Microsoft Patches 61 Flaws, Including Two Actively Exploited Zero-Days

Microsoft has released updates for 61 security flaws, including two zero-days actively exploited, as part of its May 2024 Patch Tuesday. The vulnerabilities range from moderate to critical, with significant issues in the Chromium-based Edge browser also addressed.

The exploited zero-days, CVE-2024-30040 and CVE-2024-30051, impact Windows MSHTML Platform and Windows Desktop Window Manager, respectively. These vulnerabilities could allow attackers to bypass security features and elevate privileges. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has urged federal agencies to apply these fixes by June 4, 2024.

Additional patches cover various components like Windows Mobile Broadband Driver and Windows Routing and Remote Access Service, with other vendors also releasing updates for numerous security issues across a broad range of software and hardware products.