This month’s Patch Tuesday update bundle from Microsoft is a huge one, requiring immediate user attention for device updates. Specifically, with April 2024 Patch Tuesday, Microsoft addressed 150 different security flaws, including over 60 remote code execution vulnerabilities.
Two Zero-Day Vulnerabilities And Three Critical Flaws Addressed
With April 2024 updates, Microsoft patched two zero-day vulnerabilities, both actively exploited for malware attacks. These include,
- CVE-2024-29988 (CVSS 8.8): An important severity vulnerability affecting the Microsoft SmartScreen. Microsoft described it as a security feature bypass in the SmartScreen Prompt that could let an attacker exploit the flaw by tricking the victim into opening maliciously crafted content. According to ZDI researchers, this vulnerability bypasses the Mark-of-the-Web (MotW), allowing malware execution, similar to CVE-2024-21412, which Microsoft patched in February this year.
- CVE-2024-26234 (CVSS 6.7): Another important severity vulnerability affecting the Proxy driver. Researchers from Sophos have provided a detailed description of the vulnerability, as they discovered its exploitation in the wild. Specifically, they found a malicious driver signed with a valid Microsoft Hardware Publisher Certificate, which the attackers used to deploy malware.
Besides, these two vulnerabilities, Microsoft also addressed some critical security issues in the Microsoft Defender for IoT. All of these, CVE-2024-21322, CVE-2024-21323, and CVE-2024-29053, could allow remote code execution attacks.
Other Important April Patch Tuesday Updates From Microsoft
With April Patch Tuesday, Microsoft also addressed over 100 other vulnerabilities, rolling out 152 security fixes this month. These include 68 remote code execution vulnerabilities, 31 privilege escalation flaws, 28 security feature bypass vulnerabilities, 24 of which affected the Secure Boot feature, 14 information disclosure bugs, 6 denial of service vulnerabilities, and 5 spoofing vulnerabilities.
All of these vulnerabilities received important severity rating, except two spoofing vulnerabilities. These include CVE-2024-29049 – a moderate severity issue, and CVE-2024-29981 – a low severity flaw, both affecting Microsoft Edge.
While the updates have been rolled out for all eligible systems, users should still check their systems manually for updates to avoid potential risks.
Let us know your thoughts in the comments.