HomeWinBuzzer NewsApril 2024 Patch Tuesday: Microsoft Fixes Zero-Day Vulnerabilities Exploited in the Wild

April 2024 Patch Tuesday: Microsoft Fixes Zero-Day Vulnerabilities Exploited in the Wild

Microsoft fixed 150 vulnerabilities in April Patch Tuesday, including 2 actively exploited zero-days.

-

In a significant security update during April 2024 Patch Tuesday, Microsoft has addressed two zero-day vulnerabilities that were actively exploited, although initially, these were not identified as such in the company’s advisories. The update includes fixes for a total of 150 vulnerabilities, with 67 categorized as remote code execution bugs, highlighting the critical nature of these patches in maintaining system integrity and user security.

Exploited Vulnerabilities Addressed

The first vulnerability, cataloged as CVE-2024-26234, involves a proxy driver spoofing issue. It was discovered by Sophos X-Ops in December 2023, with the team led by Christopher Budd identifying a malicious driver signed with a valid Microsoft Hardware Publisher Certificate. This driver, masquerading under the guise of “Catalog Authentication Client Service” by “Catalog Thales,” was intended to mimic the Thales Group. Further investigation linked this driver to a marketing software known as LaiXi Android Screen Mirroring, raising suspicions about its legitimacy and leading to its classification as a malicious backdoor. Sophos has previously reported similar incidents involving malicious drivers in July 2023 and December 2022, prompting Microsoft to issue security advisories.

The second vulnerability, identified as CVE-2024-29988, pertains to a SmartScreen prompt security feature bypass, stemming from a failure in a protection mechanism. This flaw acts as a bypass for CVE-2024-21412 and was reported by Peter Girnus of Trend Micro’s Zero Day Initiative alongside Dmitrij Lenz and Vlad Stolyarov from Google’s Threat Analysis Group. The vulnerability has been exploited by the financially motivated Water Hydra hacking group, targeting forex trading forums and stock trading Telegram channels with spearphishing attacks that deploy the DarkMe remote access trojan (RAT). CVE-2024-21412, in turn, was a bypass for another Defender SmartScreen vulnerability, CVE-2023-36025, patched in November 2023.

The update also includes critical fixes for Microsoft Defender for IoT, specifically addressing remote code execution vulnerabilities (CVE-2024-29053, CVE-2024-21323, and CVE-2024-21322). These vulnerabilities could potentially allow attackers to execute malicious code by sending specially crafted files to the Defender for IoT sensor or to sensitive server locations without needing additional privileges.

Secure Boot Vulnerabilities and Future Concerns

A significant portion of the update focuses on vulnerabilities in Windows Secure Boot, with 24 bulletins dedicated to this area. While all are rated “important” and not expected to be actively exploited, the history of Secure Boot vulnerabilities, such as CVE-2023-24932 which was exploited in the wild and linked to the BlackLotus UEFI bootkit, underscores the potential risks. These vulnerabilities highlight ongoing challenges in securing the boot process and the possibility of future malicious activities exploiting Secure Boot weaknesses.

Vendor and Third-Party Updates

In addition to Microsoft’s patches, other vendors have released security updates for April 2024. Cisco, D-Link, Google, Ivanti, and SAP, among others, have addressed vulnerabilities in their products. D-Link has acknowledged vulnerabilities in end-of-life NAS devices currently being exploited, with no plans for patches. Google has fixed two zero-days in Google Pixel and another in Google Chrome. Linux distribution maintainers have reverted to earlier versions of XZ Utils following a supply chain attack, and new LG WebOS flaws potentially affect over 90,000 Smart TVs.

