Patchday May 2024: Microsoft provides almost 60 patches
Contents
The May 2024 patchday is relatively "thin". After Microsoft released last month 150 patches for its operating systems and applications last month, there are just 59 for Patchday May 2024. However, fewer patches can be a positive sign for the security of applications. This is also supported by the fact that there was only one critical bug fixed by Microsoft on Patchday May 2024.
A critical bug in SharePoint on Patchday May 2024
The critical bug can be found in Microsoft SharePoint. With a CVSS score of 8.8 in the Common Vulnerability Scoring System, the critical bug is rated quite high. The bug is exploited via server remote code execution. The malware enters the system via the code and causes damage there.
Fortunately, according to Microsoft, the bug was not known and there were no attacks via this vulnerability. With the new update, the security gap has been closed and the risk of hacker attacks averted. As always, we therefore recommend that you apply all new updates as soon as possible.
However, the May 2024 patchday also fixed bugs that were already known and even two where attacks had taken place:
The biggest bugfix affects the Windows DWM Core Library. This bug allows hackers to overload the main system and directly threaten connected systems. As Microsoft announced, the bug was reported to them by several sources, which means that it is very well known. Attacks have already taken place and usually multiply when bug fixes are made available because hackers want to exploit the targets before the path is closed. This is why we are also advising you to install the new Windows update quickly.
Another known and already exploited bug is a way to bypass the security functions in the Windows MSHTML platform. It is only known that there have already been attacks, but according to Microsoft, the bug is not publicly known and is therefore only used by a few cyber criminals. Until now, because the May 2024 patchday and the bug fix provided mean that the vulnerability is now known at the latest.
Many important bug fixes on the May 2024 patchday
In addition to the patches mentioned above, Microsoft also closed a number of security vulnerabilities classified as important during the May 2024 patchday.
Particularly worth mentioning here is a bug in ASP.NET, which has a vulnerability via the "Denial of Service". Hackers can use this to inject malware into the system. It is interesting to note that although the bug is known, there have allegedly been no attacks via this vulnerability to date. The patch provided should keep it that way.
A bug has been fixed in Microsoft Azure that enabled spoofing. This means pretending to be a trustworthy identity, such as an administrator. Hackers use spoofing to gain access to a system and can then basically do whatever they want there. They have access to all data, can steal or change it, infiltrate malware and so on. However, the bug is neither known nor has it been exploited. And now closed by the May 2024 patchday as soon as the latest update is installed.
Secure in Microsoft applications with skill it
In our seminars on Security, Compliance & Identity, we help you learn how to use Microsoft's applications securely so that you are always safe on the road, even without the May 2024 patch day.
For the basics, you can take our course Microsoft Security, Compliance, and Identity Fundamentals course. This will provide you with basic knowledge of security in Microsoft programs and the associated cloud.
If you are already familiar with it, you should deepen your knowledge. For example, in our four-day training Microsoft Cybersecurity Architect. You will learn how to develop and implement security strategies. In addition to theory, the course includes some practical exercises to help you solve problems and create a secure cyber environment. The course also serves as preparation for the Cybersecurity Architect Expert certificate exam.
