In a significant security update during April 2024 Patch Tuesday, Microsoft has addressed two zero-day vulnerabilities that were actively exploited, although initially, these were not identified as such in the company’s advisories. The update includes fixes for a total of 150 vulnerabilities, with 67 categorized as remote code execution bugs, highlighting the critical nature of these patches in maintaining system integrity and user security.
Exploited Vulnerabilities Addressed
The first vulnerability, cataloged as CVE-2024-26234, involves a proxy driver spoofing issue. It was discovered by Sophos X-Ops in December 2023, with the team led by Christopher Budd identifying a malicious driver signed with a valid Microsoft Hardware Publisher Certificate. This driver, masquerading under the guise of “Catalog Authentication Client Service” by “Catalog Thales,” was intended to mimic the Thales Group. Further investigation linked this driver to a marketing software known as LaiXi Android Screen Mirroring, raising suspicions about its legitimacy and leading to its classification as a malicious backdoor. Sophos has previously reported similar incidents involving malicious drivers in July 2023 and December 2022, prompting Microsoft to issue security advisories.
The second vulnerability, identified as CVE-2024-29988, pertains to a SmartScreen prompt security feature bypass, stemming from a failure in a protection mechanism. This flaw acts as a bypass for CVE-2024-21412 and was reported by Peter Girnus of Trend Micro’s Zero Day Initiative alongside Dmitrij Lenz and Vlad Stolyarov from Google’s Threat Analysis Group. The vulnerability has been exploited by the financially motivated Water Hydra hacking group, targeting forex trading forums and stock trading Telegram channels with spearphishing attacks that deploy the DarkMe remote access trojan (RAT). CVE-2024-21412, in turn, was a bypass for another Defender SmartScreen vulnerability, CVE-2023-36025, patched in November 2023.
The update also includes critical fixes for Microsoft Defender for IoT, specifically addressing remote code execution vulnerabilities (CVE-2024-29053, CVE-2024-21323, and CVE-2024-21322). These vulnerabilities could potentially allow attackers to execute malicious code by sending specially crafted files to the Defender for IoT sensor or to sensitive server locations without needing additional privileges.
Secure Boot Vulnerabilities and Future Concerns
A significant portion of the update focuses on vulnerabilities in Windows Secure Boot, with 24 bulletins dedicated to this area. While all are rated “important” and not expected to be actively exploited, the history of Secure Boot vulnerabilities, such as CVE-2023-24932 which was exploited in the wild and linked to the BlackLotus UEFI bootkit, underscores the potential risks. These vulnerabilities highlight ongoing challenges in securing the boot process and the possibility of future malicious activities exploiting Secure Boot weaknesses.
Vendor and Third-Party Updates
In addition to Microsoft’s patches, other vendors have released security updates for April 2024. Cisco, D-Link, Google, Ivanti, and SAP, among others, have addressed vulnerabilities in their products. D-Link has acknowledged vulnerabilities in end-of-life NAS devices currently being exploited, with no plans for patches. Google has fixed two zero-days in Google Pixel and another in Google Chrome. Linux distribution maintainers have reverted to earlier versions of XZ Utils following a supply chain attack, and new LG WebOS flaws potentially affect over 90,000 Smart TVs.
