Microsoft Releases April 2024 Security Updates

Scheduled updates for Microsoft products, including security updates for 149 vulnerabilities with 2 reported as actively exploited

Threat ID:: CC-4476
Threat Severity:: Medium
Published:: 10 April 2024 3:05 PM

Report a cyber attack: call 0300 303 5222 or email [email protected]

Summary

Scheduled updates for Microsoft products, including security updates for 149 vulnerabilities with 2 reported as actively exploited

Affected platforms

The following platforms are known to be affected:

Microsoft Defender Smartscreen

Microsoft Azure Kubernetes Service

Microsoft Defender for IoT

Microsoft Windows

Threat details

Introduction

Microsoft has released security updates to address 149 vulnerabilities, including two that are actively exploited and four rated as critical, which are highlighted in the vulnerability details below.

Exploitation of CVE-2024-29988 and CVE-2024-26234

Microsoft has confirmed that CVE-2024-26234 (Proxy Driver Spoofing Vulnerability) is being exploited in the wild.

Additionally, there are reports of CVE-2024-29988 (SmartScreen Prompt Security Feature Bypass Vulnerability) being exploited in the wild.

Vulnerability details

CVE-2024-26234 - CWE-284 - Improper Access Control

CVE-2024-26234 is an Improper Access Control vulnerability with a CVSSv3 score of 6.7, which if exploited could allow an attacker to sign a malicious executable with a valid Microsoft Windows Hardware Compatibility Publisher (WHCP) certificate. This vulnerability is being exploited in the wild.

CVE-2024-29988 - CWE-693 - Protection Mechanism Failure

CVE-2024-29988 is a Protection Mechanism Failure vulnerability in SmartScreen with a CVSSv3 score of 8.8, which if exploited could allow an unauthenticated attacker to achieve remote code execution. This vulnerability is being exploited in the wild.

CVE-2024-21322 - CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')

CVE-2024-21322 is a Command Injection vulnerability in Microsoft Defender for IoT (Internet of Things) with a CVSSv3 score of 7.2, which if exploited could allow an authenticated attacker with access to an administrative account to execute arbitrary code.

CVE-2024-21323 - CWE-36 - Absolute Path Traversal

CVE-2024-21323 is an Absolute Path Traversal vulnerability in Microsoft Defender for IoT with a CVSSv3 score of 8.8, which if exploited could allow an authenticated attacker to remotely execute code via the upload of a malicious update package.

CVE-2024-29053 - CWE-36 - Absolute Path Traversal

CVE-2024-29053 is an Absolute Path Traversal vulnerability in Microsoft Defender for IoT with a CVSSv3 score of 8.8, which if exploited could allow an authenticated attacker to remotely execute code via the upload of a malicious file to sensitive locations on the server.

CVE-2024-29990 - CWE-284 - Improper Access Control

CVE-2024-29990 is an Improper Access Control vulnerability in Azure Kubernetes Service Confidential Containers with a CVSSv3 score of 9.0, which if exploited could allow a remote unauthenticated attacker to steal credentials and affect resources beyond the scope of Azure Kubernetes Service Confidential Containers.