Microsoft Tackles 59 CVEs, Including Exploited Zero-Days, in Massive May Patch Update
May 15, 2024![Microsoft Tackles 59 CVEs, Including Exploited Zero-Days, in Massive May Patch Update](https://cdn.brief.news/images/stories/76754e0b2aa6b71736770cc956c4082afbaf7789f4533494a2d7df0ba22ad0ee2818750722b96beec533c3940c3af53b0d7b29d278f3358792bcf896bfe24b74.jpg)
Microsoft's Patch Tuesday for May 2024 addressed 59 CVEs including three zero-days, with one actively exploited by QakBot operators.
The exploited zero-day, CVE-2024-30051, poses a significant threat to network security.
Another zero-day, CVE-2024-30040, allows attackers to execute arbitrary code via the MSHTML platform.
The third zero-day, CVE-2024-30046, could lead to denial of service in ASP.NET Core.
Critical vulnerability CVE-2024-30043 in Microsoft SharePoint Server enables unauthorized local file access and server-side request forgery.
Other notable bugs include an Elevation of Privilege (EoP) in Windows Search Service and Windows Kernel.
CVE-2024-30050 is a moderate-rated security bypass often exploited by ransomware attacks.
Kaspersky Lab's publication details the discovery of exploits used with QakBot and other malware, but Microsoft has not disclosed attack specifics.
Tech giants Google, Apple, and Adobe have also released security updates for their products.
Cybersecurity experts urge the importance of prompt updates and remaining vigilant against new exploits.
Summary based on 6 sources
Get a daily email with more Tech stories
Sources
![Microsoft Windows DWM Zero-Day Poised for Mass Exploit](https://cdn.brief.news/images/links/76754e0b2aa6b71736770cc956c4082afbaf7789f4533494a2d7df0ba22ad0ee2818750722b96beec533c3940c3af53b0d7b29d278f3358792bcf896bfe24b74.jpg)
Dark Reading • May 14, 2024
Microsoft Windows DWM Zero-Day Poised for Mass Exploit![Microsoft fixes Windows zero-day exploited in QakBot malware attacks](https://cdn.brief.news/images/links/edf779731bc6d1302d5ade2833e0fd6e66a42a5b60703cbd201c220023d699eb05405a06b8b9c310d5b9beeeb59731b957d7ff6fa4fc65f457cd35ccc8eb6bec.png)
BleepingComputer • May 14, 2024
Microsoft fixes Windows zero-day exploited in QakBot malware attacks![Patch Tuesday, May 2024 Edition](https://cdn.brief.news/images/links/c862fa0bb3e457cbc3050bfa3355149ea67ed1ef67e04a25a58d64e06fb6684e26ae0b4e314e988519e499abed6c8df583b2f943fd6b5c0a4b533e53b43775c6.png)
Krebs on Security • May 14, 2024
Patch Tuesday, May 2024 Edition![Microsoft Warns of Active Zero-Day Exploitation, Patches 60 Windows Vulnerabilities](https://cdn.brief.news/images/links/7a325d6c94f32fc588579270ef69969e7964289949257fc76232eed15aa0137e161b2e0b69b88a9e7145039285058d3c223c91ae2248a18bf822c5ee259c481a.jpg)
SecurityWeek • May 14, 2024
Microsoft Warns of Active Zero-Day Exploitation, Patches 60 Windows Vulnerabilities