Home > Security Bulletins > Microsoft Patch Tuesday – May 2024

Microsoft Patch Tuesday – May 2024


Microsoft Patch Tuesday

This month’s Patch Tuesday has security updates to fix 3 actively exploited zero-days and a total of 61 vulnerabilities.
Fixes for multiple products were released as usual – including 1 Critical severity vulnerability and 27 for Remote Code Execution.

The most important patches are:

CVE-2024-30040 – Windows MSHTML Platform Security Feature Bypass Vulnerability. A bypass to OLE mitigations in Microsoft 365 and Microsoft Office which protect users from vulnerable COM/OLE controls. An unauthenticated attacker could gain code execution through convincing a user to open a malicious document. CVSS 3.1: 8.8 (High)

CVE-2024-30051 – Windows DWM Core Library Elevation of Privilege Vulnerability. A vulnerability in Windows DWM Core Library that could allow privilege escalation to SYSTEM. CVSS 3.1: 7.8 (High)

The patches this month break down as follows:

  • 27 Remote Code Execution
  • 17 Privilege Escalation
  • 7 Information Disclosure
  • 4 Spoofing
  • 3 Denial of Service
  • 2 Security Feature Bypass

Affected Products

  • .NET and Visual Studio
  • Azure Migrate
  • Microsoft Bing
  • Microsoft Brokering File System
  • Microsoft Dynamics 365 Customer Insights
  • Microsoft Edge (Chromium-based)
  • Microsoft Intune
  • Microsoft Office Excel
  • Microsoft Office SharePoint
  • Microsoft WDAC OLE DB provider for SQL
  • Microsoft Windows SCSI Class System File
  • Microsoft Windows Search Component
  • Power BI
  • Visual Studio
  • Windows Cloud Files Mini Filter Driver
  • Windows CNG Key Isolation Service
  • Windows Common Log File System Driver
  • Windows Cryptographic Services
  • Windows Deployment Services
  • Windows DHCP Server
  • Windows DWM Core Library
  • Windows Hyper-V
  • Windows Kernel
  • Windows Mark of the Web (MOTW)
  • Windows Mobile Broadband
  • Windows MSHTML Platform
  • Windows NTFS
  • Windows Remote Access Connection Manager
  • Windows Routing and Remote Access Service (RRAS)
  • Windows Task Scheduler
  • Windows Win32K – GRFX
  • Windows Win32K – ICOMP