In May 2024, one of the largest number of vulnerabilities and security wrongdoings in this ever-changing cyber world were discovered. These vulnerabilities indicate that we must remain vigilant about our approach to cybersecurity.
The online security landscape requires regular security patches to be in top form. Maintaining good cyber hygiene is crucial. That means keeping up to date with all security releases. It’s easy to forget about the importance of these monthly security patches. But with these updates, we have one of the best tools to combat cybercriminals’ malicious actions.
It’s a dispiriting picture: May 2024, the latest cycle of vulnerability report findings, reveals that thousands of modern software vulnerabilities affecting hundreds of widely used products are out there, quietly endangering us every minute of every day. In the report, we are confronted with a profile of modern cyber attack vectors, ranging from critical vulnerabilities to computers that have been compromised for more than two years. By sorting through their findings, we can uncover patterns that could help us be more vigilant and prevent some of them from occurring.
May Patch Tuesday has a special place on the calendar. On this day, Microsoft releases the collective security updates for the previous month. If we dig a little, we will know the effects this will have on our systems and why we will need to install the patches right away.
Analysis of the Latest Security Flaws Discovered in May 2024
By May 2024, they had discovered hundreds of vulnerabilities, ranging from low to high, like miscreant orphans and truly nefarious nightmares, their manifestations, and possible exploitation modes. The remainder of my article will focus on some of these vulnerabilities, providing their details and discussing why they should be promptly mitigated.
CVE-2024-30051: Critical Elevation of Privilege in Windows DWM Core Library
- Description: CVE-2024-30051 is a critical elevation of privileges vulnerability in Microsoft Windows’ Desktop Window Manager (DWM) Core Library. Active exploitation has been observed in the wild, having a high impact on impacted systems.
- Impact: An attacker can exploit this flaw to obtain SYSTEM-level privileges. This means the intruder can perform any operation on the system, such as executing arbitrary code, installing programs, viewing, changing, or deleting data, or creating a new account with full user rights.
- Mitigation: Windows systems should be patched or updated immediately. Organizations should swiftly deploy Microsoft’s security updates to protect against this high-risk vulnerability.
CVE-2024-30043: Information Disclosure in Microsoft SharePoint Server
- Description: Information disclosure vulnerability in Microsoft SharePoint Server (CVE-2024-30043) could allow an authenticated attacker to disclose sensitive information. Reported by Zero Day Initiative (ZDI).
- Impact: This vulnerability allows for Server-Side Request Forgery (SSRF) and NTLM relaying attacks. SSRF (Server-Side Request Forgery) allows attackers to make the server-side application they control talk to a different, potentially sensitive destination, and NTLM relaying allows the attacker to authenticate themselves to other services across the network.
- Mitigation: Microsoft SharePoint Server users should apply the most recent patches, administrators should enforce strong authentication mechanisms, and managers should monitor and analyze network activity for signs of abuse.
CVE-2024-30033: Elevation of Privilege in Windows Search Service
- Description: CVE-2024-30033 is a Windows Search Service elevation of privilege vulnerability that allows file deletion manipulation by the attacker.
- Implication: Because the target’s SELinux context can be arbitrary, an are-you-really-sure deletion vulnerability exists. An attacker could write arbitrary files to the system by always dropping and cleaning them up and pointing these deletion calls to pseudo-symlinks. This vulnerability could prevent the system from working, delete mission-critical data, or remove files necessary for system operations.
- Mitigation: Users and administrators may apply relevant Microsoft security updates, and subject to strict access controls and periodic system audits, the detection and prevention of unauthorized file manipulations become possible.
CVE-2024-30050: Security Feature Bypass in Windows Mark of the Web
- Description: CVE-2024-30050 is a ‘MOTW mark of the web feature bypass’ vulnerability used by ransomware gangs for security feature bypass.
- Implication: This vulnerability can allow a skilled attacker to use a malware file to leap over traditional security defenses that check for the MOTW security feature. And because the shielding provided by MOTW might not be triggered, the malicious file can bypass security warnings and permissions, allowing it to be executed in the way ransomware and other nefarious code must run to be fully effective.
- Mitigation: It remains vitally important to keep all Windows machines patched and updated and to educate users about the dangers of downloading and executing files from unknown sources.
These flaws depict just some of the wide variety of digital weaknesses facing businesses today: vulnerabilities ranging from privilege escalations to information leaks, feature bypasses, and more. Repairing each one swiftly upon discovery is critical to minimize the window of opportunity for attackers and ward off a surge of interest in developing exploits. Organizations that actively monitor the landscape of currently known vulnerabilities put themselves in a far better position to stay secure than those that ignore, deny, or neglect such knowledge.
Identifying Potential Cybersecurity Threats in May 2024
While shadows of May 2024 stretch across future vulnerabilities, the next wave of cyberattacks will likely pry open a digital closet. By anticipating what cracking digital safes means for the next wave of attacks, we can identify possible threat vectors and better equip our defenses with vigilance against them.
As such, the CVE (Common Vulnerabilities and Exposures) system is essential in helping to sort out and track the timeline of security vulnerabilities. Taking a look at the off-cycle May 2024 CVE updates helps to better understand everything that needs to be addressed this year. This invaluable information helps us understand the shifting landscape of security issues and what we must do to protect our systems.
Mitigation Strategies for May 2024 Vulnerabilities
CVE-2024-30051: Critical Elevation of Privilege in Windows DWM Core Library
- Patching: Apply the security updates released by Microsoft immediately.
- Monitoring: Continuously monitor systems for signs of exploitation and unusual activities.
- Access Controls: Restrict administrative privileges to the minimum necessary for system functionality.
CVE-2024-30043: Information Disclosure in Microsoft SharePoint Server
- Patching: Deploy the latest security patches from Microsoft.
- Authentication: Strengthen authentication mechanisms, including multi-factor authentication (MFA).
- Network Monitoring: Monitor for abnormal network traffic patterns indicative of SSRF or NTLM relay attacks.
CVE-2024-30033: Elevation of Privilege in Windows Search Service
- Patching: Implement the relevant security updates from Microsoft.
- Access Controls: Enforce strict access controls to prevent unauthorized file deletions.
- Auditing: Regularly audit system logs to detect and respond to suspicious file deletion activities.
CVE-2024-30050: Security Feature Bypass in Windows Mark of the Web
- Patching: Ensure all systems are updated with the latest patches.
- User Education: Educate users about the risks of downloading and executing files from untrusted sources.
- Security Software: Utilize robust security software that can detect and block attempts to bypass MOTW.
Such incidents remind us that it is always a good time to practice good forward security in our fast-changing cybersecurity world.
Secure your systems with ease and stay protected. Try ThreatMon, the top vendor-neutral solution for tracking security vulnerabilities. Get started with a free subscription today.
