Last Update: Nov 19, 2024 | Published: May 15, 2024
Key Takeaways:
- Microsoft’s May 2024 Patch Tuesday updates address 59 vulnerabilities, including two zero-day flaws already being exploited by attackers.
- Microsoft has fixed a high-severity security feature bypass vulnerability in the Windows MSHTML platform and an elevation of privilege flaw in Windows DWM Core Library.
- Microsoft has introduced minor changes to Widgets icons on the taskbar and enhancements to lock screen widgets on Windows 11.
Microsoft has released the May 2024 Patch Tuesday updates for Windows 11 and Windows 10. This month, Microsoft fixed a total of 59 security vulnerabilities in Windows and other components, and there are two zero-day flaws that are already being exploited by attackers.
On the quality and experience updates front, Microsoft has released some changes to the Widgets icons on the taskbar and widgets cards on the lock screen on Windows 11. The latest update also fixes a known issue that was causing the Settings app to become unresponsive on Windows 11 PCs.
As highlighted by the Zero Day Initiative, Microsoft’s May 2024 Patch Tuesday Updates include fixes for 59 vulnerabilities. Among these, only one is categorized as “Critical,” 57 are deemed “Important,” and one carries a “Moderate” severity rating.
Here’s the complete list of resolved vulnerabilities in the May 2024 Patch Tuesday updates:
Product | Impact | Max Severity | Article | Download | Details |
Microsoft Edge (Chromium-based) | Release Notes | Security Update | CVE-2024-4761 | ||
Windows 10 Version 1607 for 32-bit Systems | Security Feature Bypass | Important | 5037763 | Security Update | CVE-2024-30040 |
Windows 10 for x64-based Systems | Security Feature Bypass | Important | 5037788 | Security Update | CVE-2024-30040 |
Windows 10 for 32-bit Systems | Security Feature Bypass | Important | 5037788 | Security Update | CVE-2024-30040 |
Windows Server 2022, 23H2 Edition (Server Core installation) | Security Feature Bypass | Important | 5037781 | Security Update | CVE-2024-30040 |
Windows 11 Version 23H2 for x64-based Systems | Security Feature Bypass | Important | 5037771 | Security Update | CVE-2024-30040 |
Windows 11 Version 23H2 for ARM64-based Systems | Security Feature Bypass | Important | 5037771 | Security Update | CVE-2024-30040 |
Windows 10 Version 22H2 for 32-bit Systems | Security Feature Bypass | Important | 5037768 | Security Update | CVE-2024-30040 |
Windows 10 Version 22H2 for ARM64-based Systems | Security Feature Bypass | Important | 5037768 | Security Update | CVE-2024-30040 |
Windows 10 Version 22H2 for x64-based Systems | Security Feature Bypass | Important | 5037768 | Security Update | CVE-2024-30040 |
Windows 11 Version 22H2 for x64-based Systems | Security Feature Bypass | Important | 5037771 | Security Update | CVE-2024-30040 |
Windows 11 Version 22H2 for ARM64-based Systems | Security Feature Bypass | Important | 5037771 | Security Update | CVE-2024-30040 |
Windows 10 Version 21H2 for x64-based Systems | Security Feature Bypass | Important | 5037768 | Security Update | CVE-2024-30040 |
Windows 10 Version 21H2 for ARM64-based Systems | Security Feature Bypass | Important | 5037768 | Security Update | CVE-2024-30040 |
Windows 10 Version 21H2 for 32-bit Systems | Security Feature Bypass | Important | 5037768 | Security Update | CVE-2024-30040 |
Windows 11 version 21H2 for ARM64-based Systems | Security Feature Bypass | Important | 5037770 | Security Update | CVE-2024-30040 |
Windows 11 version 21H2 for x64-based Systems | Security Feature Bypass | Important | 5037770 | Security Update | CVE-2024-30040 |
Windows Server 2022 (Server Core installation) | Security Feature Bypass | Important | 5037782 | Security Update | CVE-2024-30040 |
Windows Server 2022 (Server Core installation) | Security Feature Bypass | Important | 5037848 | SecurityHotpatchUpdate | CVE-2024-30040 |
Windows Server 2022 | Security Feature Bypass | Important | 5037782 | Security Update | CVE-2024-30040 |
