Security News > 2024 > April > Microsoft patches two actively exploited zero-days (CVE-2024-29988, CVE-2024-26234)

On this April 2024 Patch Tuesday, Microsoft has fixed a record 147 CVE-numbered vulnerabilities, including CVE-2024-29988, a vulnerability that Microsoft hasn't marked as exploited, but Peter Girnus, senior threat researcher with Trend Micro's Zero Day Initiative, has found being leveraged by attackers in the wild.

Microsoft has fixed 24 vulnerabilities that may allow attackers to bypass Windows Secure Boot, a security feature that aims to prevent malware from loading when PCs boot up.

Narang pointed out that though Microsoft considers their exploitation "Less likely", the last time Microsoft patched a flaw in Windows Secure Boot in May 2023 had a notable impact as it was exploited in the wild and linked to the BlackLotus UEFI bootkit.

"The vulnerability has been mitigated by a recent update to Azure AI Search's backend infrastructure. Customers who are required to rotate specific credentials have been notified through Azure Service Health Alerts under TrackingID: WL1G-3TZ," Microsoft said.

Another interesting thing recently pointed out by SonicWall Capture Labs is that despited RCE bugs getting more attention from defenders, in 2023 attackers exploited Microsoft elevation of privilege zero-day vulnerabilities more frequently that RCEs.

After the 2023 Patch Tuesdays, CISA added only four Microsoft vulnerabilities to their Known Exploited Vulnerabilities catalog: three EoPs and one Security Feature Bypass.

News URL

https://www.helpnetsecurity.com/2024/04/09/april-2024-patch-tuesday-cve-2024-29988/