All April 2024 Patch Tuesday Fixes

CVE ID

Tag

CVE Title

Severity

CVE-2024-21409

.NET and Visual Studio

.NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability

Important

CVE-2024-29993

Azure

Azure CycleCloud Elevation of Privilege Vulnerability

Important

CVE-2024-29063

Azure AI Search

Azure AI Search Information Disclosure Vulnerability

Important

CVE-2024-28917

Azure Arc

Azure Arc-enabled Kubernetes Extension Cluster-Scope Elevation of Privilege Vulnerability

Important

CVE-2024-21424

Azure Compute Gallery

Azure Compute Gallery Elevation of Privilege Vulnerability

Important

CVE-2024-26193

Azure Migrate

Azure Migrate Remote Code Execution Vulnerability

Important

CVE-2024-29989

Azure Monitor

Azure Monitor Agent Elevation of Privilege Vulnerability

Important

CVE-2024-20685

Azure Private 5G Core

Azure Private 5G Core Denial of Service Vulnerability

Moderate

CVE-2024-29992

Azure SDK

Azure Identity Library for .NET Information Disclosure Vulnerability

Moderate

CVE-2024-2201

Intel

Intel: CVE-2024-2201 Branch History Injection

Important

CVE-2024-29988

Internet Shortcut Files

SmartScreen Prompt Security Feature Bypass Vulnerability

Important

CVE-2019-3816

Mariner

Unknown

Unknown

CVE-2019-3833

Mariner

Unknown

Unknown

CVE-2024-29990

Microsoft Azure Kubernetes Service

Microsoft Azure Kubernetes Service Confidential Container Elevation of Privilege Vulnerability

Important

CVE-2024-28905

Microsoft Brokering File System

Microsoft Brokering File System Elevation of Privilege Vulnerability

Important

CVE-2024-28907

Microsoft Brokering File System

Microsoft Brokering File System Elevation of Privilege Vulnerability

Important

CVE-2024-26213

Microsoft Brokering File System

Microsoft Brokering File System Elevation of Privilege Vulnerability

Important

CVE-2024-28904

Microsoft Brokering File System

Microsoft Brokering File System Elevation of Privilege Vulnerability

Important

CVE-2024-29055

Microsoft Defender for IoT

Microsoft Defender for IoT Elevation of Privilege Vulnerability

Important

CVE-2024-29053

Microsoft Defender for IoT

Microsoft Defender for IoT Remote Code Execution Vulnerability

Critical

CVE-2024-29054

Microsoft Defender for IoT

Microsoft Defender for IoT Elevation of Privilege Vulnerability

Important

CVE-2024-21324

Microsoft Defender for IoT

Microsoft Defender for IoT Elevation of Privilege Vulnerability

Important

CVE-2024-21323

Microsoft Defender for IoT

Microsoft Defender for IoT Remote Code Execution Vulnerability

Critical

CVE-2024-21322

Microsoft Defender for IoT

Microsoft Defender for IoT Remote Code Execution Vulnerability

Critical

CVE-2024-3156

Microsoft Edge (Chromium-based)

Chromium: CVE-2024-3156 Inappropriate implementation in V8

Unknown

CVE-2024-29049

Microsoft Edge (Chromium-based)

Microsoft Edge (Chromium-based) Webview2 Spoofing Vulnerability

Moderate

CVE-2024-29981

Microsoft Edge (Chromium-based)

Microsoft Edge (Chromium-based) Spoofing Vulnerability

Low

CVE-2024-3159

Microsoft Edge (Chromium-based)

Chromium: CVE-2024-3159 Out of bounds memory access in V8

Unknown

CVE-2024-3158

Microsoft Edge (Chromium-based)

Chromium: CVE-2024-3158 Use after free in Bookmarks

Unknown

CVE-2024-26158

Microsoft Install Service

Microsoft Install Service Elevation of Privilege Vulnerability

Important

CVE-2024-26257

Microsoft Office Excel

Microsoft Excel Remote Code Execution Vulnerability

Important

CVE-2024-20670

Microsoft Office Outlook

Outlook for Windows Spoofing Vulnerability

Important

CVE-2024-26251

Microsoft Office SharePoint

Microsoft SharePoint Server Spoofing Vulnerability

Important

CVE-2024-26214

Microsoft WDAC ODBC Driver

Microsoft WDAC SQL Server ODBC Driver Remote Code Execution Vulnerability

Important

CVE-2024-26244

Microsoft WDAC OLE DB provider for SQL

Microsoft WDAC OLE DB Provider for SQL Server Remote Code Execution Vulnerability

Important

CVE-2024-26210

Microsoft WDAC OLE DB provider for SQL

Microsoft WDAC OLE DB Provider for SQL Server Remote Code Execution Vulnerability

