Source: www.bleepingcomputer.com – Author: Lawrence Abrams
Today is Microsoft’s April 2024 Patch Tuesday, which includes security updates for 150 flaws and sixty-seven remote code execution bugs.
Only three critical vulnerabilities were fixed as part of today’s Patch Tuesday, but there are over sixty-seven remote code execution bugs. More than half of the RCE flaws are found within Microsoft SQL drivers, likely sharing a common flaw.
There were also fixes for twenty-six Secure Boot bypasses released this month, including two from Lenovo.
The total count of 150 flaws does not include 5 Microsoft Edge flaws fixed on April 4th and 2 Mariner flaws. Mariner is an open-source Linux distribution developed by Microsoft for its Microsoft Azure services.
This month’s Patch Tuesday does not contain any fixes for zero-day vulnerabilities disclosed by Microsoft.
“Technique #1: Open in App Method
The first technique uses the code enabling the “open in app” feature in SharePoint to access and download files while only leaving an access event in the file’s audit log. This method can be executed manually or automated through a PowerShell script, allowing for the rapid exfiltration of many files.
Technique #2: SkyDriveSync User-Agent
The second technique uses the User-Agent for Microsoft SkyDriveSync to download files or even entire sites while mislabeling events as file syncs instead of downloads.”
❖ Varonis
Microsoft has not assigned CVEs to the two flaws and they have been added to the patching backlog, with no timeline as to when they will be fixed.
Other vendors who released security updates or vulnerability advisories in April 2024 include:
Below is the complete list of resolved vulnerabilities in the April 2024 Patch Tuesday updates.
To access the full description of each vulnerability and the systems it affects, you can view the full report here.
| Tag | CVE ID | CVE Title | Severity |
|---|---|---|---|
| .NET and Visual Studio | CVE-2024-21409 | .NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability | Important |
| Azure | CVE-2024-29993 | Azure CycleCloud Elevation of Privilege Vulnerability | Important |
| Azure AI Search | CVE-2024-29063 | Azure AI Search Information Disclosure Vulnerability | Important |
| Azure Arc | CVE-2024-28917 | Azure Arc-enabled Kubernetes Extension Cluster-Scope Elevation of Privilege Vulnerability | Important |
| Azure Compute Gallery | CVE-2024-21424 | Azure Compute Gallery Elevation of Privilege Vulnerability | Important |
| Azure Migrate | CVE-2024-26193 | Azure Migrate Remote Code Execution Vulnerability | Important |
| Azure Monitor | CVE-2024-29989 | Azure Monitor Agent Elevation of Privilege Vulnerability | Important |
| Azure Private 5G Core | CVE-2024-20685 | Azure Private 5G Core Denial of Service Vulnerability | Moderate |
| Azure SDK | CVE-2024-29992 | Azure Identity Library for .NET Information Disclosure Vulnerability | Moderate |
| Intel | CVE-2024-2201 | Intel: CVE-2024-2201 Branch History Injection | Important |
| Internet Shortcut Files | CVE-2024-29988 | SmartScreen Prompt Security Feature Bypass Vulnerability | Important |
| Mariner | CVE-2019-3816 | Unknown | Unknown |
| Mariner | CVE-2019-3833 | Unknown | Unknown |
| Microsoft Azure Kubernetes Service | CVE-2024-29990 | Microsoft Azure Kubernetes Service Confidential Container Elevation of Privilege Vulnerability | Important |
| Microsoft Brokering File System | CVE-2024-28905 | Microsoft Brokering File System Elevation of Privilege Vulnerability | Important |
| Microsoft Brokering File System | CVE-2024-28907 | Microsoft Brokering File System Elevation of Privilege Vulnerability | Important |
| Microsoft Brokering File System | CVE-2024-26213 | Microsoft Brokering File System Elevation of Privilege Vulnerability | Important |
| Microsoft Brokering File System | CVE-2024-28904 | Microsoft Brokering File System Elevation of Privilege Vulnerability | Important |
| Microsoft Defender for IoT | CVE-2024-29055 | Microsoft Defender for IoT Elevation of Privilege Vulnerability | Important |
| Microsoft Defender for IoT | CVE-2024-29053 | Microsoft Defender for IoT Remote Code Execution Vulnerability | Critical |
| Microsoft Defender for IoT | CVE-2024-29054 | Microsoft Defender for IoT Elevation of Privilege Vulnerability | Important |
| Microsoft Defender for IoT | CVE-2024-21324 | Microsoft Defender for IoT Elevation of Privilege Vulnerability | Important |
| Microsoft Defender for IoT | CVE-2024-21323 | Microsoft Defender for IoT Remote Code Execution Vulnerability | Critical |
| Microsoft Defender for IoT | CVE-2024-21322 | Microsoft Defender for IoT Remote Code Execution Vulnerability | Critical |
| Microsoft Edge (Chromium-based) | CVE-2024-3156 | Chromium: CVE-2024-3156 Inappropriate implementation in V8 | Unknown |
| Microsoft Edge (Chromium-based) | CVE-2024-29049 | Microsoft Edge (Chromium-based) Webview2 Spoofing Vulnerability | Moderate |
| Microsoft Edge (Chromium-based) | CVE-2024-29981 | Microsoft Edge (Chromium-based) Spoofing Vulnerability | Low |
| Microsoft Edge (Chromium-based) | CVE-2024-3159 | Chromium: CVE-2024-3159 Out of bounds memory access in V8 | Unknown |
| Microsoft Edge (Chromium-based) | CVE-2024-3158 | Chromium: CVE-2024-3158 Use after free in Bookmarks | Unknown |
| Microsoft Install Service | CVE-2024-26158 | Microsoft Install Service Elevation of Privilege Vulnerability | Important |
| Microsoft Office Excel | CVE-2024-26257 | Microsoft Excel Remote Code Execution Vulnerability | Important |
| Microsoft Office Outlook | CVE-2024-20670 | Outlook for Windows Spoofing Vulnerability | Important |
| Microsoft Office SharePoint | CVE-2024-26251 | Microsoft SharePoint Server Spoofing Vulnerability | Important |
| Microsoft WDAC ODBC Driver | CVE-2024-26214 | Microsoft WDAC SQL Server ODBC Driver Remote Code Execution Vulnerability | Important |
| Microsoft WDAC OLE DB provider for SQL | CVE-2024-26244 | Microsoft WDAC OLE DB Provider for SQL Server Remote Code Execution Vulnerability | Important |
| Microsoft WDAC OLE DB provider for SQL | CVE-2024-26210 | Microsoft WDAC OLE DB Provider for SQL Server Remote Code Execution Vulnerability | Important |
| Role: DNS Server | CVE-2024-26233 | Windows DNS Server Remote Code Execution Vulnerability | Important |
| Role: DNS Server | CVE-2024-26231 | Windows DNS Server Remote Code Execution Vulnerability | Important |
| Role: DNS Server | CVE-2024-26227 | Windows DNS Server Remote Code Execution Vulnerability | Important |
| Role: DNS Server | CVE-2024-26223 | Windows DNS Server Remote Code Execution Vulnerability | Important |
| Role: DNS Server | CVE-2024-26221 | Windows DNS Server Remote Code Execution Vulnerability | Important |
| Role: DNS Server | CVE-2024-26224 | Windows DNS Server Remote Code Execution Vulnerability | Important |
| Role: DNS Server | CVE-2024-26222 | