Security Advisory

MS Family May 2024 Routine Security Update Advisory

  • May 16 2024

Overview

 

Microsoft(https://www.microsoft.com) has released a security update that fixes vulnerabilities in products it has supplied. users of affected products are advised to update to the latest version.

 

Affected Products

 

 

Apps family

Microsoft Bing Search for iOS

Microsoft Intune Mobile Application Management for Android

 

Azure Family

Azure Migrate

 

Browser family

Microsoft Edge (Chromium-based)

 

Developer Tools suite

.NET 7.0

.NET 8.0

Microsoft Visual Studio 2017 version 15.9 (includes 15.0 – 15.8)

Microsoft Visual Studio 2019 version 16.11 (includes 16.0 – 16.10)

Microsoft Visual Studio 2022 version 17.4

Microsoft Visual Studio 2022 version 17.6

Microsoft Visual Studio 2022 version 17.8

Microsoft Visual Studio 2022 version 17.9

 

ESU Family

Windows Server 2008 R2 for x64-based Systems Service Pack 1

Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)

Windows Server 2008 for 32-bit Systems Service Pack 2

Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)

Windows Server 2008 for x64-based Systems Service Pack 2

Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)

Windows Server 2012

Windows Server 2012 (Server Core installation)

Windows Server 2012 R2

Windows Server 2012 R2 (Server Core installation)

 

Microsoft Dynamics Suite

Dynamics 365 Customer Insights

 

Microsoft Office Suite

Microsoft 365 Apps for Enterprise for 32-bit Systems

Microsoft 365 Apps for Enterprise for 64-bit Systems

Microsoft Excel 2016 (32-bit edition)

Microsoft Excel 2016 (64-bit edition)

Microsoft Office 2019 for 32-bit editions

Microsoft Office 2019 for 64-bit editions

Microsoft Office LTSC 2021 for 32-bit editions

Microsoft Office LTSC 2021 for 64-bit editions

Microsoft Office LTSC for Mac 2021

Microsoft SharePoint Enterprise Server 2016

Microsoft SharePoint Server 2019

Microsoft SharePoint Server Subscription Edition

Office Online Server

 

SQL Server Family

PowerBI-client JS SDK

 

Windows Family

Windows 10 Version 1607 for 32-bit Systems

Windows 10 Version 1607 for x64-based Systems

Windows 10 Version 1809 for 32-bit Systems

Windows 10 Version 1809 for ARM64-based Systems

Windows 10 Version 1809 for x64-based Systems

Windows 10 Version 21H2 for 32-bit Systems

Windows 10 Version 21H2 for ARM64-based Systems

Windows 10 Version 21H2 for x64-based Systems

Windows 10 Version 22H2 for 32-bit Systems

Windows 10 Version 22H2 for ARM64-based Systems

Windows 10 Version 22H2 for x64-based Systems

Windows 10 for 32-bit Systems

Windows 10 for x64-based Systems

Windows 11 Version 22H2 for ARM64-based Systems

Windows 11 Version 22H2 for x64-based Systems

Windows 11 Version 23H2 for ARM64-based Systems

Windows 11 Version 23H2 for x64-based Systems

Windows 11 version 21H2 for ARM64-based Systems

Windows 11 version 21H2 for x64-based Systems

Windows Server 2016

Windows Server 2016 (Server Core installation)

Windows Server 2019

Windows Server 2019 (Server Core installation)

Windows Server 2022

Windows Server 2022 (Server Core installation)

Windows Server 2022, 23H2 Edition (Server Core installation)

 

Resolved Vulnerabilities

 

1 vulnerability rated Critical and 59 vulnerabilities rated Important were found.

 

Apps family

Critical spoofing vulnerability in Microsoft Bing (CVE-2024-30041)

Critical-rated Tampering vulnerability in Microsoft Intune (CVE-2024-30059)

 

Azure family of products

Critical-grade spoofing vulnerability in Azure Migrate (CVE-2024-30053)

 

Browser family

Write vulnerability out of scope of V8 functionality in Microsoft Edge (Chromium-based) (CVE-2024-4761)

 

Developer Tools Suite

Critical remote code execution vulnerability in .NET and Visual Studio (CVE-2024-30045)

Critical-grade denial-of-service vulnerability in Visual Studio (CVE-2024-30046)

Critical-grade remote code execution vulnerability in Visual Studio (CVE-2024-32002, CVE-2024-32004)

 

ESU Family

Windows Win32K – Critical elevation of privilege vulnerability in GRFX (CVE-2024-30030)

 

Microsoft Dynamics Suite

Critical-grade spoofing vulnerability in Microsoft Dynamics 365 Customer Insights (CVE-2024-30047, CVE-2024-30048)

 

Microsoft Office Suite

Critical remote code execution vulnerability in Microsoft Office Excel (CVE-2024-30042)

Critical remote code execution vulnerability in Microsoft Office SharePoint (CVE-2024-30044)

Critical information disclosure vulnerability in Microsoft Office SharePoint (CVE-2024-30043)

 

SQL Server Family

Critical information disclosure vulnerability in Power BI (CVE-2024-30054)

 

Windows Family

Critical elevation of privilege vulnerability in Microsoft Brokering File System (CVE-2024-30007)

Critical remote code execution vulnerability in Microsoft WDAC OLE DB provider for SQL (CVE-2024-30006)

Critical elevation of privilege vulnerability in Microsoft Windows SCSI Class System File (CVE-2024-29994)

Critical elevation of privilege vulnerability in Microsoft Windows Search Component (CVE-2024-30033)

Critical elevation of privilege vulnerability in Windows CNG Key Isolation Service (CVE-2024-30031)

Critical information disclosure vulnerability in the Windows Cloud Files Mini Filter Driver (CVE-2024-30034)

