CVE-2024-27804 [important] AppleAVD
The issue was addressed with improved memory handling.
An app may be able to execute arbitrary code with kernel privileges
  x   x     x x
CVE-2024-27816 [moderate] RemoteViewServices
A logic issue was addressed with improved checks.
An attacker may be able to access user data
  x   x     x x
CVE-2024-27841 [important] AVEVideoEncoder
The issue was addressed with improved memory handling.
An app may be able to disclose kernel memory
  x   x        
CVE-2024-27839 [moderate] Find My
A privacy issue was addressed by moving sensitive data to a more secure location.
A malicious application may be able to determine a user's current location
  x            
CVE-2024-27818 [moderate] Kernel
The issue was addressed with improved memory handling.
An attacker may be able to cause unexpected app termination or arbitrary code execution
  x   x        
CVE-2023-42893 [moderate] Libsystem
A permissions issue was addressed by removing vulnerable code and adding additional checks.
An app may be able to access protected user data
  x   x        
CVE-2024-27810 [important] Maps
A path handling issue was addressed with improved validation.
An app may be able to read sensitive location information
  x   x     x x
CVE-2024-27852 [moderate] MarketplaceKit
A privacy issue was addressed with improved client ID handling for alternative app marketplaces.
A maliciously crafted webpage may be able to distribute a script that tracks users on other webpages
  x            
CVE-2024-27835 [moderate] Notes
This issue was addressed through improved state management.
An attacker with physical access to an iOS device may be able to access notes from the lock screen
  x            
CVE-2024-27803 [moderate] Screenshots
A permissions issue was addressed with improved validation.
An attacker with physical access may be able to share items from the lock screen
  x            
CVE-2024-27821 [moderate] Shortcuts
A path handling issue was addressed with improved validation.
A shortcut may output sensitive user data without consent
  x   x     x  
CVE-2024-27847 [important] Sync Services
This issue was addressed with improved checks
An app may be able to bypass Privacy preferences
  x   x        
CVE-2024-27796 [moderate] Voice Control
The issue was addressed with improved checks.
An attacker may be able to elevate privileges
  x   x        
CVE-2024-27789 [important] Foundation
A logic issue was addressed with improved checks.
An app may be able to access user-sensitive data
    x   x x    
CVE-2024-23296 [moderate] *** EXPLOITED *** RTKit
A memory corruption issue was addressed with improved validation.
An attacker with arbitrary kernel read and write capability may be able to bypass kernel memory protections. Apple is aware of a report that this issue may have been exploited.
    x   x      
CVE-2024-27837 [moderate] AppleMobileFileIntegrity
A downgrade issue was addressed with additional code-signing restrictions.
A local attacker may gain access to Keychain items
      x        
CVE-2024-27825 [moderate] AppleMobileFileIntegrity
A downgrade issue affecting Intel-based Mac computers was addressed with additional code-signing restrictions.
An app may be able to bypass certain Privacy preferences
      x        
CVE-2024-27829 [moderate] AppleVA
The issue was addressed with improved memory handling.
Processing a file may lead to unexpected app termination or arbitrary code execution
      x        
CVE-2024-23236 [moderate] CFNetwork
A correctness issue was addressed with improved checks.
An app may be able to read arbitrary files
      x        
CVE-2024-27827 [moderate] Finder
This issue was addressed through improved state management.
An app may be able to read arbitrary files
      x        
CVE-2024-27822 [important] PackageKit
A logic issue was addressed with improved restrictions.
An app may be able to gain root privileges
      x        
CVE-2024-27824 [moderate] PackageKit
This issue was addressed by removing the vulnerable code.
An app may be able to elevate privileges
      x        
CVE-2024-27813 [moderate] PrintCenter
The issue was addressed with improved checks.
An app may be able to execute arbitrary code out of its sandbox or with certain elevated privileges
      x        
CVE-2024-27843 [moderate] SharedFileList
A logic issue was addressed with improved checks.
An app may be able to elevate privileges
      x        
CVE-2024-27798 [moderate] StorageKit
An authorization issue was addressed with improved state management.
An attacker may be able to elevate privileges
      x        
CVE-2024-27842 [important] udf
The issue was addressed with improved checks.
An app may be able to execute arbitrary code with kernel privileges
      x        
CVE-2023-42861 [moderate] Login Window
A logic issue was addressed with improved state management.
An attacker with knowledge of a standard user's credentials can unlock another standard user's locked screen on the same Mac
        x      
CVE-2024-23229 [moderate] Find My
This issue was addressed with improved redaction of sensitive information.
A malicious application may be able to access Find My data
          x    

 

---
Johannes B. Ullrich, Ph.D. , Dean of Research, SANS.edu
Twitter|

Keywords:
0 comment(s)

Comments


Diary Archives