Security & Threat Updates – May 2024:

Share This Article

Microsoft addressed 60 Common Vulnerabilities and Exposures (CVE’s) this month, three of which were marked as zero-day vulnerabilities.  The most critical Common Vulnerabilities and Exposures (CVE’s) are noted below:

Microsoft Vulnerabilities:

Windows Zero-Days:

• CVE-2024-30051 – Windows DWM Core Library Elevation of Privilege Vulnerability
• CVE-2024-30040 – Windows MSHTML Platform Security Feature Bypass Vulnerability
• CVE-2024-30046 – ASP.NET Core Denial of Service Vulnerability

Other Critical CVE’s Worth Mentioning:

• CVE-2024-30043 – Microsoft SharePoint Server Information Disclosure Vulnerability
• CVE-2024-30033 – Windows Search Service Elevation of Privilege Vulnerability
• CVE-2024-30050 – Windows Mark of the Web Security Feature Bypass Vulnerability

3^rd Party Critical CVE’s:

Adobe:

• Adobe released 8 patches covering 37 CVE’s for Adobe Acrobat and Reader, Adobe Aero, Adobe Animate, Dreamweaver, FrameMaker, Illustrator, Substance3D Designer and Substance3D Painter.
  • Adobe Acrobat and Reader
  • Adobe Aero
  • Adobe Animate
  • Dreamweaver
  • FrameMaker
  • Illustrator
  • Substance 3D Designer
  • Substance 3D Painter

Apple:

• Apple backported an RTKit zero-day to older devices and fixed a Safari WebKit zero-day flaw

Cisco:

• Cisco released security updates for its IP phone products

F5:

• CVE-2024-26026 – BIG-IP Next Central Manager SQL Injection
• CVE-2024-21793 – BIG-IP Next Central Manager OData Injection

Google Chrome:

• Versions 125.0.6422.60/.61 were released for Windows & Apple and 125.0.6422.60 for Linux on May 15^th.
• This update addresses the 6^th zero day of 2024.
• Chrome Release: May 15th 2024

About FortressSRM Cyber Hygiene Offering:

Software vulnerabilities are one of the top cyber-attack vectors and one in three breaches are the result of vulnerabilities that were known about and should have been already patched¹. 

Keeping operating systems and application software patched and secure is time consuming and tedious – an internal IT resource nightmare. Fortress SRM’s Guardian Managed Patching with Monitoring Service delivers automated, high-efficacy (97%+) updates to Microsoft and over 80 third-party software, ensuring efficient patch deployment to every device, whether on or off network. This includes the deployment of critical updates, security updates, feature updates, operating system upgrades, key Windows security setting and configurations. 

The Fortress SRM real-time reporting console includes current patch levels of devices and gives the Client total visibility into what patch related activities have been performed, while real-time patch monitoring provides deep insight into approved, unapproved, pending, and failed patching efforts.

Ready to start the Cyber Hygiene journey? Contact us at: Contact Us | Fortress Security Risk Management (fortresssrm.com)