Important

CVE-2024-26233

Role: DNS Server

Windows DNS Server Remote Code Execution Vulnerability

Important

CVE-2024-26231

Role: DNS Server

Windows DNS Server Remote Code Execution Vulnerability

Important

CVE-2024-26227

Role: DNS Server

Windows DNS Server Remote Code Execution Vulnerability

Important

CVE-2024-26223

Role: DNS Server

Windows DNS Server Remote Code Execution Vulnerability

Important

CVE-2024-26221

Role: DNS Server

Windows DNS Server Remote Code Execution Vulnerability

Important

CVE-2024-26224

Role: DNS Server

Windows DNS Server Remote Code Execution Vulnerability

Important

CVE-2024-26222

Role: DNS Server

Windows DNS Server Remote Code Execution Vulnerability

Important

CVE-2024-29064

Role: Windows Hyper-V

Windows Hyper-V Denial of Service Vulnerability

Important

CVE-2024-28937

SQL Server

Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability

Important

CVE-2024-28938

SQL Server

Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability

Important

CVE-2024-29044

SQL Server

Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability

Important

CVE-2024-28935

SQL Server

Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability

Important

CVE-2024-28940

SQL Server

Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability

Important

CVE-2024-28943

SQL Server

Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability

Important

CVE-2024-28941

SQL Server

Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability

Important

CVE-2024-28910

SQL Server

Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability

Important

CVE-2024-28944

SQL Server

Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability

Important

CVE-2024-28908

SQL Server

Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability

Important

CVE-2024-28909

SQL Server

Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability

Important

CVE-2024-29985

SQL Server

Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability

Important

CVE-2024-28906

SQL Server

Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability

Important

CVE-2024-28926

SQL Server

Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability

Important

CVE-2024-28933

SQL Server

Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability

Important

CVE-2024-28934

SQL Server

Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability

Important

CVE-2024-28927

SQL Server

Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability

Important

CVE-2024-28930

SQL Server

Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability

Important

CVE-2024-29046

SQL Server

Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability

Important

CVE-2024-28932

SQL Server

Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability

Important

CVE-2024-29047

SQL Server

Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability

Important

CVE-2024-28931

SQL Server

Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability

Important

CVE-2024-29984

SQL Server

Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability

Important

CVE-2024-28929

SQL Server

Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability

Important

CVE-2024-28939

SQL Server

Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability

Important

CVE-2024-28942

SQL Server

Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability

Important

CVE-2024-29043

SQL Server

Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability

Important

CVE-2024-28936

SQL Server

Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability

Important

CVE-2024-29045

SQL Server

Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability

Important

CVE-2024-28915

SQL Server

Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability

Important

CVE-2024-28913

SQL Server

Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability

Important

CVE-2024-28945

SQL Server

Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability

Important

CVE-2024-29048

SQL Server

Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability

Important

CVE-2024-28912

SQL Server

Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability

Important

CVE-2024-28914

SQL Server

Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability

Important

CVE-2024-29983

SQL Server

Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability

Important

CVE-2024-28911

SQL Server

Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability

Important

CVE-2024-29982

SQL Server

Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability

Important

CVE-2024-29056

Windows Authentication Methods

Windows Authentication Elevation of Privilege Vulnerability

Important

CVE-2024-21447

Windows Authentication Methods

Windows Authentication Elevation of Privilege Vulnerability

Important

CVE-2024-20665

Windows BitLocker

BitLocker Security Feature Bypass Vulnerability

Important

CVE-2024-26256

Windows Compressed Folder

libarchive Remote Code Execution Vulnerability

Important

CVE-2024-26228

Windows Cryptographic Services

Windows Cryptographic Services Security Feature Bypass Vulnerability

Important

CVE-2024-29050

Windows Cryptographic Services

Windows Cryptographic Services Remote Code Execution Vulnerability

Important

CVE-2024-26237

Windows Defender Credential Guard

Windows Defender Credential Guard Elevation of Privilege Vulnerability

Important

CVE-2024-26212

Windows DHCP Server

DHCP Server Service Denial of Service Vulnerability

Important

CVE-2024-26215

Windows DHCP Server

DHCP Server Service Denial of Service Vulnerability

Important

CVE-2024-26195

Windows DHCP Server

DHCP Server Service Remote Code Execution Vulnerability

Important

CVE-2024-26202

Windows DHCP Server

DHCP Server Service Remote Code Execution Vulnerability

Important

CVE-2024-29066

Windows Distributed File System (DFS)