Windows Server 2022 | Security Feature Bypass | Important | 5037848 | SecurityHotpatchUpdate | CVE-2024-30040 |
Windows Server 2019 (Server Core installation) | Security Feature Bypass | Important | 5037765 | Security Update | CVE-2024-30040 |
Windows Server 2019 | Security Feature Bypass | Important | 5037765 | Security Update | CVE-2024-30040 |
Windows 10 Version 1809 for ARM64-based Systems | Security Feature Bypass | Important | 5037765 | Security Update | CVE-2024-30040 |
Windows 10 Version 1809 for x64-based Systems | Security Feature Bypass | Important | 5037765 | Security Update | CVE-2024-30040 |
Windows 10 Version 1809 for 32-bit Systems | Security Feature Bypass | Important | 5037765 | Security Update | CVE-2024-30040 |
Windows Server 2012 R2 (Server Core installation) | Information Disclosure | Important | 5037823 | Monthly Rollup | CVE-2024-30039 |
Windows Server 2012 R2 | Information Disclosure | Important | 5037823 | Monthly Rollup | CVE-2024-30039 |
Windows Server 2012 (Server Core installation) | Information Disclosure | Important | 5037778 | Monthly Rollup | CVE-2024-30039 |
Windows Server 2012 | Information Disclosure | Important | 5037778 | Monthly Rollup | CVE-2024-30039 |
Windows Server 2016 (Server Core installation) | Elevation of Privilege | Important | 5037763 | Security Update | CVE-2024-30038 |
Windows Server 2016 | Elevation of Privilege | Important | 5037763 | Security Update | CVE-2024-30038 |
Windows 10 Version 1607 for x64-based Systems | Elevation of Privilege | Important | 5037763 | Security Update | CVE-2024-30038 |
PowerBI-client JS SDK | Information Disclosure | Important | Release Notes | Security Update | CVE-2024-30054 |
Microsoft Visual Studio 2022 version 17.8 | Remote Code Execution | Important | Release Notes | Security Update | CVE-2024-32004 |
Microsoft Visual Studio 2022 version 17.6 | Remote Code Execution | Important | Release Notes | Security Update | CVE-2024-32004 |
Microsoft Visual Studio 2022 version 17.4 | Remote Code Execution | Important | Release Notes | Security Update | CVE-2024-32004 |
Microsoft Visual Studio 2022 version 17.9 | Remote Code Execution | Important | Release Notes | Security Update | CVE-2024-32004 |
Microsoft Visual Studio 2019 version 16.11 (includes 16.0 – 16.10) | Remote Code Execution | Important | Release Notes | Security Update | CVE-2024-32004 |
Microsoft Visual Studio 2017 version 15.9 (includes 15.0 – 15.8) | Remote Code Execution | Important | Release Notes | Security Update | CVE-2024-32004 |
Dynamics 365 Customer Insights | Spoofing | Important | Release Notes | Security Update | CVE-2024-30048 |
.NET 7.0 | Remote Code Execution | Important | 5038351 | Security Update | CVE-2024-30045 |
.NET 8.0 | Remote Code Execution | Important | 5038352 | Security Update | CVE-2024-30045 |
Microsoft SharePoint Server Subscription Edition | Information Disclosure | Important | 5002599 | Security Update | CVE-2024-30043 |
Microsoft SharePoint Server 2019 | Information Disclosure | Important | 5002596 | Security Update | CVE-2024-30043 |
Microsoft Office 2019 for 64-bit editions | Remote Code Execution | Important | Click to Run | Security Update | CVE-2024-30042 |
Microsoft Office 2019 for 32-bit editions | Remote Code Execution | Important | Click to Run | Security Update | CVE-2024-30042 |
Office Online Server | Remote Code Execution | Important | 5002503 | Security Update | CVE-2024-30042 |
Microsoft Bing Search for iOS | Spoofing | Important | Release Notes | Security Update | CVE-2024-30041 |
Microsoft SharePoint Enterprise Server 2016 | Information Disclosure | Important | 5002598 | Security Update | CVE-2024-30043 |
Microsoft Excel 2016 (64-bit edition) | Remote Code Execution | Important | 5002587 | Security Update | CVE-2024-30042 |
Microsoft Excel 2016 (32-bit edition) | Remote Code Execution | Important | 5002587 | Security Update | CVE-2024-30042 |
Microsoft Office LTSC 2021 for 32-bit editions | Remote Code Execution | Important | Click to Run | Security Update | CVE-2024-30042 |
Microsoft Office LTSC 2021 for 64-bit editions | Remote Code Execution | Important | Click to Run | Security Update | CVE-2024-30042 |
