Microsoft's Patch Tuesday for May 2024 addressed 59 CVEs including three zero-days, with one actively exploited by QakBot operators.

The exploited zero-day, CVE-2024-30051, poses a significant threat to network security.

Another zero-day, CVE-2024-30040, allows attackers to execute arbitrary code via the MSHTML platform.

The third zero-day, CVE-2024-30046, could lead to denial of service in ASP.NET Core.

Critical vulnerability CVE-2024-30043 in Microsoft SharePoint Server enables unauthorized local file access and server-side request forgery.

Other notable bugs include an Elevation of Privilege (EoP) in Windows Search Service and Windows Kernel.

CVE-2024-30050 is a moderate-rated security bypass often exploited by ransomware attacks.

Kaspersky Lab's publication details the discovery of exploits used with QakBot and other malware, but Microsoft has not disclosed attack specifics.

Tech giants Google, Apple, and Adobe have also released security updates for their products.

Cybersecurity experts urge the importance of prompt updates and remaining vigilant against new exploits.