Pierluigi Paganini April 10, 2024

Microsoft Patches Tuesday security updates for April 2024 addressed three Critical vulnerabilities, none actively exploited in the wild.

Microsoft Patches Tuesday security updates for April 2024 addressed 147 vulnerabilities in multiple products. This is the highest number of fixed issues from Microsoft this year and the largest since at least 2017. The issues impact Microsoft Windows and Windows Components; Office and Office Components; Azure; .NET Framework and Visual Studio; SQL Server; DNS Server; Windows Defender; Bitlocker; and Windows Secure Boot. According to ZDI, three of these vulnerabilities were reported through their ZDI program.

Only three vulnerabilities, tracked as CVE-2024-21322, CVE-2024-21323, and CVE-2024-29053, are rated Critical, the good news is that they are not actively exploited in the wild.

Below are some of the most interesting issues addressed by the IT giant:

CVE-2024-29988 – SmartScreen Prompt Security Feature Bypass Vulnerability. An attacker can exploit this security feature bypass vulnerability by tricking a user into launching malicious files using a launcher application that requests that no UI be shown. An attacker could send the targeted user a specially crafted file that is designed to trigger the remote code execution issue. The flaw is actively exploited in the wild.

CVE-2024-20678 – Remote Procedure Call Runtime Remote Code Execution Vulnerability. Any authenticated user can exploit this vulnerability, according to Microsoft it does not require admin or other elevated privileges.

CVE-2024-26234 – Proxy Driver Spoofing Vulnerability – The flaw reported by Sophos ties a malicious driver signed with a valid Microsoft Hardware Publisher Certificate. The driver was used in attacks in the wild to deploy a backdoor.

CVE-2024-26221 – Windows DNS Server Remote Code Execution Vulnerability. In a network-based attack an attacker would need to have the privileges to query the Domain Name Service (DNS). If the timing of DNS queries is perfect, the attacker could execute code remotely on the target server.

The full list of flaw fixed by Microsoft in April 2024 is available here.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, Patches Tuesday)