Microsoft’s Latest Security Updates for April 2024: What You Need to Know
Microsoft has once again rolled out its monthly security updates, this time for the month of April 2024. This release addresses a staggering 149 flaws, setting a new record for the number of vulnerabilities remediated in a single update. Among these vulnerabilities, two have been identified as actively exploited in the wild, making this update particularly critical for users and organizations alike.
Of the 149 flaws, three are classified as Critical, 142 as Important, three as Moderate, and one as Low in severity. This comprehensive update is in addition to the 21 vulnerabilities addressed in Microsoft’s Chromium-based Edge browser following the March 2024 Patch Tuesday fixes.
The two vulnerabilities currently under active exploitation are CVE-2024-26234, a Proxy Driver Spoofing Vulnerability with a CVSS score of 6.7, and CVE-2024-29988, a SmartScreen Prompt Security Feature Bypass Vulnerability with a CVSS score of 8.8:
CVE-2024-26234 (CVSS score: 6.7) – Proxy Driver Spoofing Vulnerability
CVE-2024-29988 (CVSS score: 8.8) – SmartScreen Prompt Security Feature Bypass Vulnerability
While Microsoft’s advisory provides limited information about CVE-2024-26234, cybersecurity firm Sophos has shed some light on the matter. In December 2023, Sophos discovered a malicious executable signed by a valid Microsoft Windows Hardware Compatibility Publisher certificate. This executable, named “Catalog.exe” or “Catalog Authentication Client Service,” was found to contain a component called 3proxy, which acts as a backdoor, intercepting network traffic on infected systems. While the origins of this malicious file remain unclear, it underscores the importance of remaining vigilant against potential supply chain attacks.
CVE-2024-29988, on the other hand, allows attackers to bypass Microsoft Defender Smartscreen protections, posing a significant risk to users. Exploitation of this vulnerability requires convincing a user to launch malicious files using a launcher application that requests no UI be shown. Evidence of exploitation in the wild has prompted Microsoft to tag this vulnerability with an “Exploitation More Likely” assessment.
“The addition of CWE assessments to Microsoft security advisories helps pinpoint the generic root cause of a vulnerability,” Adam Barnett, lead software engineer at Rapid7, said in a statement shared with The Hacker News.
“The CWE program has recently updated its guidance on mapping CVEs to a CWE Root Cause. Analysis of CWE trends can help developers reduce future occurrences through improved Software Development Life Cycle (SDLC) workflows and testing, as well as helping defenders understand where to direct defense-in-depth and deployment-hardening efforts for best return on investment.”
Another noteworthy vulnerability addressed in this update is CVE-2024-29990, an elevation of privilege flaw impacting Microsoft Azure Kubernetes Service Confidential Container. This flaw could be exploited by unauthenticated attackers to steal credentials and gain unauthorized access to confidential containers, posing a serious risk to organizations leveraging Azure Kubernetes Service.
In total, this release addresses a wide range of vulnerabilities, including 68 remote code execution flaws, 31 privilege escalation flaws, 26 security feature bypass flaws, and six denial-of-service bugs. Of particular concern are the 26 security bypass flaws related to Secure Boot, highlighting the persistent challenges in securing this critical component of the boot process.
The release of these security updates comes at a critical time for Microsoft, as the company faces scrutiny for its security practices. A recent report from the U.S. Cyber Safety Review Board (CSRB) criticized Microsoft for its handling of a cyber espionage campaign orchestrated by a Chinese threat actor in 2023. In response to these concerns, Microsoft has begun publishing root cause data for security flaws using the Common Weakness Enumeration (CWE) industry standard, providing greater transparency and insight into the underlying causes of vulnerabilities.
In addition to Microsoft’s updates, other vendors have also released security patches to address various vulnerabilities. These patches are essential for maintaining the security and integrity of systems and should be applied promptly to mitigate the risk of exploitation by malicious actors.
As organizations navigate the evolving threat landscape, it’s imperative to stay informed about the latest security updates and take proactive measures to safeguard against potential threats. By prioritizing patch management and adopting a comprehensive approach to cybersecurity, organizations can effectively mitigate risk and protect against emerging threats in an increasingly digital world.
“These techniques can bypass the detection and enforcement policies of traditional tools, such as cloud access security brokers, data loss prevention, and SIEMs, by hiding downloads as less suspicious access and sync events,” Eric Saraga said.
Software Patches from Other Vendors#
In addition to Microsoft, security updates have also been released by other vendors over the past few weeks to rectify several vulnerabilities, including —
Adobe
AMD
Android
Apache XML Security for C++
Aruba Networks
Atos
Bosch
Cisco
D-Link
Dell
Drupal
F5
Fortinet
Fortra
GitLab
Google Chrome
Google Cloud
Google Pixel
Hikvision
Hitachi Energy
HP
HP Enterprise
HTTP/2
IBM
Ivanti
Jenkins
Lenovo
LG webOS
Linux distributions Debian, Oracle Linux, Red Hat, SUSE, and Ubuntu
MediaTek
Mozilla Firefox, Firefox ESR, and Thunderbird
NETGEAR
NVIDIA
Qualcomm
Rockwell Automation
Rust
Samsung
SAP
Schneider Electric
Siemens
Splunk
Synology
VMware
WordPress, and
Zoom
Recent Posts
- 8 Million Android Users Hit by SpyLoan Malware in Loan Apps on Google Play, Wanted Russian Hacker Linked to Hive and LockBit Ransomware Arrested & INTERPOL Arrests 5,500 in Global Cybercrime Crackdown, Seizes Over $400 Million
- INTERPOL Busts African Cybercrime: 1,006 Arrests, 134,089 Malicious Networks Dismantled in Operation Serengeti
- Fake Discount Sites Exploit Black Friday to Hijack Shopper Information
- Cyber Threats That Could Impact the Retail Industry This Holiday Season (and What to Do About It)
- REvil Ransomware Members Sentenced
Recent Comments
Categories
One Trackback
[…] Source: Microsoft’s Latest Security Updates for April 2024: What You Need to Know […]