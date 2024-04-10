



Microsoft rolled out its biggest Patch Tuesday since 2017

After a relatively quiet start to the year when it comes to Windows security issues, Microsoft has surprisingly released its biggest Patch Tuesday rollout in seven years. 149 vulnerabilities have been fixed that affect multiple product lines, 90 of which impact Windows users. Additionally, the total was revealed to include two zero-day vulnerabilities, although Microsoft did not initially report them as such. While all vulnerabilities should be taken seriously, there are three that security experts believe you should pay close attention to.

Shortly after the release of the April Patch Tuesday security update, Microsoft changed the status of CVE-2024-26234, a proxy driver spoofing vulnerability, to indicate that it is a zero-day that is already being exploited in the wild by threat actors. I have confirmed that. It has been announced. Discovered by his X-Ops researchers at Sophos, this is a backdoor within an executable file that appears to be valid and equipped with a Microsoft Hardware Publisher Certificate. Given its zero-day status, this vulnerability should not be underestimated. However, according to Ivanti's VP of Security Products Chris Goettl, CVE-2024-26234 is only rated “Important” and CVSS v3.1 is his 6.7, so traditional prioritization methods can be easily overlooked.

Bypassing Zero-Day CVE-2024-29988 with SmartScreen Feature

CVE-2024-29988 is a vulnerability rated critical that could allow pop-up prompts in the SmartScreen security feature to be bypassed. According to Ben McCarthy, principal cyber security engineer at Immersive Labs, SmartScreen is a large pop-up that warns users about running an unknown file, scaring users away from opening it, and can be used at the end of phishing attacks. It's often the point. The Trend Micro Zero-Day Initiative has confirmed that one of its researchers has discovered that his CVE-2024-29988 is being exploited in the wild, making it a new zero-day. McCarthy has seen attack groups around the world use phishing with malicious attachments using the same proven attack flow, and using this exploit, the attack He warns that he will be even more successful.

Another vulnerability that should be high on the list of vulnerabilities to patch immediately, CVE-2024-26256, exists in the open-source libarchive project, which is used to compress files and data streams. According to Kev Breen, senior director of threat research at Immersive Labs, the library will be introduced to Windows in 2023 to natively support .rar, gz, and tar files in the operating system, making it vulnerable to This is not the first time she has been sexually assaulted. Although given a relatively low score (7.8) for a remote code execution vulnerability, Microsoft lists his CVE-2024-26256 as highly exploitable. However, according to Microsoft's notes on the issue, an attacker would need to wait for a user to establish a connection in order to be able to exploit it. Breen says knowing the types of connections and services that can be attacked helps defenders proactively create security rules to detect potentially malicious traffic.

