Microsoft and Adobe Publish Security Updates for Patch Tuesday in April 2024, Reviewing Their Fixes for Vulnerabilities
=====================================================================
In the latest Patch Tuesday release, Microsoft has addressed a total of 155 vulnerabilities, including three critical and 145 important severity vulnerabilities. The updates cover a wide range of Microsoft product families and products, such as Windows BitLocker, Windows Secure Boot, Microsoft Office Outlook, Windows Remote Procedure Call, Azure Private 5G Core, and more.
One of the critical vulnerabilities, CVE-2024-26234, is a spoofing vulnerability in the Proxy Driver. However, Microsoft has not disclosed any information about this vulnerability.
Another critical vulnerability, CVE-2024-21323, is a Microsoft Defender for IoT Remote Code Execution Vulnerability. To exploit this path traversal vulnerability, an attacker must send a tar file to the Defender for IoT sensor.
Microsoft Edge (Chromium-based) had three vulnerabilities patched earlier this month.
CVE-2024-26212 is a denial-of-service vulnerability in the DHCP Server Service. Microsoft has not disclosed any information about this vulnerability.
Several elevation of privilege vulnerabilities have also been addressed, such as CVE-2024-26256 in libarchive, CVE-2024-26211 in Windows Remote Access Connection Manager, and CVE-2024-26230 and CVE-2024-26239 in the Windows Telephony Server. Successful exploitation of these vulnerabilities could potentially grant an attacker SYSTEM privileges.
Adobe has also released nine security advisories to address 24 vulnerabilities in various Adobe products, including Adobe After Effects, Adobe Photoshop, Adobe Commerce, and Adobe Experience Manager. Five of these vulnerabilities are given critical severity ratings.
The next Patch Tuesday falls on May 14, and the webinar series will return with details and patch analysis. The webinar discusses high-impact vulnerabilities, including those from the current Patch Tuesday alert, and walks through necessary steps to address key vulnerabilities using Qualys VMDR and Qualys Patch Management.
Users can identify missing patches for the current Patch Tuesday by using a specific QQL. Additionally, Qualys VMDR automatically detects new Patch Tuesday vulnerabilities using continuous updates to its Knowledgebase (KB).
Qualys VMDR can rapidly deploy relevant patches for Windows hosts with a single click. Qualys Policy Compliance Control IDs [14297, 14916, 4030] have been updated to support Microsoft recommended mitigation for the CVE-2024-26232 Microsoft Message Queuing Remote Code Execution Vulnerability.
Qualys Policy Compliance reduces the risk of vulnerability exploitation through Out-of-the-Box Mitigation/Compensatory Controls. A workaround is a temporary solution used to overcome hardware, programming, or communication problems.
The Qualys Research team hosts a monthly webinar series to help customers leverage Qualys Vulnerability Management Detection Response (VMDR) and Qualys Patch Management. Users are encouraged to subscribe to the 'This Month in Vulnerabilities and Patches' webinar.
Microsoft has not addressed any zero-day vulnerabilities known to be exploited in the wild in the April 2024 edition. However, it is essential to apply the patches as soon as possible to protect systems from potential attacks.
Lastly, it is worth noting that CVE-2024-29056 is an elevation of privilege vulnerability in Windows Authentication. An attacker who successfully exploits the vulnerability may view some sensitive information. The advisory states that updates released on or after April 9, 2024, will NOT fully address the security issues in this vulnerability. Users are advised to monitor this vulnerability closely and apply additional mitigations if necessary.
