Redmond, WA – Microsoft has recently released security updates for the month of April 2024 to address a total of 149 flaws, two of which have already been actively exploited in the wild. The vulnerabilities range in severity, with three rated as Critical, 142 as Important, three as Moderate, and one as Low. This update comes after the company addressed 21 vulnerabilities in its Chromium-based Edge browser following the previous month’s Patch Tuesday fixes.
One of the vulnerabilities being actively exploited is a Proxy Driver Spoofing Vulnerability (CVE-2024-26234) with a CVSS score of 6.7. The other is a SmartScreen Prompt Security Feature Bypass Vulnerability (CVE-2024-29988) with a CVSS score of 8.8. Cybersecurity firm Sophos discovered a malicious executable signed by a valid Microsoft Windows Hardware Compatibility Publisher certificate linked to the Proxy Driver Spoofing Vulnerability.
Further analysis revealed a backdoor component called 3proxy designed to monitor and intercept network traffic on infected systems. While it’s unclear if the malicious file was intentionally embedded, multiple variants of the backdoor have been found in the wild dating back to January 2023. Microsoft has taken steps to address the issue by adding relevant files to its revocation list.
Another security flaw under active attack is CVE-2024-29988, allowing attackers to bypass Microsoft Defender Smartscreen protections when opening specific files. Evidence of exploitation in the wild has been reported, although Microsoft has categorized it as “Exploitation More Likely.” Additionally, CVE-2024-29990, an elevation of privilege flaw impacting Microsoft Azure Kubernetes Service Confidential Container, poses a risk of credential theft by unauthenticated attackers.
The release addresses a variety of vulnerabilities, including remote code execution, privilege escalation, security feature bypass, and denial-of-service bugs. Notably, the update includes 24 Secure Boot vulnerabilities, emphasizing the ongoing threats associated with Secure Boot. Tenable’s senior staff research engineer, Satnam Narang, warns of potential future malicious activity related to Secure Boot flaws.
In response to criticism regarding its security practices, Microsoft has started publishing root cause data for security flaws using the Common Weakness Enumeration (CWE) industry standard. This move aims to pinpoint the generic root cause of vulnerabilities and enhance software development and defense-in-depth efforts. Additionally, cybersecurity firm Varonis has detailed techniques attackers could use to circumvent audit logs while exfiltrating files from SharePoint, prompting organizations to monitor access events closely.
As Microsoft continues to address security vulnerabilities, the tech giant remains at the forefront of cybersecurity challenges and solutions in today’s digital landscape. The ongoing efforts to enhance transparency and security practices are crucial steps in safeguarding against cyber threats and vulnerabilities in the ever-evolving technological environment.