Security News > 2024 > April > Microsoft patches two actively exploited zero-days (CVE-2024-29988, CVE-2024-26234)
On this April 2024 Patch Tuesday, Microsoft has fixed a record 147 CVE-numbered vulnerabilities, including CVE-2024-29988, a vulnerability that Microsoft hasn't marked as exploited, but Peter Girnus, senior threat researcher with Trend Micro's Zero Day Initiative, has found being leveraged by attackers in the wild.
Microsoft has fixed 24 vulnerabilities that may allow attackers to bypass Windows Secure Boot, a security feature that aims to prevent malware from loading when PCs boot up.
Narang pointed out that though Microsoft considers their exploitation "Less likely", the last time Microsoft patched a flaw in Windows Secure Boot in May 2023 had a notable impact as it was exploited in the wild and linked to the BlackLotus UEFI bootkit.
"The vulnerability has been mitigated by a recent update to Azure AI Search's backend infrastructure. Customers who are required to rotate specific credentials have been notified through Azure Service Health Alerts under TrackingID: WL1G-3TZ," Microsoft said.
Another interesting thing recently pointed out by SonicWall Capture Labs is that despited RCE bugs getting more attention from defenders, in 2023 attackers exploited Microsoft elevation of privilege zero-day vulnerabilities more frequently that RCEs.
After the 2023 Patch Tuesdays, CISA added only four Microsoft vulnerabilities to their Known Exploited Vulnerabilities catalog: three EoPs and one Security Feature Bypass.
News URL
https://www.helpnetsecurity.com/2024/04/09/april-2024-patch-tuesday-cve-2024-29988/
Related news
- Microsoft patches two zero-days exploited in the wild (CVE-2024-43573, CVE-2024-43572) (source)
- Microsoft fixes actively exploited zero-days (CVE-2024-43451, CVE-2024-49039) (source)
- Qualcomm zero-day under targeted exploitation (CVE-2024-43047) (source)
- Ivanti fixes three CSA zero-days exploited in the wild (CVE-2024-9379, CVE-2024-9380, CVE-2024-9381) (source)
- Microsoft October 2024 Patch Tuesday fixes 5 zero-days, 118 flaws (source)
- Actively exploited Firefox zero-day fixed, update ASAP! (CVE-2024-9680) (source)
- Week in review: Microsoft fixes two exploited zero-days, SOC teams are losing trust in security tools (source)
- CISA Warns of Active Exploitation of Microsoft SharePoint Vulnerability (CVE-2024-38094) (source)
- Fortinet FortiManager flaw exploited in zero-day attacks (CVE-2024-47575) (source)
- Microsoft November 2024 Patch Tuesday fixes 4 zero-days, 91 flaws (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-04-09 | CVE-2024-29988 | Unspecified vulnerability in Microsoft products SmartScreen Prompt Security Feature Bypass Vulnerability | 8.8 |