Microsoft has announced the release of the May update of Patch Tuesday, addressing a total of 61 vulnerabilities, including three zero-day vulnerabilities that were actively exploited or publicly disclosed before being fixed.
Out of the 61 vulnerabilities, only one was classified as critical – a remote code execution vulnerability on the Microsoft Sharepoint server. The vulnerabilities were categorized as follows:
- 17 vulnerabilities related to privileges;
- 2 vulnerabilities bypassing security functions;
- 27 vulnerabilities involving remote code;
- 7 vulnerabilities disclosing information;
- 3 vulnerabilities causing service failure;
- 4 vulnerabilities leading to data substitution.
Notably, this list does not include two vulnerabilities in Microsoft Edge fixed on May 2, and four more fixed on May 10.
Zero-day vulnerabilities are those that are publicly disclosed or actively exploited in attacks prior to being officially patched. In this update, Microsoft addressed three zero-day vulnerabilities:
- CVE-2024-30040 – a vulnerability allowing arbitrary code execution on the MSHTML Windows platform;
- CVE-2024-30051 – a privilege escalation vulnerability in the Liber Library of DWM Windows;
- CVE-2024-30046 – a denial of service vulnerability in Visual Studio.
Furthermore, Microsoft resolved a known issue that was causing VPN connections in Windows to fail after installing April security updates. These fixes are included in the latest Patch Tuesday release.
Microsoft’s prompt release of the May updates demonstrates a responsible approach to addressing critical vulnerabilities in Windows and related products. It is essential for users to promptly install these updates to protect their devices and minimize the risk of cyber attacks.