Today’s Current Affairs: Microsoft Addresses 61 Security Flaws in Patch Tuesday Updates
Microsoft has recently released Patch Tuesday updates for May 2024, addressing a total of 61 new security flaws in its software. Among these vulnerabilities, two zero-days have been actively exploited in the wild, raising concerns about potential cyber threats.
The severity of the flaws varies, with one rated Critical, 59 rated Important, and one rated Moderate. Additionally, 30 vulnerabilities in the Chromium-based Edge browser have been resolved, including two zero-days that have been exploited in attacks.
The two exploited vulnerabilities include a Windows MSHTML Platform Security Feature Bypass flaw and a Windows Desktop Window Manager Core Library Elevation of Privilege vulnerability. These flaws could allow threat actors to execute arbitrary code and gain SYSTEM privileges, respectively.
It is crucial for users to update their systems with the latest patches to mitigate the risks posed by these security vulnerabilities. Stay informed and stay safe in today’s ever-evolving digital landscape.
Question 1: What is the severity rating of the security flaw CVE-2024-30040?
– A) Low
– B) Moderate
– C) Critical
– D) Important
Answer: C) Critical
Question 2: Which vulnerability could allow a threat actor to gain SYSTEM privileges?
– A) CVE-2024-30040
– B) CVE-2024-30051
– C) CVE-2024-30025
– D) CVE-2024-30037
Answer: B) CVE-2024-30051
When did Microsoft address 61 new security flaws?
Microsoft addressed 61 new security flaws in its software as part of its Patch Tuesday updates for May 2024.
How many zero-day vulnerabilities were actively exploited?
Microsoft addressed two zero-day vulnerabilities that were actively exploited in the wild.
What are the details of the two security shortcomings that were weaponized?
The two security shortcomings that were weaponized are CVE-2024-30040 (Windows MSHTML Platform Security Feature Bypass Vulnerability) and CVE-2024-30051 (Windows Desktop Window Manager Core Library Elevation of Privilege Vulnerability).
What is the recommended action for federal agencies regarding the vulnerabilities?
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, requiring federal agencies to apply the latest fixes by June 4, 2024.
What is the impact of the security feature bypass vulnerability CVE-2024-30050?
The security feature bypass vulnerability CVE-2024-30050 impacts Windows Mark-of-the-Web (MotW) and could be exploited by a malicious file to evade defenses.
Today's Current Affairs bring news of Microsoft addressing 61 new security flaws in its software as part of its Patch Tuesday updates for May 2024. Among these vulnerabilities, two zero-days have been actively exploited in the wild. One of the critical flaws, CVE-2024-30040, allows attackers to gain code execution by tricking users into opening a malicious document. Another flaw, CVE-2024-30051, enables threat actors to gain SYSTEM privileges. These vulnerabilities have been added to the U.S. Cybersecurity and Infrastructure Security Agency's Known Exploited Vulnerabilities catalog. Microsoft has also resolved several other remote code execution bugs and privilege escalation flaws in different components. Stay tuned for more updates on software patches from other vendors.