May 2024 Patch Tuesday: Microsoft fixes exploited zero-days (CVE-2024-30051, CVE-2024-30040)

For May 2024 Patch Tuesday, Microsoft has released fixes for 59 CVE-numbered vulnerabilities, including two zero-days (CVE-2024-30051, CVE-2024-30040) actively exploited by attackers. CVE-2024-30051 and CVE-2024-30040 CVE-2024-30051 is a heap-based buffer overflow vulnerability affecting the Windows DWM Core Library that can be exploited to elevate attackers’ privileges on a target system. “An attacker who successfully exploited this vulnerability could gain SYSTEM privileges,” Microsoft says. Researchers from Kaspersky, DBAPPSecurity WeBin Lab, Google Threat Analysis Group and Google … More →

The post …

0 day actively exploited attackers buffer buffer overflow buffer overflow vulnerability can cve cve-2024 don't miss elevate exploited fixes hot stuff kaspersky library mandiant may microsoft overflow patch patch tuesday privileges security update sharepoint system target trend micro tuesday vulnerabilities vulnerability windows zero-days