Microsoft Patch Tuesday – April 9th 2024

“Patch Tuesday” is an unofficial term used to refer to the second Tuesday of each month, when Microsoft, Adobe, Oracle and others regularly release software patches for their software products. Critical security updates are occasionally released outside of the normal Patch Tuesday cycle, but these are known as “Out-of-band” releases. Security updates for April 9th 2024 – critical bypass of ‘smartscreen’ protection mechanism among 149 vulnerabilities this month.

Critical Bypass of ‘Smartscreen’ Protection Mechanism Among 149 Vulnerabilities This Month

 

“Patch Tuesday” is an unofficial term used to refer to the second Tuesday of each month, when Microsoft, Adobe, Oracle and others regularly release software patches for their software products. Critical security updates are occasionally released outside of the normal Patch Tuesday cycle, but these are known as “Out-of-band” releases.

You can access the Microsoft list of Security Updates for April 2024 directly at https://msrc.microsoft.com/update-guide/releaseNote/2024-Apr

 

Known Exploited Vulnerabilities

The list of “Known Exploited” vulnerabilities below have been reported by the CISA, America’s Cyber Defense Agency, to be known to be currently being exploited in the wild and at scale. These represent the absolute highest priority for patching for many organisations:

 

CVE-2024-29988

The key vulnerability to highlight this month is the ability of remote attackers to bypass the ‘SmartScreen’ Protection Mechanism in Microsoft Windows desktop and server operating systems (CVE-2024-29988), allowing the potential for malicious Remote Code Execution (RCE). This vulnerability has been reported as being actively exploited in the wild by threat groups and should be patched as a priority.

See full details of the above vulnerability online via our Detections Service at https://detections.appcheck-ng.com/vulnerabilities/view/287269.

AppCheck already is detecting and reporting on instances of this vulnerability, so ensure that you check your latest scan reports for potential threat to your estate.

 

CVE-2024-26234

Whilst not flagged by CISA at this time, a second vulnerability – CVE-2024-26234 – has also been reported as “exploitation detected” by Microsoft. An access control vulnerability in Windows Proxy Driver with a CVSS score of 6.7 (“medium” risk), Microsoft have not released full details of this issue, which affects both desktop and server editions of the popular Windows operating system.

 

Critical (CVSS 9+) Patches to Prioritise

The list of “Critical” vulnerabilities below are all those with a “CVSS” score of 9 or greater. This generally reflects a vulnerability that is critical risk, being both trivial to exploit, likely to be exploited, and which could cause great harm and damage if exploited:

 

CVE-2024-29990

A privilege escalation vulnerability in Microsoft Azure Kubernetes Service, CVE-2024-29990 has been tagged with a CVSS core of 9.0 (“Critical”) by Microsoft. An attacker can access the untrusted AKS Kubernetes node and AKS Confidential Container to take over confidential guests and containers beyond the network stack it might be bound to.

 

‘Highly Exploitable’ Vulnerabilities

The list of “Highly Exploitable” vulnerabilities below are all those which Microsoft has determined are relatively trivial to exploit:

 

Other Critical Patches

In addition to the above, Microsoft released 149 important security patches in total.

Products affected by this Patch Tuesday’s updates include:

  • Windows and Windows Components;
  • Azure;
  • .NET Framework and Visual Studio;
  • SQL Server;
  • DNS Server;
  • Windows Defender;
  • BitLocker; and
  • Windows Secure Boot.

 

You can see the full list on Microsoft’s Security Update Guide page (https://msrc.microsoft.com/update-guide/en-us), along with the associated KB articles and security vulnerability details.

 

Statistics

Total Microsoft CVEs: 149

Currently exploited: 2

Highly Exploitable: 13

By Severity:

  1. Critical: 3
  2. Important: 142
  3. Moderate: 2

 

 

How to Protect Your Organisation

As with every month, if you don’t want to wait for your system to download Microsoft critical updates on pre-determined schedule, you can download them immediately from the Windows Update Catalog website at https://www.catalog.update.microsoft.com/Home.aspx and searching by Microsoft KB ID.

We also recommend scanning your entire estate using the AppCheck vulnerability scanner regularly – including end-user machines running desktop operating systems. Contact your account manager now if you are not already licensed for internal scan hubs to cover your end-user estate and find out how to delivery holistic, whole-estate coverage for your organisation.

 

Next Patch Tuesday

The next Patch Tuesday will be on 14th May 2024 – add it to your calendar now!

 

About AppCheck

AppCheck is a software security vendor based in the UK, offering a leading security scanning platform that automates the discovery of security flaws within organisations websites, applications, network, and cloud infrastructure. AppCheck are authorized by the Common Vulnerabilities and Exposures (CVE) Program as a CVE Numbering Authority (CNA).

Get started with Appcheck

No software to download or install.

Contact us or call us 0113 887 8380

About Appcheck

AppCheck is a software security vendor based in the UK, offering a leading security scanning platform that automates the discovery of security flaws within organisations websites, applications, network and cloud infrastructure. AppCheck are authorized by te Common Vulnerabilities and Exposures (CVE) Program aas a CVE Numbering Authority (CNA)

No software to download or install.
Contact us or call us 0113 887 8380

Start your free trial

Your details
IP Addresses
URLs

Get in touch