All April 2024 Patch Tuesday Fixes
CVE ID |
Tag |
CVE Title |
Severity |
.NET and Visual Studio |
.NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability |
Important |
|
Azure |
Azure CycleCloud Elevation of Privilege Vulnerability |
Important |
|
Azure AI Search |
Azure AI Search Information Disclosure Vulnerability |
Important |
|
Azure Arc |
Azure Arc-enabled Kubernetes Extension Cluster-Scope Elevation of Privilege Vulnerability |
Important |
|
Azure Compute Gallery |
Azure Compute Gallery Elevation of Privilege Vulnerability |
Important |
|
Azure Migrate |
Azure Migrate Remote Code Execution Vulnerability |
Important |
|
Azure Monitor |
Azure Monitor Agent Elevation of Privilege Vulnerability |
Important |
|
Azure Private 5G Core |
Azure Private 5G Core Denial of Service Vulnerability |
Moderate |
|
Azure SDK |
Azure Identity Library for .NET Information Disclosure Vulnerability |
Moderate |
|
Intel |
Intel: CVE-2024-2201 Branch History Injection |
Important |
|
Internet Shortcut Files |
SmartScreen Prompt Security Feature Bypass Vulnerability |
Important |
|
Mariner |
Unknown |
Unknown |
|
Mariner |
Unknown |
Unknown |
|
Microsoft Azure Kubernetes Service |
Microsoft Azure Kubernetes Service Confidential Container Elevation of Privilege Vulnerability |
Important |
|
Microsoft Brokering File System |
Microsoft Brokering File System Elevation of Privilege Vulnerability |
Important |
|
Microsoft Brokering File System |
Microsoft Brokering File System Elevation of Privilege Vulnerability |
Important |
|
Microsoft Brokering File System |
Microsoft Brokering File System Elevation of Privilege Vulnerability |
Important |
|
Microsoft Brokering File System |
Microsoft Brokering File System Elevation of Privilege Vulnerability |
Important |
|
Microsoft Defender for IoT |
Microsoft Defender for IoT Elevation of Privilege Vulnerability |
Important |
|
Microsoft Defender for IoT |
Microsoft Defender for IoT Remote Code Execution Vulnerability |
Critical |
|
Microsoft Defender for IoT |
Microsoft Defender for IoT Elevation of Privilege Vulnerability |
Important |
|
Microsoft Defender for IoT |
Microsoft Defender for IoT Elevation of Privilege Vulnerability |
Important |
|
Microsoft Defender for IoT |
Microsoft Defender for IoT Remote Code Execution Vulnerability |
Critical |
|
Microsoft Defender for IoT |
Microsoft Defender for IoT Remote Code Execution Vulnerability |
Critical |
|
Microsoft Edge (Chromium-based) |
Chromium: CVE-2024-3156 Inappropriate implementation in V8 |
Unknown |
|
Microsoft Edge (Chromium-based) |
Microsoft Edge (Chromium-based) Webview2 Spoofing Vulnerability |
Moderate |
|
Microsoft Edge (Chromium-based) |
Microsoft Edge (Chromium-based) Spoofing Vulnerability |
Low |
|
Microsoft Edge (Chromium-based) |
Chromium: CVE-2024-3159 Out of bounds memory access in V8 |
Unknown |
|
Microsoft Edge (Chromium-based) |
Chromium: CVE-2024-3158 Use after free in Bookmarks |
Unknown |
|
Microsoft Install Service |
Microsoft Install Service Elevation of Privilege Vulnerability |
Important |
|
Microsoft Office Excel |
Microsoft Excel Remote Code Execution Vulnerability |
Important |
|
Microsoft Office Outlook |
Outlook for Windows Spoofing Vulnerability |
Important |
|
Microsoft Office SharePoint |
Microsoft SharePoint Server Spoofing Vulnerability |
Important |
|
Microsoft WDAC ODBC Driver |
Microsoft WDAC SQL Server ODBC Driver Remote Code Execution Vulnerability |
Important |
|
Microsoft WDAC OLE DB provider for SQL |
Microsoft WDAC OLE DB Provider for SQL Server Remote Code Execution Vulnerability |
Important |
|
Microsoft WDAC OLE DB provider for SQL |
Microsoft WDAC OLE DB Provider for SQL Server Remote Code Execution Vulnerability |
Important |
|
Role: DNS Server |
Windows DNS Server Remote Code Execution Vulnerability |
Important |
|
Role: DNS Server |
Windows DNS Server Remote Code Execution Vulnerability |
Important |
|
Role: DNS Server |
Windows DNS Server Remote Code Execution Vulnerability |
Important |
|
Role: DNS Server |
Windows DNS Server Remote Code Execution Vulnerability |
Important |
|
Role: DNS Server |
Windows DNS Server Remote Code Execution Vulnerability |
Important |
|
Role: DNS Server |
Windows DNS Server Remote Code Execution Vulnerability |
Important |
|
Role: DNS Server |
Windows DNS Server Remote Code Execution Vulnerability |
Important |
|
Role: Windows Hyper-V |
Windows Hyper-V Denial of Service Vulnerability |
Important |
|
SQL Server |
Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability |
Important |
|
SQL Server |
Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability |
Important |
|
SQL Server |
Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability |
Important |
|
SQL Server |
Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability |
Important |
|
SQL Server |
Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability |
Important |
|
SQL Server |
Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability |
Important |
|
SQL Server |
Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability |
Important |
|
SQL Server |
Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability |
Important |
|
SQL Server |
Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability |
Important |
|
SQL Server |
Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability |
Important |
|
SQL Server |
Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability |
Important |
|
SQL Server |
Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability |
Important |
|
SQL Server |
Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability |
Important |
|
SQL Server |
Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability |
Important |
|
SQL Server |
Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability |
Important |
|
SQL Server |
Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability |
Important |
|
SQL Server |
Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability |
Important |
|
SQL Server |
Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability |
Important |
|
SQL Server |
Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability |
Important |
|
SQL Server |
Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability |
Important |
|
SQL Server |
Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability |
Important |
|
SQL Server |
Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability |
Important |
|
SQL Server |
Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability |
Important |
|
SQL Server |
Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability |
Important |
|
SQL Server |
Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability |
Important |
|
SQL Server |
Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability |
Important |
|
SQL Server |
Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability |
Important |
|
SQL Server |
Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability |
Important |
|
SQL Server |
Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability |
Important |
|
SQL Server |
Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability |
Important |
|
SQL Server |
Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability |
Important |
|
SQL Server |
Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability |
Important |
|
SQL Server |
Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability |
Important |
|
SQL Server |
Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability |
Important |
|
SQL Server |
Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability |
Important |
|
SQL Server |
Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability |
Important |
|
SQL Server |
Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability |
Important |
|
SQL Server |
Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability |
Important |
|
Windows Authentication Methods |
Windows Authentication Elevation of Privilege Vulnerability |
Important |
|
Windows Authentication Methods |
Windows Authentication Elevation of Privilege Vulnerability |
Important |
|
Windows BitLocker |
BitLocker Security Feature Bypass Vulnerability |
Important |
|
Windows Compressed Folder |
libarchive Remote Code Execution Vulnerability |
Important |
|
Windows Cryptographic Services |
Windows Cryptographic Services Security Feature Bypass Vulnerability |
Important |
|
Windows Cryptographic Services |
Windows Cryptographic Services Remote Code Execution Vulnerability |
Important |
|
Windows Defender Credential Guard |
Windows Defender Credential Guard Elevation of Privilege Vulnerability |
Important |
|
Windows DHCP Server |
DHCP Server Service Denial of Service Vulnerability |
Important |
|
Windows DHCP Server |
DHCP Server Service Denial of Service Vulnerability |
Important |
|
Windows DHCP Server |
DHCP Server Service Remote Code Execution Vulnerability |
Important |
|
Windows DHCP Server |
DHCP Server Service Remote Code Execution Vulnerability |
Important |
|
Windows Distributed File System (DFS) |
Windows Distributed File System (DFS) Remote Code Execution Vulnerability |
Important |
|
Windows Distributed File System (DFS) |
Windows Distributed File System (DFS) Information Disclosure Vulnerability |
Important |
|
Windows DWM Core Library |
Windows DWM Core Library Information Disclosure Vulnerability |
Important |
|
Windows File Server Resource Management Service |
Windows File Server Resource Management Service Elevation of Privilege Vulnerability |
Important |
|
Windows HTTP.sys |
HTTP.sys Denial of Service Vulnerability |
Important |
|
Windows Internet Connection Sharing (ICS) |
Windows rndismp6.sys Remote Code Execution Vulnerability |
Important |
|
Windows Internet Connection Sharing (ICS) |
Windows rndismp6.sys Remote Code Execution Vulnerability |
Important |
|
Windows Kerberos |
Windows Kerberos Denial of Service Vulnerability |
Important |
|
Windows Kerberos |
Windows Kerberos Elevation of Privilege Vulnerability |
Important |
|
Windows Kernel |
Windows Kernel Elevation of Privilege Vulnerability |
Important |
|
Windows Kernel |
Windows SMB Elevation of Privilege Vulnerability |
Important |
|
Windows Kernel |
Windows CSC Service Elevation of Privilege Vulnerability |
Important |
|
Windows Kernel |
Windows Kernel Elevation of Privilege Vulnerability |
Important |
|
Windows Local Security Authority Subsystem Service (LSASS) |
