Saturday , September 28 2024

Microsoft May 2024 Patch Tuesday fixes 61 flaws 2 zero-days

infosecbulletin Wednesday , May 15 2024 Vulnerabilities

Microsoft patched May 2024 Tuesday including updates for 61 flaws and three publicly disclosed zero days. This update fixed Microsoft SharePoint Server Remote Code Execution Vulnerability.

Category wise vulnerabilities are listed below:

Meta fined $101 million for storing passwords in plaintext

By infosecbulletin / Saturday , September 28 2024
Meta was fined over $100 million by the EU privacy regulator on Friday due to a security issue with Facebook...
Read More
Meta fined $101 million for storing passwords in plaintext

Microsoft warns Storm-0501 targets hybrid cloud environments

By infosecbulletin / Friday , September 27 2024
Microsoft cybersecurity researchers found that the "Storm-0501" ransomware group is targeting hybrid cloud environments. Storm-0501 Attacking Cloud Environments: Storm-0501 is...
Read More
Microsoft warns Storm-0501 targets hybrid cloud environments

RCE flaw impacts all GNU/Linux System: Details Revealed

By infosecbulletin / Friday , September 27 2024
Simone Margaritelli has discovered a serious remote code execution (RCE) vulnerability in the Common Unix Printing System (CUPS), impacting all...
Read More
RCE flaw impacts all GNU/Linux System: Details Revealed

Octo2: European Banks Already Under Attack by New Malware varient

By infosecbulletin / Friday , September 27 2024
Cybersecurity researchers at ThreatFabric have identified a new and more dangerous variant of the Octo banking malware, called "Octo2." This...
Read More
Octo2: European Banks Already Under Attack by New Malware varient

CISA Releases Guideline mitigating Active Directory compromise

By infosecbulletin / Friday , September 27 2024
To improve cybersecurity, the Cybersecurity and Infrastructure Security Agency (CISA) has partnered with international agencies to release a guide on...
Read More
CISA Releases Guideline mitigating Active Directory compromise

G7 cyber group warns to prep for quantum computing risks

By infosecbulletin / Friday , September 27 2024
An intergovernmental group urged the financial sector on Wednesday to prepare for potential threats from advancements in quantum computing. The...
Read More
G7 cyber group warns to prep for quantum computing risks

Cloudflare report
India linked hacker to target Bangladeshi Gov.t and law agency

By infosecbulletin / Thursday , September 26 2024
A threat actor likely operating out of India is relying on various cloud services to conduct cyberattacks against energy, defense,...
Read More
Cloudflare report India linked hacker to target Bangladeshi Gov.t and law agency

India launches first Al-powered network solution for spam detection

By infosecbulletin / Thursday , September 26 2024
India's Bharti Airtel has launched India's first AI-powered solution that detects spam calls and messages, alerting customers in real-time. The...
Read More
India launches first Al-powered network solution for spam detection

White Snake to Steal Credit Cards CVC Codes from Chrome

By infosecbulletin / Wednesday , September 25 2024
The White Snake malware has been updated to take advantage of a new feature in the latest Google Chrome version....
Read More
White Snake to Steal Credit Cards CVC Codes from Chrome

Kaspersky Automatically Replaces With UltraAV, Raising Concerns

By infosecbulletin / Tuesday , September 24 2024
Kaspersky has formally begun pulling back its offerings in the U.S., migrating existing users to UltraAV, effective September 19, 2024,...
Read More
Kaspersky Automatically Replaces With UltraAV, Raising Concerns

17 Elevation of Privilege Vulnerabilities
2 Security Feature Bypass Vulnerabilities
27 Remote Code Execution Vulnerabilities
7 Information Disclosure Vulnerabilities
3 Denial of Service Vulnerabilities
4 Spoofing Vulnerabilities

The two actively exploited zero-day vulnerabilities are:

CVE-2024-30040 – Windows MSHTML Platform Security Feature Bypass Vulnerability:

This vulnerability bypasses OLE mitigations in Microsoft 365 and Microsoft Office which protect users from vulnerable COM/OLE controls.

An attacker would have to convince the user to load a malicious file onto a vulnerable system, typically by way of an enticement in an Email or Instant Messenger message, and then convince the user to manipulate the specially crafted file, but not necessarily click or open the malicious file.

“An unauthenticated attacker who successfully exploited this vulnerability could gain code execution through convincing a user to open a malicious document at which point the attacker could execute arbitrary code in the context of the user.” reads the advisory.

CVE-2024-30051 – Windows DWM Core Library Elevation of Privilege Vulnerability:

An attacker can exploit this vulnerability to gain SYSTEM privileges. Microsoft doesn’t share details about the attacks exploiting the above vulnerabilities.

You can click here for the full list of flaws addressed by Microsoft with the release of Patch Tuesday security updates for May 2024.

Check Also

CHROMIUM

Chrome 129 Released Fix with multiple Security Flaws

Google has released Chrome 129 for Windows, Mac, and Linux users. The update will be …

Leave a Reply

Your email address will not be published. Required fields are marked *

Mail: [email protected]
© Copyright 2024, All Rights Reserved InfoSecBulletin