For May 2024 Patch Tuesday, Microsoft has released fixes for 59 CVE-numbered vulnerabilities, including two zero-days (CVE-2024-30051, CVE-2024-30040) actively exploited by attackers. CVE-2024-30051 and CVE-2024-30040 CVE-2024-30051 is a heap-based buffer overflow vulnerability affecting the Windows DWM Core Library that can be exploited to elevate attackers’ privileges on a target system. “An attacker who successfully exploited this vulnerability could gain SYSTEM privileges,” Microsoft says. Researchers from Kaspersky, DBAPPSecurity WeBin Lab, Google Threat Analysis Group and Google … More
The post May 2024 Patch Tuesday: Microsoft fixes exploited zero-days (CVE-2024-30051, CVE-2024-30040) appeared first on Help Net Security.