Microsoft issues patches for 59 vulnerabilities, including two zero-days actively exploited by attackers, CVE-2024-30051 and CVE-2024-30040.

Microsoft has released patches for 59 vulnerabilities, including two zero-days (CVE-2024-30051, CVE-2024-30040) actively exploited by attackers. CVE-2024-30051, an elevation of privilege bug in Windows DWM core library, has been exploited by QakBot operators and other threat actors. Researchers from Kaspersky, DBAPPSecurity WeBin Lab, Google Threat Analysis Group, and Google Mandiant have been credited with reporting the vulnerability.

May 14, 2024
5 Articles