Windows Distributed File System (DFS) Remote Code Execution Vulnerability

Important

CVE-2024-26226

Windows Distributed File System (DFS)

Windows Distributed File System (DFS) Information Disclosure Vulnerability

Important

CVE-2024-26172

Windows DWM Core Library

Windows DWM Core Library Information Disclosure Vulnerability

Important

CVE-2024-26216

Windows File Server Resource Management Service

Windows File Server Resource Management Service Elevation of Privilege Vulnerability

Important

CVE-2024-26219

Windows HTTP.sys

HTTP.sys Denial of Service Vulnerability

Important

CVE-2024-26253

Windows Internet Connection Sharing (ICS)

Windows rndismp6.sys Remote Code Execution Vulnerability

Important

CVE-2024-26252

Windows Internet Connection Sharing (ICS)

Windows rndismp6.sys Remote Code Execution Vulnerability

Important

CVE-2024-26183

Windows Kerberos

Windows Kerberos Denial of Service Vulnerability

Important

CVE-2024-26248

Windows Kerberos

Windows Kerberos Elevation of Privilege Vulnerability

Important

CVE-2024-20693

Windows Kernel

Windows Kernel Elevation of Privilege Vulnerability

Important

CVE-2024-26245

Windows Kernel

Windows SMB Elevation of Privilege Vulnerability

Important

CVE-2024-26229

Windows Kernel

Windows CSC Service Elevation of Privilege Vulnerability

Important

CVE-2024-26218

Windows Kernel

Windows Kernel Elevation of Privilege Vulnerability

Important

CVE-2024-26209

Windows Local Security Authority Subsystem Service (LSASS)

Microsoft Local Security Authority Subsystem Service Information Disclosure Vulnerability

Important

CVE-2024-26232

Windows Message Queuing

Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability

Important

CVE-2024-26208

Windows Message Queuing

Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability

Important

CVE-2024-26220

Windows Mobile Hotspot

Windows Mobile Hotspot Information Disclosure Vulnerability

Important

CVE-2024-26234

Windows Proxy Driver

Proxy Driver Spoofing Vulnerability

Important

CVE-2024-28902

Windows Remote Access Connection Manager

Windows Remote Access Connection Manager Information Disclosure Vulnerability

Important

CVE-2024-28900

Windows Remote Access Connection Manager

Windows Remote Access Connection Manager Information Disclosure Vulnerability

Important

CVE-2024-28901

Windows Remote Access Connection Manager

Windows Remote Access Connection Manager Information Disclosure Vulnerability

Important

CVE-2024-26255

Windows Remote Access Connection Manager

Windows Remote Access Connection Manager Information Disclosure Vulnerability

Important

CVE-2024-26230

Windows Remote Access Connection Manager

Windows Telephony Server Elevation of Privilege Vulnerability

Important

CVE-2024-26239

Windows Remote Access Connection Manager

Windows Telephony Server Elevation of Privilege Vulnerability

Important

CVE-2024-26207

Windows Remote Access Connection Manager

Windows Remote Access Connection Manager Information Disclosure Vulnerability

Important

CVE-2024-26217

Windows Remote Access Connection Manager

Windows Remote Access Connection Manager Information Disclosure Vulnerability

Important

CVE-2024-26211

Windows Remote Access Connection Manager

Windows Remote Access Connection Manager Elevation of Privilege Vulnerability

Important

CVE-2024-20678

Windows Remote Procedure Call

Remote Procedure Call Runtime Remote Code Execution Vulnerability

Important

CVE-2024-26200

Windows Routing and Remote Access Service (RRAS)

Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability

Important

CVE-2024-26179

Windows Routing and Remote Access Service (RRAS)

Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability

Important

CVE-2024-26205

Windows Routing and Remote Access Service (RRAS)

Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability

Important

CVE-2024-29061

Windows Secure Boot

Secure Boot Security Feature Bypass Vulnerability

Important

CVE-2024-28921

Windows Secure Boot

Secure Boot Security Feature Bypass Vulnerability

Important

CVE-2024-20689

Windows Secure Boot

Secure Boot Security Feature Bypass Vulnerability

Important

CVE-2024-26250

Windows Secure Boot

Secure Boot Security Feature Bypass Vulnerability

Important

CVE-2024-28922

Windows Secure Boot

Secure Boot Security Feature Bypass Vulnerability

Important

CVE-2024-29062

Windows Secure Boot

Secure Boot Security Feature Bypass Vulnerability

Important

CVE-2024-20669

Windows Secure Boot

Secure Boot Security Feature Bypass Vulnerability

Important

CVE-2024-28898

Windows Secure Boot

Secure Boot Security Feature Bypass Vulnerability

Important

CVE-2024-20688

Windows Secure Boot

Secure Boot Security Feature Bypass Vulnerability

Important

CVE-2024-23593

Windows Secure Boot

Lenovo: CVE-2024-23593 Zero Out Boot Manager and drop to UEFI Shell

Important

CVE-2024-28896

Windows Secure Boot

Secure Boot Security Feature Bypass Vulnerability

Important

CVE-2024-28919

Windows Secure Boot

Secure Boot Security Feature Bypass Vulnerability

Important

CVE-2024-23594

Windows Secure Boot

Lenovo: CVE-2024-23594 Stack Buffer Overflow in LenovoBT.efi

Important

CVE-2024-28923

Windows Secure Boot

Secure Boot Security Feature Bypass Vulnerability

Important

CVE-2024-28903

Windows Secure Boot

Secure Boot Security Feature Bypass Vulnerability

Important

CVE-2024-26189

Windows Secure Boot

Secure Boot Security Feature Bypass Vulnerability

Important

CVE-2024-26240

Windows Secure Boot

Secure Boot Security Feature Bypass Vulnerability

Important

CVE-2024-28924

Windows Secure Boot

Secure Boot Security Feature Bypass Vulnerability

Important

CVE-2024-28897

Windows Secure Boot

Secure Boot Security Feature Bypass Vulnerability

Important

CVE-2024-28925

Windows Secure Boot

Secure Boot Security Feature Bypass Vulnerability

Important

CVE-2024-26175

Windows Secure Boot

Secure Boot Security Feature Bypass Vulnerability

Important

CVE-2024-28920

Windows Secure Boot

Secure Boot Security Feature Bypass Vulnerability

Important

CVE-2024-26194

Windows Secure Boot

Secure Boot Security Feature Bypass Vulnerability

Important

CVE-2024-26180

Windows Secure Boot

Secure Boot Security Feature Bypass Vulnerability

Important

CVE-2024-26171

Windows Secure Boot

Secure Boot Security Feature Bypass Vulnerability

Important

CVE-2024-26168

Windows Secure Boot

Secure Boot Security Feature Bypass Vulnerability

Important

CVE-2024-29052

Windows Storage

Windows Storage Elevation of Privilege Vulnerability

Important

CVE-2024-26242

Windows Telephony Server

Windows Telephony Server Elevation of Privilege Vulnerability

Important

CVE-2024-26236

Windows Update Stack

Windows Update Stack Elevation of Privilege Vulnerability

Important

CVE-2024-26235

Windows Update Stack

Windows Update Stack Elevation of Privilege Vulnerability

Important

CVE-2024-26243

Windows USB Print Driver

Windows USB Print Driver Elevation of Privilege Vulnerability

Important

CVE-2024-26254

Windows Virtual Machine Bus

Microsoft Virtual Machine Bus (VMBus) Denial of Service Vulnerability

Important

CVE-2024-26241

Windows Win32K – ICOMP

Win32k Elevation of Privilege Vulnerability

Importan

Last Updated on November 7, 2024 9:06 pm CET

Luke Jones
Luke Jones
Luke has been writing about Microsoft and the wider tech industry for over 10 years. With a degree in creative and professional writing, Luke looks for the interesting spin when covering AI, Windows, Xbox, and more.

Recent News

0 0 votes
Article Rating
Subscribe
Notify of
guest
0 Comments
Newest
Oldest Most Voted
Inline Feedbacks
View all comments
0
Would love your thoughts, please comment.x
()
x
Mastodon