Critical elevation of privilege vulnerabilities in the Windows Common Log File System Driver (CVE-2024-29996, CVE-2024-30025, CVE-2024-30037)

Critical remote code execution vulnerability in Windows Cryptographic Services (CVE-2024-30020)

Critical information disclosure vulnerability in Windows Cryptographic Services (CVE-2024-30016)

Critical denial of service vulnerability in Windows DHCP Server (CVE-2024-30019)

Critical elevation of privilege vulnerabilities in Windows DWM Core Library (CVE-2024-30032, CVE-2024-30035, CVE-2024-30051)

Critical information disclosure vulnerability in Windows DWM Core Library (CVE-2024-30008)

Critical information disclosure vulnerability in Windows Deployment Services (CVE-2024-30036)

Critical Denial of Service Vulnerability in Windows Hyper-V (CVE-2024-30011)

Critical remote code execution vulnerabilities in Windows Hyper-V (CVE-2024-30010, CVE-2024-30017)

Critical elevation of privilege vulnerability in Windows Kernel (CVE-2024-30018)

Critical security feature bypass vulnerability in Windows MSHTML Platform (CVE-2024-30040)

Moderate Security Feature Bypass Vulnerability in Windows Mark of the Web (MOTW) (CVE-2024-30050)

Critical remote code execution vulnerabilities in Windows Mobile Broadband (CVE-2024-29997, CVE-2024-29998, CVE-2024-29999, CVE-2024-29999, CVE-2024-30000, CVE-2024-30001, CVE-2024-30002, CVE-2024-30003, CVE-2024-30004, CVE-2024-30005, CVE-2024-30012, CVE-2024-30021)

Critical elevation of privilege vulnerability in Windows NTFS (CVE-2024-30027)

Critical information disclosure vulnerability in Windows Remote Access Connection Manager (CVE-2024-30039)

Critical remote code execution vulnerabilities in Windows Routing and Remote Access Service (RRAS) (CVE-2024-30009, CVE-2024-30014, CVE-2024-30015, CVE-2024-30022, CVE-2024-30023, CVE-2024-30024, CVE-2024-30029)

Critical elevation of privilege vulnerability in Windows Task Scheduler (CVE-2024-26238)

Critical elevation of privilege vulnerabilities in Windows Win32K – ICOMP (CVE-2024-30028, CVE-2024-30038, CVE-2024-30049)

 

Vulnerability Patches

 

The following product-specific Vulnerability Patches were made available in the May 14, 2024 Update Please use the Windows Update feature for automatic installation or refer to the URLs in the product information below to download and install.

.NET 7.0 version

https://dotnet.microsoft.com/en-us/download/dotnet/7.0

.NET 8.0 versions

https://dotnet.microsoft.com/en-us/download/dotnet/8.0

Azure Migrate version

Dynamics 365 Customer Insights version

https://msrc.microsoft.com/update-guide/

Microsoft 365 Apps for Enterprise version

https://msrc.microsoft.com/update-guide/

Microsoft Bing Search for iOS version

Microsoft Edge (Chromium-based) version

https://msrc.microsoft.com/update-guide/

Microsoft Excel 2016 version

https://www.microsoft.com/downloads/details.aspx?familyid=ec742c29-85f8-4abe-a92f-7f68f5748dc7

Microsoft Intune Mobile Application Management for Android version

https://msrc.microsoft.com/update-guide/

Microsoft Office 2019 version

Microsoft Office LTSC 2021 version

https://msrc.microsoft.com/update-guide/

Microsoft Office LTSC for Mac 2021 version

https://msrc.microsoft.com/update-guide/

Microsoft SharePoint Enterprise Server 2016 editions

https://www.microsoft.com/downloads/details.aspx?familyid=c6668bbd-c1c8-45c4-9a1f-3013d6db3569

Microsoft SharePoint Server 2019 editions

https://www.microsoft.com/downloads/details.aspx?familyid=b2979480-9728-409f-bce4-c2e574dc83ce

Microsoft SharePoint Server Subscription Edition version

https://www.microsoft.com/downloads/details.aspx?familyid=523339ec-3e36-44d3-a5ea-49d09d535343

Microsoft Visual Studio 2017 version 15.9 (includes 15.0 – 15.8) version

Microsoft Visual Studio 2019 version 16.11 (includes 16.0 – 16.10) version

Microsoft Visual Studio 2022 version 17.4

Microsoft Visual Studio 2022 version 17.6

Microsoft Visual Studio 2022 version 17.8

Microsoft Visual Studio 2022 version 17.9

https://msrc.microsoft.com/update-guide/

Office Online Server version

https://www.microsoft.com/downloads/details.aspx?familyid=c17819a8-c580-4ad9-b094-97247199f060

PowerBI-client JS SDK version

https://msrc.microsoft.com/update-guide/

Windows 10 version

https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5037788

Windows 10 Version 1607 Version

https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5037763

Windows 10 Version 1809

https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5037765

Windows 10 Version 21H2

Windows 10 Version 22H2

https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5037768

Windows 11 Version 22H2

Windows 11 Version 23H2

https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5037771

Windows 11 Version 21H2

https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5037770

Windows Server 2008 R2 with Service Pack 1 version

https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5037780

https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5037803

Windows Server 2008 Service Pack 2 editions

https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5037800

https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5037836

Windows Server 2012 editions

https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5037778

Windows Server 2012 R2 editions

https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5037823

Windows Server 2016 editions

https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5037763

Windows Server 2019 editions

https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5037765

Windows Server 2022 editions

https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5037782

https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5037848

Windows Server 2022, 23H2 Edition version

https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5037781

Tags:

Previous Post

Next Post