High Threat Security Alert (A24-04-07): Multiple Vulnerabilities in Microsoft Products (April 2024)


 

Published on: 10 April 2024

  
  

Description:

Microsoft has released security updates addressing multiple vulnerabilities which affect several Microsoft products or components. The list of security updates can be found at:
https://msrc.microsoft.com/update-guide/releaseNote/2024-Apr

Reports indicated that the vulnerabilities (CVE-2024-26234 and CVE-2024-29988) in Microsoft Windows and Server are being exploited in the wild. System administrators and users are advised to take immediate action to patch your affected systems to mitigate the elevated risk of cyber attacks.

 

Affected Systems:

  • Microsoft Windows 10, 11
  • Microsoft Windows Server 2008, 2008 R2, 2012, 2012 R2, 2016, 2019, 2022, 2022, 23H2 Edition
  • Microsoft Outlook for Windows
  • Microsoft Office LTSC for Mac 2021
  • Microsoft 365 Apps for Enterprise
  • Microsoft SharePoint Server 2016, 2019, Subscription Edition
  • Microsoft Visual Studio 2019, 2022
  • Microsoft .NET Framework 3.5, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8, 4.8.1
  • .NET 6.0, 7.0, 8.0
  • Microsoft SQL Server 2019, 2022
  • Microsoft ODBC Driver 17, 18 for SQL Server
  • Microsoft OLE DB Driver 18, 19 for SQL Server
  • Microsoft Defender for IoT
  • Azure AI Search
  • Azure Compute Gallery
  • Azure CycleCloud 8.6.0
  • Azure Identity Library for .NET
  • Azure Kubernetes Service Confidential Containers
  • Azure Migrate
  • Azure Monitor Agent
  • Azure Private 5G Core
  • Azure Arc Cluster Extensions
    • microsoft.azstackhci.operator
    • microsoft.azure.hybridnetwork
    • microsoft.azurekeyvaultsecretsprovider
    • microsoft.iotoperations.mq
    • microsoft.networkfabricserviceextension
    • microsoft.openservicemesh
    • microsoft.videoindexer

 

Impact:

Successful exploitation of the vulnerabilities could lead to remote code execution, denial of service, elevation of privilege, information disclosure, security feature bypass or spoofing on an affected system.

 

Recommendation:

Patches for affected systems are available from the Windows Update / Microsoft Update Catalog. System administrators and users of affected systems should follow the recommendations provided by the vendor and take immediate actions to mitigate the risk.

 

More Information:

  • https://msrc.microsoft.com/update-guide/releaseNote/2024-Apr
  • https://www.hkcert.org/security-bulletin/microsoft-monthly-security-update-april-2024
  • https://www.helpnetsecurity.com/2024/04/09/april-2024-patch-tuesday-cve-2024-29988
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20665
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20669 (to CVE-2024-20670)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20678
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20685
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20688 (to CVE-2024-20689)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20693
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21322 (to CVE-2024-21324)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21409
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21424
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21447
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23593 (to CVE-2024-23594)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26158
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26168
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26171 (to CVE-2024-26172)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26175
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26179 (to CVE-2024-26180)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26183
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26189
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26193 (to CVE-2024-26195)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26200
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26202
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26205
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26207 (to CVE-2024-26224)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26226 (to CVE-2024-26237)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26239 (to CVE-2024-26245)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26248
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26250 (to CVE-2024-26257)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-28896 (to CVE-2024-28898)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-28900 (to CVE-2024-28915)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-28917
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-28919 (to CVE-2024-28927)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-28929 (to CVE-2024-28945)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-29043 (to CVE-2024-29048)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-29050
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-29052 (to CVE-2024-29056)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-29061 (to CVE-2024-29064)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-29066
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-29982 (to CVE-2024-29985)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-29988 (to CVE-2024-29990)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-29992 (to CVE-2024-29993)


Tag: Microsoft , Windows , Windows Server , Outlook , Microsoft Office , Microsoft 365 Apps , SharePoint , Visual Studio , .NET Framework , .NET , SQL Server , Microsoft Defender , Microsoft Azure
Tags