Staying Secure with Windows Microsoft April Patch Update

Microsoft's commitment to cybersecurity is evident through its regular release of monthly patches to address known vulnerabilities within the Windows operating system. These updates are essential for safeguarding users against the latest threats and improving their systems' overall security and performance. Staying current with these patches is critical in maintaining a secure computing environment and protecting sensitive information from cyber-attacks.

Step into a safer space with Microsoft's April 2024 Patch Tuesday, which has tackled 150 security flaws, of which 67 were dangerous Remote Code Execution (RCE) vulnerabilities.

Not just that, it has also managed to fix two zero-day vulnerabilities related to Proxy Driver Spoofing and SmartScreen Prompt Security Feature Bypass.  This month’s leading risk type is remote code execution (RCE), accounting for 44%, followed by elevation of privilege (21%) and security feature bypass (19%).

Remote Code Execution (RCE) vulnerabilities represent a significant risk to cybersecurity. They allow attackers to execute code unauthorised on a victim's device, which could lead to complete system takeover, data breaches, unauthorised resource access, and malware dissemination. RCE vulnerabilities are especially perilous as they can be exploited remotely, often without user interaction.

Zero-day vulnerabilities refer to software flaws unknown to the software vendor, termed "zero-day" because the vendor has no time to mitigate the issue before it's potentially exploited. These flaws are coveted by cybercriminals for their initial lack of defence, allowing them to infiltrate systems or networks before a fix or protective measure is developed. It's crucial for software companies to swiftly address these vulnerabilities upon detection to safeguard against unauthorised exploits.

The patch addresses a broad spectrum of areas, including 31 Elevation of Privilege vulnerabilities, 29 Security Feature Bypass vulnerabilities, 13 Information Disclosure vulnerabilities, 7 Denial of Service vulnerabilities, and 3 Spoofing vulnerabilities.

The number of bugs in each vulnerability category is listed below:

• 31 Elevation of Privilege Vulnerabilities

• 29 Security Feature Bypass Vulnerabilities

• 67 Remote Code Execution Vulnerabilities

• 13 Information Disclosure Vulnerabilities

• 7 Denial of Service Vulnerabilities

• 3 Spoofing Vulnerabilities

Out of the vulnerabilities addressed in the April 2024 patch, 45 have been assigned a Common Vulnerability Scoring System (CVSS) rating above 8.5. This high CVSS rating indicates that these vulnerabilities pose a severe risk to systems if left unpatched, reflecting their potential to be exploited with a significant impact on confidentiality, integrity, and availability. Such vulnerabilities are a top priority for patch management efforts due to their critical threat level, underscoring the importance of applying these security updates swiftly to mitigate possible cyber threats effectively.

Below is a summary of the zero days...

CVE-2024-26234 - Proxy Driver Spoofing Vulnerability

Sophos shared that this CVE is assigned to a malicious driver signed with a valid Microsoft Hardware Publisher Certificate.

The driver was used to deploy a backdoor previously disclosed by Stairwell.

CVE-2024-29988 - SmartScreen Prompt Security Feature Bypass Vulnerability

CVE-2024-29988 is a patch bypass for the CVE-2024-21412 flaw (also a patch bypass for CVE-2023-36025), which allows attachments to bypass Microsoft Defender SmartScreen prompts when the file is opened.

This was used by the financially motivated Water Hydra hacking group to target forex trading forums and stock trading Telegram channels in spearphishing attacks that deployed the DarkMe remote access trojan (RAT).

Researchers also disclosed two Microsoft SharePoint zero-days that make it harder to detect when files are downloaded from servers.

Witnessing such comprehensive coverage, other giants like Cisco, D-Link, Google, Ivanti, Linux distro maintainers, LG, and SAP have also followed suit, releasing their security updates or disclosing vulnerabilities.

We cannot stress enough the significance of regular system security updates, which notably apply to Microsoft SQL drivers and SmartScreen bypass fixes.

So, don't delay - update now and fortify your system security with Microsoft's April 2024 Patch.

https://msrc.microsoft.com/update-guide/releaseNote/2024-Apr

The Common Vulnerability Scoring System (CVSS) is a standardised framework for rating the severity of security vulnerabilities in software. Each vulnerability, such as those Microsoft addressed in their April 2024 Patch, is assigned a CVSS score ranging from 0 to 10. This score quantifies the potential impact of the vulnerability, helping organisations prioritise their response efforts based on the level of threat posed.

A score closer to 10 indicates a highly critical vulnerability with the potential for severe impact, necessitating immediate attention and remediation. In contrast, a lower score suggests a less severe threat. CVSS scores take into account various factors, including the complexity of exploitation, the requirements for an attacker to leverage the vulnerability, and the potential consequences of an exploit. This comprehensive scoring system plays a crucial role in cybersecurity, guiding professionals in efficiently securing their systems against imminent threats.

Your Security is our Priority

Your friendly Support Team

Speak to us about all your computer needs

This is Part of our Cyber Security awareness educational campaign. Through this training, you will learn awareness and key principles, and best practices to protect yourself, your organisation, and the public from cyber attackers. You will also be equipped with the knowledge to identify potential threats and take action before any damage can occur.