Microsoft Releases May 2024 Security Updates - 20240515002 (#732)

* Cisco Expressway Advisory * Format markdown files * Update 20240208003-Cisco-Expressway-Series-Cross_Site-Request-Forgery.md changing of links * Format markdown files * Adobe Releases Security Updates * Format markdown files * Adobe Releases Security Updates * Format markdown files * Bricks WordPress Advisory * Format markdown files * Bricks WordPress * Zyxel security advisory * Format markdown files * Linux Kernel Code Execution Vulnerability * Format markdown files * released a security advisory * Format markdown files * Update and rename 20240308004-Android-security-advisory.md to 20240308004-Android-security-advisory.md Changed from 007 to 008 * Android security advisory 20240308004 * Format markdown files * Fortinet Critical SQLi Vulnerability in FortiClientEMS * Format markdown files * Update 20240318003-Fortinet-Critical-SQLi-Vulnerability-in-FortiClientEMS-Software.md Minor grammar fix and observability * Format markdown files * Firefox Patches Critical Zero-Day Vulnerabilities * Format markdown files * Firefox Patches Critical Zero-Day Vulnerabilities - 20240327003 * Format markdown files * Update 20240327003-Firefox-Patches-Critical-Zero-Day-Vulnerabilities.md add cvss column and minor fix to table * Delete docs/advisories/20240326002-Firefox-Patches-Critical-Zero-Day-Vulnerabilities.md no longer needed * Format markdown files * Supply Chain Compromise Affecting XZ Utils Data Compression Library - 20240402002 * Format markdown files * Cisco Vulnerability in Small Business Routers * Format markdown files * Updated overview to include all Router series. * Bitdefender Advisory * Format markdown files * TP-Link Archer Routers Advisory * Format markdown docs * Update 20240418003-Botnets-Swarm-Exploited-in-TP-Link-Archer-Routers.md Fixing table * HashiCorp security advisory * Format markdown docs * Progress Software Telerik Reporting Vulnerability * Format markdown docs * WordPress Automatic plugin critical vulnerability * Format markdown docs * R Programming Language Vulnerability * Format markdown docs * Microsoft SmartScreen updated * Format markdown docs * # WordPress Multiple Plugins Stored Cross-Site Scripting Vulnerability - 20240506001 * Format markdown docs * Update 20240506001-WordPress-Multiple-Plugins-Stored-Cross-Site-Scripting-Vulnerability.md Fix table * Microsoft Releases May 2024 Security Updates - 20240515002 --------- Co-authored-by: GitHub Actions <actions@github.com> Co-authored-by: Joshua Hitchen (DGov) <86041569+DGovEnterprise@users.noreply.github.com> Co-authored-by: CharlesRN <CharlesRN@users.noreply.github.com>
wagov · May 15, 2024 · c675d14 · c675d14
1 parent bf1b4d3
commit c675d14
Showing 1 changed file with 25 additions and 0 deletions.
diff --git a/docs/advisories/20240515002-Microsoft-Security-Updates-May-2024.md b/docs/advisories/20240515002-Microsoft-Security-Updates-May-2024.md
@@ -0,0 +1,25 @@
+# Microsoft Releases May 2024 Security Updates - 20240515002
+
+## Overview
+
+Microsoft has released security updates to address vulnerabilities in multiple products. A Cyber threat actor could leverage some of these vulnerabilities to exploit the affected system.
+
+## What is vulnerable?
+
+This release consists of the following 60 Microsoft CVEs:
+
+- [May 2024 Security Updates](https://msrc.microsoft.com/update-guide/releaseNote/2024-May)
+
+## What has been observed?
+
+There is no evidence of exploitation affecting Western Australian Government networks at the time of publishing.
+
+## Recommendation
+
+The WA SOC recommends administrators apply the solutions as per vendor instructions to all affected devices within expected timeframe of *two weeks* (refer [Patch Management](../guidelines/patch-management.md)).
+
+## Additional References
+
+- [CISA - Microsoft Releases May 2024 Security Updates
+    ](https://www.cisa.gov/news-events/alerts/2024/05/14/microsoft-releases-may-2024-security-updates)
+- [QakBot attacks with Windows zero-day](https://securelist.com/cve-2024-30051/112618/)