Microsoft Local Security Authority Subsystem Service Information Disclosure Vulnerability |
Important |
|
Windows Message Queuing |
Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability |
Important |
|
Windows Message Queuing |
Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability |
Important |
|
Windows Mobile Hotspot |
Windows Mobile Hotspot Information Disclosure Vulnerability |
Important |
|
Windows Proxy Driver |
Proxy Driver Spoofing Vulnerability |
Important |
|
Windows Remote Access Connection Manager |
Windows Remote Access Connection Manager Information Disclosure Vulnerability |
Important |
|
Windows Remote Access Connection Manager |
Windows Remote Access Connection Manager Information Disclosure Vulnerability |
Important |
|
Windows Remote Access Connection Manager |
Windows Remote Access Connection Manager Information Disclosure Vulnerability |
Important |
|
Windows Remote Access Connection Manager |
Windows Remote Access Connection Manager Information Disclosure Vulnerability |
Important |
|
Windows Remote Access Connection Manager |
Windows Telephony Server Elevation of Privilege Vulnerability |
Important |
|
Windows Remote Access Connection Manager |
Windows Telephony Server Elevation of Privilege Vulnerability |
Important |
|
Windows Remote Access Connection Manager |
Windows Remote Access Connection Manager Information Disclosure Vulnerability |
Important |
|
Windows Remote Access Connection Manager |
Windows Remote Access Connection Manager Information Disclosure Vulnerability |
Important |
|
Windows Remote Access Connection Manager |
Windows Remote Access Connection Manager Elevation of Privilege Vulnerability |
Important |
|
Windows Remote Procedure Call |
Remote Procedure Call Runtime Remote Code Execution Vulnerability |
Important |
|
Windows Routing and Remote Access Service (RRAS) |
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability |
Important |
|
Windows Routing and Remote Access Service (RRAS) |
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability |
Important |
|
Windows Routing and Remote Access Service (RRAS) |
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability |
Important |
|
Windows Secure Boot |
Secure Boot Security Feature Bypass Vulnerability |
Important |
|
Windows Secure Boot |
Secure Boot Security Feature Bypass Vulnerability |
Important |
|
Windows Secure Boot |
Secure Boot Security Feature Bypass Vulnerability |
Important |
|
Windows Secure Boot |
Secure Boot Security Feature Bypass Vulnerability |
Important |
|
Windows Secure Boot |
Secure Boot Security Feature Bypass Vulnerability |
Important |
|
Windows Secure Boot |
Secure Boot Security Feature Bypass Vulnerability |
Important |
|
Windows Secure Boot |
Secure Boot Security Feature Bypass Vulnerability |
Important |
|
Windows Secure Boot |
Secure Boot Security Feature Bypass Vulnerability |
Important |
|
Windows Secure Boot |
Secure Boot Security Feature Bypass Vulnerability |
Important |
|
Windows Secure Boot |
Lenovo: CVE-2024-23593 Zero Out Boot Manager and drop to UEFI Shell |
Important |
|
Windows Secure Boot |
Secure Boot Security Feature Bypass Vulnerability |
Important |
|
Windows Secure Boot |
Secure Boot Security Feature Bypass Vulnerability |
Important |
|
Windows Secure Boot |
Lenovo: CVE-2024-23594 Stack Buffer Overflow in LenovoBT.efi |
Important |
|
Windows Secure Boot |
Secure Boot Security Feature Bypass Vulnerability |
Important |
|
Windows Secure Boot |
Secure Boot Security Feature Bypass Vulnerability |
Important |
|
Windows Secure Boot |
Secure Boot Security Feature Bypass Vulnerability |
Important |
|
Windows Secure Boot |
Secure Boot Security Feature Bypass Vulnerability |
Important |
|
Windows Secure Boot |
Secure Boot Security Feature Bypass Vulnerability |
Important |
|
Windows Secure Boot |
Secure Boot Security Feature Bypass Vulnerability |
Important |
|
Windows Secure Boot |
Secure Boot Security Feature Bypass Vulnerability |
Important |
|
Windows Secure Boot |
Secure Boot Security Feature Bypass Vulnerability |
Important |
|
Windows Secure Boot |
Secure Boot Security Feature Bypass Vulnerability |
Important |
|
Windows Secure Boot |
Secure Boot Security Feature Bypass Vulnerability |
Important |
|
Windows Secure Boot |
Secure Boot Security Feature Bypass Vulnerability |
Important |
|
Windows Secure Boot |
Secure Boot Security Feature Bypass Vulnerability |
Important |
|
Windows Secure Boot |
Secure Boot Security Feature Bypass Vulnerability |
Important |
|
Windows Storage |
Windows Storage Elevation of Privilege Vulnerability |
Important |
|
Windows Telephony Server |
Windows Telephony Server Elevation of Privilege Vulnerability |
Important |
|
Windows Update Stack |
Windows Update Stack Elevation of Privilege Vulnerability |
Important |
|
Windows Update Stack |
Windows Update Stack Elevation of Privilege Vulnerability |
Important |
|
Windows USB Print Driver |
Windows USB Print Driver Elevation of Privilege Vulnerability |
Important |
|
Windows Virtual Machine Bus |
Microsoft Virtual Machine Bus (VMBus) Denial of Service Vulnerability |
Important |
|
Windows Win32K – ICOMP |
Win32k Elevation of Privilege Vulnerability |
Importan |
Last Updated on November 7, 2024 9:06 pm CET