overview

This week, Microsoft has addressed 59 security vulnerabilities, including two actively exploited zero-days: CVE-2024-30051 and CVE-2024-30040. 

CVE-2024-30051 (CVSS 7.8) 

This vulnerability is a heap-based buffer overflow in the Windows DWM Core Library. Exploitation can allow attackers to elevate privileges to SYSTEM level. Reports indicate it is being utilized by multiple threat actors, often in conjunction with Qakbot malware. The vulnerability was initially uncovered through a file uploaded to VirusTotal, with exploitation methods similar to the CVE-2023-36033 zero-day exploit. 

CVE-2024-30040 (CVSS 8.8) 

This vulnerability allows attackers to bypass OLE mitigations in Microsoft 365 and Microsoft Office. Attackers need to convince users to load and manipulate a malicious file, leading to arbitrary code execution in the context of the user. Details about the attack specifics are scarce.  

Other notable vulnerabilities fixed in Microsoft’s update include CVE-2024-30044, a critical flaw in SharePoint, and CVE-2024-30050, which involves a bypass of Windows Mark of the Web controls. Organizations should prioritize these updates to mitigate the risk of exploitation. 

Action Required: Immediate deployment of the latest patches is crucial to protect systems from these critical vulnerabilities.  

 

 

avertium's recommendationS

 

 

INDICATORS OF COMPROMISE (IoCs)

At this time, there are no known IoCs associated with the above vulnerabilities. Avertium remains vigilant in locating IoCs for our customers. Should any be located, Avertium will disclose them as soon as possible. For more information on how Avertium can help protect your organization, please reach out to your Avertium Service Delivery Manager or Account Executive.   

 

 

How Avertium is Protecting Our CUSTOMERS

  • Fusion MXDR  is the first MDR offering that fuse together all aspects of security operations into a living, breathing, threat-resistant XDR solution. By fusing insights from threat intelligence, security assessments, and vulnerability management into our MDR approach, Fusion MXDR offers a more informed, robust, and cost-effective approach to cybersecurity – one that is greater than the sum of its parts.  
  • Minimizing the impact of a successful ransomware or malware attack requires detecting it as early in the attack as possible. A Security Information and Event Management (SIEM) system can help an organization to accomplish this. Avertium offers a comprehensive SIEM-based approach that increases the potential for detecting a ransomware infection before it deploys. SIEM provides a holistic overview of a company’s IT environment from a single point of view in terms of its specific security events, empowering teams to detect and analyze unusual behavior. 




 

SUPPORTING DOCUMENTATION

CVE-2024-30040 - Security Update Guide - Microsoft - Windows MSHTML Platform Security Feature Bypass Vulnerability 

CVE-2024-30051 - Security Update Guide - Microsoft - Windows DWM Core Library Elevation of Privilege Vulnerability 

Patch Tuesday, May 2024 Edition – Krebs on Security 

May 2024 Patch Tuesday: Microsoft fixes exploited zero-days (CVE-2024-30051, CVE-2024-30040) - Help Net Security 

 
Chat With One of Our Experts



microsoft Zero-Day Vulnerability Flash Notice Microsoft Vulnerability Microsoft Zero-Day Blog