Microsoft's April 2024 Security Update: Addressing Record Vulnerabilities and Active Exploits

In April 2024, Microsoft released a significant security update, addressing a record 149 vulnerabilities, with two actively exploited flaws. Among these, three were rated Critical, 142 Important, three Moderate, and one Low severity. This update followed the remediation of 21 vulnerabilities in the Chromium-based Edge browser.

One of the exploited vulnerabilities, CVE-2024-26234, with a CVSS score of 6.7, involved Proxy Driver Spoofing. Although Microsoft's advisory lacked details, cybersecurity firm Sophos discovered a malicious executable signed with a valid Microsoft WHCP certificate. The executable, "Catalog.exe," contained a backdoor component called 3proxy, indicating a potential supply chain attack. Sophos found multiple variants of this backdoor in the wild since January 2023, prompting Microsoft to revoke relevant files.

Another actively exploited flaw, CVE-2024-29988 (CVSS score: 8.8), enabled attackers to bypass Microsoft Defender Smartscreen protections. To exploit it, attackers needed to convince users to launch specially crafted files using a launcher application. While Microsoft categorized the likelihood of exploitation as "Exploitation More Likely," evidence suggested active attacks.

Additionally, CVE-2024-29990 (CVSS score: 9.0) posed a significant threat, affecting Microsoft Azure Kubernetes Service Confidential Container. Unauthenticated attackers could exploit this elevation of privilege flaw to steal credentials and compromise confidential containers.

The update addressed various vulnerabilities, including 68 remote code execution, 31 privilege escalation, 26 security feature bypass, and six denial-of-service bugs. Notably, 24 of the security bypass flaws were related to Secure Boot, highlighting persistent vulnerabilities in this area.

Microsoft faced criticism for security practices following a cyber espionage campaign orchestrated by a Chinese threat actor in 2023. The U.S. Cyber Safety Review Board highlighted shortcomings in preventing such attacks. Microsoft responded by adopting the Common Weakness Enumeration (CWE) industry standard to analyze vulnerabilities, aiming to improve Software Development Life Cycle (SDLC) workflows and defense strategies.

Are you concerned about the security of your digital assets? Look no further than Indian Cyber Security Solutions for comprehensive Vulnerability Assessment and Penetration Testing (VAPT) services. Our team of highly skilled professionals specializes in identifying and mitigating potential security risks within your systems and networks. With state-of-the-art tools and methodologies, we conduct thorough assessments to uncover vulnerabilities before they can be exploited by malicious actors. By partnering with Indian Cyber Security Solutions, you can rest assured knowing that your organization's cybersecurity posture is robust and resilient. Don't wait for a security breach to occur – take proactive steps today to safeguard your business with our expert VAPT services.

In a related development, cybersecurity firm Varonis identified methods for attackers to bypass audit logs while exfiltrating files from SharePoint. These techniques exploited SharePoint features and user agents, allowing attackers to hide download events as less suspicious access and sync activities.

Apart from Microsoft, other vendors released security updates to address various vulnerabilities across different products and platforms. These vendors included Adobe, AMD, Android, Cisco, Dell, Google, HP, IBM, Linux distributions, Mozilla, Qualcomm, SAP, VMware, WordPress, and many others.

Organizations were advised to apply patches promptly and monitor systems for suspicious activities. The evolving threat landscape underscored the importance of robust cybersecurity measures and proactive patch management to mitigate risks effectively.