Microsoft April 2024 Patch Day

Microsoft has issued crucial security patches for Bitlocker, Office, and Windows Defender, among others, as attackers have started exploiting two vulnerabilities.

Users of Microsoft software should verify that Windows Update is active and that all recent security patches have been installed. Without these updates, systems may be at risk, and attackers could potentially gain full control of PCs through malicious code.

Current Attacks on Windows

A significant vulnerability (CVE-2024-29988 "high") has been targeted in the Windows SmartScreen Filter, a security feature that checks the credibility of downloaded files using the Mark-of-the-Web (MoTW) marking. Despite this safety measure, attackers have managed to circumvent the filter in active assaults. Users, believing their downloads verified by the SmartScreen, unknowingly execute these compromised files and inadvertently install Trojans. Although this type of attack requires users to open the infected file, its feasibility should not be underestimated. Presently, both Windows and Windows Server editions are susceptible.

Another vulnerability being exploited (CVE-2024-26234 "medium") affects the current editions of Windows Desktop and Windows Server. It involves a proxy driver spoofing attack. Specific details on the attack methods and potential consequences have not been provided by Microsoft.

Additional Threats

Microsoft has identified three vulnerabilities in Defender for IoT as critical (CVE-2024-21322 "high", CVE-2024-21323 "high", CVE-2024-29053 "high"), where attackers could execute undisclosed methods to launch malicious code attacks.

In Azure, a high-risk vulnerability (CVE-202429063 High) in an AI search function allows attackers unauthorized access to information. Furthermore, a flaw in Azure CycleCloud (CVE-2024-29993 High) could enable attackers to obtain elevated user privileges.

For a comprehensive list of vulnerabilities and updates, users are encouraged to refer to Microsoft’s Security Update Guide.