Security News > 2024 > April > Microsoft patches two actively exploited zero-days (CVE-2024-29988, CVE-2024-26234)
On this April 2024 Patch Tuesday, Microsoft has fixed a record 147 CVE-numbered vulnerabilities, including CVE-2024-29988, a vulnerability that Microsoft hasn't marked as exploited, but Peter Girnus, senior threat researcher with Trend Micro's Zero Day Initiative, has found being leveraged by attackers in the wild.
Microsoft has fixed 24 vulnerabilities that may allow attackers to bypass Windows Secure Boot, a security feature that aims to prevent malware from loading when PCs boot up.
Narang pointed out that though Microsoft considers their exploitation "Less likely", the last time Microsoft patched a flaw in Windows Secure Boot in May 2023 had a notable impact as it was exploited in the wild and linked to the BlackLotus UEFI bootkit.
"The vulnerability has been mitigated by a recent update to Azure AI Search's backend infrastructure. Customers who are required to rotate specific credentials have been notified through Azure Service Health Alerts under TrackingID: WL1G-3TZ," Microsoft said.
Another interesting thing recently pointed out by SonicWall Capture Labs is that despited RCE bugs getting more attention from defenders, in 2023 attackers exploited Microsoft elevation of privilege zero-day vulnerabilities more frequently that RCEs.
After the 2023 Patch Tuesdays, CISA added only four Microsoft vulnerabilities to their Known Exploited Vulnerabilities catalog: three EoPs and one Security Feature Bypass.
News URL
https://www.helpnetsecurity.com/2024/04/09/april-2024-patch-tuesday-cve-2024-29988/
Related news
- Microsoft fixes actively exploited Windows CLFS zero-day (CVE-2025-29824) (source)
- Microsoft April 2025 Patch Tuesday fixes exploited zero-day, 134 flaws (source)
- Microsoft: Windows CLFS zero-day exploited by ransomware gang (source)
- Patch Tuesday: Microsoft Fixes 134 Vulnerabilities, Including 1 Zero-Day (source)
- Apple plugs zero-day holes used in targeted iPhone attacks (CVE-2025-31200, CVE-2025-31201) (source)
- DslogdRAT Malware Deployed via Ivanti ICS Zero-Day CVE-2025-0282 in Japan Attacks (source)
- Commvault Confirms Hackers Exploited CVE-2025-3928 as Zero-Day in Azure Breach (source)
- Play Ransomware Exploited Windows CVE-2025-29824 as Zero-Day to Breach U.S. Organization (source)
- Microsoft May 2025 Patch Tuesday fixes 5 exploited zero-days, 72 flaws (source)
- Zero-day exploited to compromise Fortinet FortiVoice systems (CVE-2025-32756) (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-04-09 | CVE-2024-29988 | Unspecified vulnerability in Microsoft products SmartScreen Prompt Security Feature Bypass Vulnerability | 0.0 |