Microsoft has rolled out security updates for the month of April 2024 addressing a total of 149 vulnerabilities, with two actively exploited flaws. In this batch, there are three Critical, 142 Important, three Moderate, and one Low severity flaws. These updates follow the addressing of 21 vulnerabilities in the Chromium-based Edge browser in the March 2024 Patch Tuesday release.
Among the vulnerabilities being actively exploited are CVE-2024-26234, a Proxy Driver Spoofing flaw with a CVSS score of 6.7, and CVE-2024-29988, a SmartScreen Prompt Security Feature Bypass flaw with a CVSS score of 8.8. Sophos reported the discovery of a malicious executable signed with a valid Microsoft certificate that acts as a backdoor on infected systems, highlighting potential supply chain issues. Another flaw, CVE-2024-29990, affecting Azure Kubernetes Service Confidential Containers, poses a serious risk of credential theft.
The release also deals with a significant number of remote code execution, privilege escalation, security bypass, and denial-of-service vulnerabilities, with a notable focus on Secure Boot. While none of the Secure Boot flaws were exploited in the wild, the emphasis remains on addressing such vulnerabilities to prevent future threats.
Recently, Microsoft has faced scrutiny for its security practices following a cyber espionage campaign and has begun incorporating Common Weakness Enumeration (CWE) assessments in its advisories to help identify root causes and prevent similar vulnerabilities in the future. Meanwhile, cybersecurity firm Varonis has detailed methods attackers may use to bypass audit logs and evade detection while exfiltrating files from SharePoint, urging organizations to monitor access events closely.
In addition to Microsoft, other vendors have also released security patches in recent weeks to address various vulnerabilities across different software products.