Microsoft’s recent Patch Tuesday security update for April 2024 addressed critical vulnerabilities, including zero-day exploits and remote code execution flaws.
Description
Microsoft’s Patch Tuesday security update for April 2024 addressed critical vulnerabilities, including SmartScreen Prompt Security Feature Bypass (CVE-2024-29988) and Remote Procedure Call Runtime Remote Code Execution (CVE-2024-20678) [2]. Two zero-day vulnerabilities actively exploited in attacks [1], CVE-2024-29988 and CVE-2024-26234 [1], were patched [1]. The first vulnerability involves a SmartScreen Prompt security feature bypass [1], while the second is a “proxy driver spoofing” bug reported by Sophos [1]. Additionally, a spoofing bug in Outlook for Windows (CVE-2024-20670) and a Windows DNS Server Remote Code Execution flaw (CVE-2024-26221) were fixed [2]. Three critical-rated vulnerabilities (CVE-2024-29053 [1], CVE-2024-21322 [1] [2], CVE-2024-21323) in Microsoft Defender for IoT were patched [1], all related to remote code execution [1]. Over 60 remote code execution flaws [1], with more than half in SQL drivers [1], were also addressed in this month’s update [1]. These vulnerabilities, stemming from an absolute path traversal flaw (CWE-36) [1], could allow attackers to access and manipulate directories and files beyond the web root folder [1], potentially leading to remote code execution and system compromise [1]. Security teams are advised to monitor for anomalous activity and block outbound connections to mitigate risks [2].
Conclusion
The Patch Tuesday security update for April 2024 by Microsoft has addressed critical vulnerabilities, including zero-day exploits and remote code execution flaws. Security teams are urged to remain vigilant, monitor for unusual activity [2], and take necessary steps to mitigate risks.
References
[1] https://www.infosecurity-magazine.com/news/microsoft-patches-150-flaws-two-1/
[2] https://www.darkreading.com/vulnerabilities-threats/microsoft-patch-tuesday-no-zero-days-but-one-under-active-exploit
