{
    "file_item": {
        "filepath": "security-advisories",
        "filename": "CERT-EU-SA2024-045.pdf"
    },
    "title": "Multiple Vulnerabilities in Microsoft Products",
    "serial_number": "2024-045",
    "publish_date": "16-05-2024 14:06:48",
    "description": "On May 16, 2024, Microsoft addressed 61 vulnerabilities in its May 2024 Patch Tuesday update, including two actively exploited zero-days. This Patch Tuesday also fixes one critical vulnerability, a Microsoft SharePoint Server Remote Code Execution Vulnerability.<br>\nIt is recommended applying updates as soon as possible on affected products.<br>\n",
    "url_title": "2024-045",
    "content_markdown": "---\ntitle: 'Multiple Vulnerabilities in\u00a0Microsoft\u00a0Products'\nnumber: '2024-045'\nversion: '1.0'\noriginal_date: 'May 16, 2024'\ndate: 'May 16, 2024'\n---\n\n_History:_\n\n* _16/05/2024 --- v1.0 -- Initial publication_\n\n# Summary\n\nOn May 16, 2024, Microsoft addressed 61 vulnerabilities in its May 2024 Patch Tuesday update, including two actively exploited zero-days [1]. This Patch Tuesday also fixes one critical vulnerability, a Microsoft SharePoint Server Remote Code Execution Vulnerability [1].\n\nIt is recommended applying updates as soon as possible on affected products.\n\n# Technical Details\n\n## Actively Exploited Zero-Days\n\nThe first zero-day vulnerability, tracked as **CVE-2024-30040** with a CVSS score of 10, is described as an OLE mitigation bypass in Microsoft 365 and Microsoft Office which protect users from vulnerable COM/OLE controls [3]. An unauthenticated attacker who successfully exploited this vulnerability could gain code execution through convincing a user to open a malicious document at which point the attacker could execute arbitrary code in the context of the user [3].\n\nThe second zero-day vulnerability, tracked as **CVE-2024-30051** with a CVSS score of 6.8, is an elevation of privilege residing in the Windows DWM Core Library. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges [4].\n\n## Critical Vulnerability\n\nA Microsoft SharePoint Server remote code execution vulnerability, tracked as **CVE-2024-30044** with a CVSS score of 8.3,  was also fixed. An authenticated attacker with Site Owner permissions or higher could upload a specially crafted file to the targeted Sharepoint Server and craft specialised API requests to trigger deserialisation of the file's parameters. This would enable the attacker to perform remote code execution in the context of the Sharepoint Server [5].\n\n# Affected Products\n\nAffected products include, but are not limited to, Microsoft Windows, Microsoft Office, SharePoint Server, Windows Defender, Visual Studio [2].\n\n# Recommendations\n\nIt is recommended applying updates as soon as possible on affected assets.\n\n# References\n\n[1] <https://www.bleepingcomputer.com/news/microsoft/microsoft-may-2024-patch-tuesday-fixes-3-zero-days-61-flaws/>\n\n[2] <https://msrc.microsoft.com/update-guide/releaseNote/2024-May>\n\n[3] <https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2024-30040>\n\n[4] <https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2024-30051>\n\n[5] <https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2024-30044>",
    "content_html": "<p><em>History:</em></p><ul><li><em>16/05/2024 --- v1.0 -- Initial publication</em></li></ul><h2 id=\"summary\">Summary</h2><p>On May 16, 2024, Microsoft addressed 61 vulnerabilities in its May 2024 Patch Tuesday update, including two actively exploited zero-days [1]. This Patch Tuesday also fixes one critical vulnerability, a Microsoft SharePoint Server Remote Code Execution Vulnerability [1].</p><p>It is recommended applying updates as soon as possible on affected products.</p><h2 id=\"technical-details\">Technical Details</h2><h3 id=\"actively-exploited-zero-days\">Actively Exploited Zero-Days</h3><p>The first zero-day vulnerability, tracked as <strong>CVE-2024-30040</strong> with a CVSS score of 10, is described as an OLE mitigation bypass in Microsoft 365 and Microsoft Office which protect users from vulnerable COM/OLE controls [3]. An unauthenticated attacker who successfully exploited this vulnerability could gain code execution through convincing a user to open a malicious document at which point the attacker could execute arbitrary code in the context of the user [3].</p><p>The second zero-day vulnerability, tracked as <strong>CVE-2024-30051</strong> with a CVSS score of 6.8, is an elevation of privilege residing in the Windows DWM Core Library. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges [4].</p><h3 id=\"critical-vulnerability\">Critical Vulnerability</h3><p>A Microsoft SharePoint Server remote code execution vulnerability, tracked as <strong>CVE-2024-30044</strong> with a CVSS score of 8.3, was also fixed. An authenticated attacker with Site Owner permissions or higher could upload a specially crafted file to the targeted Sharepoint Server and craft specialised API requests to trigger deserialisation of the file's parameters. This would enable the attacker to perform remote code execution in the context of the Sharepoint Server [5].</p><h2 id=\"affected-products\">Affected Products</h2><p>Affected products include, but are not limited to, Microsoft Windows, Microsoft Office, SharePoint Server, Windows Defender, Visual Studio [2].</p><h2 id=\"recommendations\">Recommendations</h2><p>It is recommended applying updates as soon as possible on affected assets.</p><h2 id=\"references\">References</h2><p>[1] <a rel=\"noopener\" target=\"_blank\" href=\"https://www.bleepingcomputer.com/news/microsoft/microsoft-may-2024-patch-tuesday-fixes-3-zero-days-61-flaws/\">https://www.bleepingcomputer.com/news/microsoft/microsoft-may-2024-patch-tuesday-fixes-3-zero-days-61-flaws/</a></p><p>[2] <a rel=\"noopener\" target=\"_blank\" href=\"https://msrc.microsoft.com/update-guide/releaseNote/2024-May\">https://msrc.microsoft.com/update-guide/releaseNote/2024-May</a></p><p>[3] <a rel=\"noopener\" target=\"_blank\" href=\"https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2024-30040\">https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2024-30040</a></p><p>[4] <a rel=\"noopener\" target=\"_blank\" href=\"https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2024-30051\">https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2024-30051</a></p><p>[5] <a rel=\"noopener\" target=\"_blank\" href=\"https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2024-30044\">https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2024-30044</a></p>",
    "licence": {
        "title": "Creative Commons Attribution 4.0 International (CC-BY 4.0)",
        "link": "https://creativecommons.org/licenses/by/4.0/",
        "restrictions": "https://cert.europa.eu/legal-notice",
        "author": "The Cybersecurity Service for the Union institutions, bodies, offices and agencies"
    }
}