Categories
Blog

MICROSOFT FIXES 140+ BUGS IN THE APRIL MONTH’S PATCH TUESDAY  

Home » Blog » MICROSOFT FIXES 140+ BUGS IN THE APRIL MONTH’S PATCH TUESDAY  

MICROSOFT FIXES 140+ BUGS IN THE APRIL MONTH’S PATCH TUESDAY  

Cybersecurity experts were finally relieved with multiple fixes for security bugs, including two actively exploited (CVE-2024-26234 & CVE-2024-29988 with 6.7 and 8.8 CVSS scores) and zero-day vulnerability as Microsoft releases its biggest security update. It fixes more than 149 security vulnerabilities across its software products, including Microsoft Office and SQL Server.  

The patch addresses the security bugs included in the Windows OS and Azure Cloud environment. Here is the complete list of CVEs that are fixed with the update. Out of the total 149 security vulnerabilities that are fixed, 3 are rated critical, 3 are rated moderate and one is rated low. The rest of the security bugs are rated important.  

The update addresses security bugs across multiple Microsoft software products mainly: 

  • Windows zero-day vulnerability  
  • Unaddressed SQL Server bugs  
  • IoT security bugs on Microsoft Defender 

Actively exploited zero-day vulnerability fixed 

CVE-2024-26234 was a critical zero-day vulnerability fixed via this update. It affected Microsoft’s Windows desktop and server Operating Systems, making them highly vulnerable. By exploiting the vulnerability, an attacker with privileged access can spoof a proxy driver to gain control of the system.  

Microsoft has recommended immediately updating all systems that are using Windows. As per security experts, since this vulnerability is of relatively low rating (CVSS 6.7), many organizations would choose to prioritize updates and skip it as per the  

SQL Server bugs addressed 

Microsoft has addressed 41 bugs, exploiting which the attackers could engage in remote code execution and connect them to malicious servers that could compromise their targets. Since the SQL Server security updates are high in number, security experts have advised organizations to cautiously engage in patch management because, coupled with Server management, it could put them at risk since it is a time-consuming process.  

Microsoft Defender for IoT security bugs addressed 

Microsoft has finally addressed three security vulnerabilities (critical) for Microsoft Defender for IoT (formerly known as Azure Defender for IoT) labeled CVE-2024-21322, CVE-2024-29053, and CVE-2024-21323 out of which CVE-2024-29053 is a critical vulnerability.  

The attacker could exploit the vulnerability to remotely control IoT devices since it does not require any admin privileges. Microsoft has also addressed privilege escalation vulnerabilities labeled CVE-2024-21324, CVE-2024-29055, and CVE-2024-29054.  

SharkStriker’s recommendations and actions 

SharkStriker recommends all partners and customers update all their Microsoft software products to the latest version. Please refer to the detailed list of patches here. 

  • For pre-emptively detecting and responding to suspicious threats and activities, we have implemented round-the-clock monitoring of the IT infrastructure.   
  • Based on the Indicators of Compromise given by CISA, we have hunted for threats (if any) mitigating the possibility of cyber attacks caused due to them.  
  • For early detection and quick & precise response to the threats, we have configured their detection mechanisms with the best practices.  
  • Our team of security experts has configured all their detection mechanisms for quick and precise early detection of threats.  
  • Through our STRIEGO’s dashboards, our customers can easily check the status of their cybersecurity posture.  

Services

Experience end-to-end management
of statutory and regulatory compliance
through our dedicated service for compliance

Explore More >

Latest Post

All
Blog