Record Number of Fixes Tackles Critical Vulnerabilities Across Microsoft Products
Microsoft has launched its April 2024 security updates, tackling a total of 149 vulnerabilities, including two actively exploited zero-day flaws. This extensive patch rollout underscores the critical importance of maintaining robust cybersecurity measures in today’s digital landscape.
Of the 149 vulnerabilities addressed, three have been classified as Critical, with 142 marked as Important, three as Moderate, and one as Low in severity. This update follows the recent patching of 21 vulnerabilities in the Chromium-based Edge browser, underscoring Microsoft’s commitment to ensuring the security of its products.
The two zero-day vulnerabilities under active exploitation are as follows:
- CVE-2024-26234 (CVSS score: 6.7) – Proxy Driver Spoofing Vulnerability
- CVE-2024-29988 (CVSS score: 8.8) – SmartScreen Prompt Security Feature Bypass Vulnerability
While Microsoft has provided limited information about CVE-2024-26234, cybersecurity firm Sophos has shed light on its discovery of a malicious executable signed with a valid Microsoft Windows Hardware Compatibility Publisher certificate. This executable, dubbed “Catalog.exe” or “Catalog Authentication Client Service,” contains a backdoor component called 3proxy, allowing threat actors to intercept network traffic and potentially compromise affected systems.
Regarding CVE-2024-29988, Microsoft has acknowledged the exploitation of this security feature bypass vulnerability, which enables attackers to circumvent Microsoft Defender SmartScreen protections. This flaw underscores the importance of user vigilance in handling suspicious files and avoiding potential email or instant message-based attack vectors.
One notable vulnerability, CVE-2024-29990 (CVSS score: 9.0), affects Microsoft Azure Kubernetes Service Confidential Container, posing an elevation of privilege risk to unauthenticated attackers. This flaw highlights the critical need for securing cloud environments and implementing robust access controls to prevent unauthorized access and data breaches.
The April patch release also addresses a range of remote code execution, privilege escalation, security feature bypass, and denial-of-service vulnerabilities. Notably, the inclusion of 24 security bypass flaws related to Secure Boot serves as a reminder of persistent challenges in securing boot processes.
Despite ongoing efforts to enhance cybersecurity practices, Microsoft has faced scrutiny over its response to cyber threats, with recent criticisms stemming from a cyber espionage campaign attributed to a Chinese threat actor. The company’s decision to adopt the Common Weakness Enumeration standard for root cause analysis aims to improve vulnerability mitigation and strengthen defensive measures.
In light of emerging threats, cybersecurity firm Varonis has identified techniques for evading detection during file exfiltration from SharePoint. While Microsoft is actively addressing these issues, organizations are advised to remain vigilant and monitor audit logs for anomalous access events.
Software Patches from Other Vendors#
In addition to Microsoft, security updates have also been released by other vendors over the past few weeks to rectify several vulnerabilities, including —
- Adobe
- AMD
- Android
- Apache XML Security for C++
- Aruba Networks
- Atos
- Bosch
- Cisco
- D-Link
- Dell
- Drupal
- F5
- Fortinet
- Fortra
- GitLab
- Google Chrome
- Google Cloud
- Google Pixel
- Hikvision
- Hitachi Energy
- HP
- HP Enterprise
- HTTP/2
- IBM
- Jenkins
- Lenovo
- LG webOS
- Linux distributions Debian, Oracle Linux, Red Hat, SUSE, and Ubuntu
- MediaTek
- Mozilla Firefox, Firefox ESR, and Thunderbird
- NETGEAR
- NVIDIA
- Qualcomm
- Rockwell Automation
- Rust
- Samsung
- SAP
- Schneider Electric
- Siemens
- Splunk
- Synology
- Trend Micro
- VMware
- WordPress, and
- Zoom
