Skip to content

No need for mayday call on fifth Patch Tuesday this year.

# Microsoft Releases 59 Patches in May Update

## Introduction
Microsoft has released a total of 59 patches across 11 product families in its May update. The majority of patches, 48 in total, are for Windows, with the remaining patches spread across various products such as .NET, Azure, SharePoint, and Visual Studio. Notably, only one critical-severity issue affecting SharePoint has been identified in this update.

## Key Details
– Two important-severity faults affecting Windows are currently being actively exploited in the wild.
– Ten additional important-severity vulnerabilities in Windows and SharePoint are predicted to be exploited within the next 30 days.
– The release also includes advisory information on patches related to Edge browser, Visual Studio (managed by GitHub), and Adobe.

## By the Numbers
– Total Microsoft CVEs: 59
– Total Edge/Chrome advisory issues covered in the update: 6
– Total non-Microsoft Visual Studio advisory issues covered in the update: 2
– Total Adobe issues covered in the update: 4
– Publicly disclosed vulnerabilities: 2
– Exploited vulnerabilities: 2
– Severity breakdown: Critical (1), Important (57), Moderate (1)

## Notable Updates and Themes
– The Chrome bug CVE-2024-4671 is highlighted due to its high-severity nature and active exploitation in the wild.
– Issues such as CVE-2024-30040 and CVE-2024-30051, both under active exploit, are detailed in the update.

## Sophos Protections
– Sophos has developed protections against several vulnerabilities, including those affecting Windows, SharePoint, and Visual Studio.
– A table listing the CVEs and corresponding Sophos protections is provided.

## Appendix Details
– Vulnerability Impact and Severity: Lists vulnerabilities sorted by impact and severity, including CVEs related to Remote Code Execution, Elevation of Privilege, Information Disclosure, Spoofing, Denial of Service, Security Feature Bypass, and Tampering.
– Exploitability: Details CVEs already under exploit and those likely to be exploited in the next 30 days.
– Products Affected: Lists patches by product family, including Windows, Dynamics 365, SharePoint, Visual Studio, .NET, Azure, Bing Search for iOS, Intune, Office, and Power BI.
– Advisories and Other Products: Provides information on advisories related to Edge/Chromium, Visual Studio (non-Microsoft), and Adobe (non-Microsoft).

## Key Points
– Microsoft released a total of 59 patches in its May update, addressing vulnerabilities across various product families.
– The update includes patches for actively exploited issues and those predicted to be exploited in the near future.
– Sophos has developed protections against several vulnerabilities, ensuring enhanced security for users.

In conclusion, Microsoft’s May update addresses critical security issues and provides necessary patches to safeguard against potential threats. Users are advised to promptly apply these updates to maintain the security of their systems.

Leave a Reply

Your email address will not be published. Required fields are marked *