The Cybersecurity & Infrastructure Security Agency (CISA) released a flurry of security updates and vulnerability announcements between May 14-15.
CISA urges users and administrators to review the advisories and apply the necessary updates, as a cyber threat actor could exploit some of these vulnerabilities to take control of an affected system.
CISA has added two new Microsoft vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation, for:
- CVE-2024-30051 Microsoft DWM Core Library Privilege Escalation Vulnerability
- CVE-2024-30040 Microsoft Windows MSHTML Platform Security Feature Bypass Vulnerability
Microsoft has released security updates to address vulnerabilities in multiple products to the Microsoft Security Update Guide for May.
Apple Identifies Vulnerabilities
Apple has released security updates to address vulnerabilities in Safari, iOS, iPadOS, macOS, watchOS and tvOS for:
Adobe Releases Multiple Security Updates
Adobe has released security updates to address vulnerabilities in Adobe software for:
Industrial Control Advisories
CISA has released four Industrial Control Systems (ICS) advisories. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS for:
- ICSA-24-135-01 Rockwell Automation FactoryTalk Remote Access
- ICSA-24-135-02 SUBNET PowerSYSTEM Center
- ICSA-24-135-03 Johnson Controls Software House C-CURE 9000
- ICSA-24-135-04 Mitsubishi Electric Multiple FA Engineering Software Products
