Tech News

Tech Business News

  • Home
  • Technology
  • Business
  • News
    • Technology News
    • Local Tech News
    • World Tech News
    • General News
    • News Stories
  • Media Releases
    • Tech Media Releases
    • General Media Releases
  • Advertisers
    • Advertiser Content
    • Promoted Content
    • Sponsored Whitepapers
    • Advertising Options
  • Cyber
  • Reports
  • People
  • Science
  • Articles
    • Opinion
    • Digital Marketing
    • Gaming
    • Guest Publishers
  • About
    • Tech Business News
    • News Contributions -Submit
    • Journalist Application
    • Contact Us
Reading: Microsoft’s Latest Patch Addresses 59 CVEs And Critical Zero-Day Flaws
Share
Font ResizerAa
Tech Business NewsTech Business News
  • Home
  • Technology News
  • Business News
  • News Stories
  • General News
  • World News
  • Media Releases
Search
  • News
    • Technology News
    • Business News
    • Local News
    • News Stories
    • General News
    • World News
    • Global News
  • Media Releases
    • Tech Media Releases
    • General Press
  • Categories
    • Crypto News
    • Cyber
    • Digital Marketing
    • Education
    • Gadgets
    • Technology
    • Guest Publishers
    • IT Security
    • People In Technology
    • Reports
    • Science
    • Software
    • Stock Market
  • Promoted Content
    • Advertisers
    • Promoted
    • Sponsored Whitepapers
  • Contact & About
    • Contact Information
    • About Tech Business News
    • News Contributions & Submissions
Follow US
© 2022 Tech Business News- Australian Technology News. All Rights Reserved.
Tech Business News > IT Security > Microsoft’s Latest Patch Addresses 59 CVEs And Critical Zero-Day Flaws
IT Security

Microsoft’s Latest Patch Addresses 59 CVEs And Critical Zero-Day Flaws

Editorial Desk
Last updated: May 16, 2024 8:00 pm
Editorial Desk
Share
SHARE

In its most recent Patch Tuesday rollout, Microsoft took on a hefty load of 59 CVEs (Common Vulnerabilities and Exposures), shining a spotlight on one particularly critical vulnerability along with three zero-day flaws

Among these, a sneaky elevation of privilege glitch lurking in the DWM Core Library beneath Microsoft Windows systems, as well as a security feature bypass nestled within the MSHTML Engine, have come to the forefront as the exploited zero-day culprits.

Satnam Narang, Senior Staff Research Engineer at Tenable, lent his expertise to dissecting the Patch Tuesday affair.

While acknowledging a noticeable dip from last month’s staggering 147 CVE count, which had set a record high, Narang cautioned against complacency, especially in light of the uptick in zero-day threats.

Zooming in on the exploit tagged with CVE-2024-30051, Narang unpacked its potential for post-compromise privilege elevation among local attackers.

Shedding light on its modus operandi, he explained, “Zero-day exploitation of an elevation of privilege flaw often signals targeted attack campaigns. Even post-patch, threat actors manage to find success exploiting these vulnerabilities.”

Narang underscored the strategic deployment of CVE-2024-30051 for initial access into target environments, hinging on social engineering tactics like phishing emails to lure unsuspecting victims into opening malicious documents.

Once breached, attackers can sidestep OLE (Object Linking and Embedding) mitigations in Microsoft 365 and Office, effectively outmaneuvering built-in security barriers.

The recurrence of exploits targeting the DWM Core Library raised eyebrows, with Narang hinting at possible links between CVE-2024-30051 and its predecessor CVE-2023-36033.

Drawing parallels, he mused, “While specifics remain under wraps, the pattern suggests either a persistent threat actor or a patch loophole left unsealed.”

Turning to the MSHTML realm, CVE-2024-30040 emerged as the year’s first security feature bypass exploit, following a flurry of eight vulnerabilities patched in 2023. Of the previous batch, only one had been exploited in the wild as a zero-day, underscoring the evolving landscape of cyber threats.

Amidst the lineup, CVE-2024-30044 stood out as the lone ‘Critical’ contender, earning accolades from Narang for its stringent exploitation prerequisites. He elaborated, “This flaw demands authenticated access to a vulnerable SharePoint Server with elevated permissions, a barrier that may deter all but the most determined attackers.”

As the digital battleground continues to evolve, Microsoft’s Patch Tuesday saga serves as a stark reminder of the perpetual arms race between security defenders and threat actors, each maneuvering to outwit the other in a high-stakes game of cat and mouse.

ByEditorial Desk
The TBN team is a well establish group of technology industry professionals with backgrounds in IT Systems, Business Communications and Journalism.
Previous Article Microsoft Anti-Trust Teams Microsoft To Face Anti-Trust Probe By The European Commission
Next Article Australian Companies Pay Ransomware Demands Most Australian Companies Would Pay Ransomware Demands
Leave a Comment

Leave a Reply Cancel reply

You must be logged in to post a comment.

Microsoft addresses 59 CVEs including critical zero-day flaws

Tech Articles

Why your nbn evening speeds slow down

Why Your NBN Slows Down at Night — And How To Find the Real Cause

NBN slow at night? ACCC data shows why evening speeds…

July 2, 2026
The Growing Crisis of Space junk and Debris

Space Junk Is Becoming One of the Biggest Threats to Modern Spaceflight

More than 33,000 tracked objects now orbit Earth at speeds…

May 8, 2026
Why is APAC losing the war on digital fraud

Why APAC is Losing Ground In The Fight Against Digital Fraud

Why APAC is losing the war on digital fraud is…

May 6, 2026

Recent News

Mitigating Threats To Cloud-Based GPUs
IT Security

Mitigating Threats To Cloud-Based GPUs

7 Min Read
VMware Aria Services IRAP Aust Gov Data protected level - tech news
IT Security

VMware Aria Services IRAP Assessed to Process Australian Government Data at PROTECTED Level

3 Min Read
Configuration Probing backup weakness
IT Security

Your Backups Might Be Your Greatest Weakness

5 Min Read
Forescout Acquire Cysiv
IT Security

Forescout Announces Intent to Acquire Cysiv

4 Min Read
Tech News - Technology Business

Tech Business News

In 2026, technology news is shaping business outcomes faster than ever—driven by AI adoption, rising cyber risk, cloud modernisation, data regulation, and constant platform change.
 
Tech News keeps Australian organisations and industry professionals informed with timely reporting and practical coverage across AI, cybersecurity, cloud, enterprise IT, startups, science, people and business, plus major world and local news impacting the tech sector.
 
Tech Business News publishes news and analysis designed to be clear, relevant, and easy to act on. It supports the industry with technology news reports, whitepaper publishing services, and a range of media, advertising and publishing options 

About

About Us 
Contact Us 
Privacy Policy
Copyright Policy
Terms & Conditions

July, 06, 2026

Contact

Tech Business News
Melbourne, Australia
Werribee 3030
Phone: +61 431401041

Hours : Monday to Friday, 9am 530-pm.

Tech News

© Copyright Tech Business News 

Latest Australian Tech News – 2026

Welcome Back!

Sign in to your account

Username or Email Address
Password

Lost your password?