Microsoft Office LTSC for Mac 2021 | Remote Code Execution | Important | Release Notes | Security Update | CVE-2024-30042 |
Microsoft 365 Apps for Enterprise for 64-bit Systems | Remote Code Execution | Important | Click to Run | Security Update | CVE-2024-30042 |
Microsoft 365 Apps for Enterprise for 32-bit Systems | Remote Code Execution | Important | Click to Run | Security Update | CVE-2024-30042 |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | Elevation of Privilege | Important | 5037780 | Monthly Rollup | CVE-2024-30049 |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | Elevation of Privilege | Important | 5037803 | Security Only | CVE-2024-30049 |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | Elevation of Privilege | Important | 5037780 | Monthly Rollup | CVE-2024-30049 |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | Elevation of Privilege | Important | 5037803 | Security Only | CVE-2024-30049 |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | Elevation of Privilege | Important | 5037800 | Monthly Rollup | CVE-2024-30049 |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | Elevation of Privilege | Important | 5037836 | Security Only | CVE-2024-30049 |
Windows Server 2008 for x64-based Systems Service Pack 2 | Elevation of Privilege | Important | 5037800 | Monthly Rollup | CVE-2024-30049 |
Windows Server 2008 for x64-based Systems Service Pack 2 | Elevation of Privilege | Important | 5037836 | Security Only | CVE-2024-30049 |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | Elevation of Privilege | Important | 5037800 | Monthly Rollup | CVE-2024-30049 |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | Elevation of Privilege | Important | 5037836 | Security Only | CVE-2024-30049 |
Windows Server 2008 for 32-bit Systems Service Pack 2 | Elevation of Privilege | Important | 5037800 | Monthly Rollup | CVE-2024-30049 |
Windows Server 2008 for 32-bit Systems Service Pack 2 | Elevation of Privilege | Important | 5037836 | Security Only | CVE-2024-30049 |
Microsoft Intune Mobile Application Management for Android | Tampering | Important | Release Notes | Security Update | CVE-2024-30059 |
Azure Migrate | Spoofing | Important | Release Notes | Security Update | CVE-2024-30053 |
If you’re running Windows 11 versions 23H2 and 22H2, Microsoft has introduced new larger widget icons on the taskbar. The company has also added more customization options and visuals to improve the lock screen widgets for sports, weather, and finance news. Windows 11 users will also start seeing ads for some Microsoft Store apps and frequently used apps in the Recommended section of the Start menu.
For Windows 10, this month’s Patch Tuesday Update brings the same minor changes to widgets cards on the lock screen. The KB5037768 patch brings a new personalized app search experience and reliability improvements for Windows Search. Microsoft has also added support for account-related notifications for Microsoft accounts in Settings.
Microsoft has also addressed an issue that was previously causing VPN connections to fail on Windows 11 and Windows 10 devices. The company has also fixed Bluetooth connection problems with some wireless earbuds.
Organizations looking to deploy this month’s patches should conduct thorough testing before deploying them widely on production systems. That said, applying the patches widely shouldn’t be delayed longer than necessary as hackers start to work out how to weaponize newly reported vulnerabilities.
A best practice is to make sure you have backed up systems before applying updates. Every month, users experience issues with Windows updates that lead to systems not booting, application and hardware compatibility issues, or even data loss in extreme cases.
There are backup tools built into Windows and Windows Server that you can use to restore systems in the event a patch causes a problem. The backup features in Windows can be used to restore an entire system, or files and folders on a granular basis.