Microsoft has released its monthly Patch Tuesday update, addressing over 60 bugs and issues. Administrators should pay special attention to a critical vulnerability in Microsoft SharePoint Server, as well as two zero-day flaws in the Windows MSHTML Platform and Windows Desktop Window Manager Core Library. The SharePoint Server flaw, identified as CVE-2024-30044, is a remote code execution vulnerability that allows attackers to upload a specially crafted file and execute arbitrary code on the victim server. The two zero-day flaws, CVE-2024-30040 and CVE-2024-30051, bypass object linking and embedding protections and enable attackers to gain system-level privileges, respectively. Of the two zero-days, CVE-2024-30051 is particularly concerning as it has been used in the infamous Qakbot malware. Microsoft urges administrators to apply the updates promptly to mitigate potential damage from these vulnerabilities.
May’s Patch Tuesday Shines Spotlight on Critical SharePoint Vulnerabilities and Qakbot Links
