There are known exploits for 2 of the new vulnerabilities released. Neither of these expose remote code execution.

This patch is critical for SharePoint systems. Exploit code is expected for a vulnerability that allows an attacker to execute any desired code on the systems. Any detections of CVE-2024-30044 should be remediated with the patches within 7 days.

Guidance will be adjusted if and when more exploits are released publicly.

Testing and patching should be started for all systems.

All admins are reminded that browser updates, including updates to Edge Chrome and Firefox, should be deployed regularly. There are Outlook client updates included this month as well.

Please obtain patches from your normal sources or Microsoft directly https://msrc.microsoft.com/update-guide/releaseNote/2024-May