Microsoft has recently launched its April 2024 Patch Tuesday updates. Part of the release was patches targeting critical security vulnerabilities across Windows 10 and Windows 11, among other products. The updates, identified as KB5036892 for Windows 10 and KB5036893 for Windows 11, aim to fortify the security of these operating systems. Despite the anticipation, several users have reported difficulties during the installation process.
Addressing Key Vulnerabilities
Among the critical issues addressed in this update are two Kerberos PA authentication security vulnerabilities, tracked under CVE-2024-26248 and CVE-2024-29056. These vulnerabilities could potentially allow unauthorized access or escalation of privileges within affected systems. Additionally, the update provides updated mitigations for the BlackLotus security vulnerability, which is known to bypass Secure Boot and is identified by CVE ID “CVE-2023-24932.” It's important to note, however, that these mitigations are not enabled by default and require manual activation. Despite these enhancements, the updates do not address the LogoFAIL vulnerability, underscoring the ongoing challenges in cybersecurity defense.
Known Issues and Compatibility Concerns
Microsoft has also highlighted several known issues and compatibility concerns with the April 2024 security updates. Notably, the mitigations are incompatible with systems running Windows Server 2012 and Windows Server 2012 R2 that utilize TPM (Trusted Platform Module) 2.0. The company has stated, “TPM 2.0-based systems…cannot deploy the mitigations released in the April 9, 2024 security update because of known compatibility issues with TPM measurements.”
Further complications have arisen in VMware-based virtualization environments, where virtual machines using an x86-based processor with Secure Boot enabled may fail to boot post-mitigation application. Similarly, systems with Symantec Endpoint Encryption installed cannot apply the Secure Boot mitigations. Microsoft is in communication with both VMware and Symantec to resolve these issues.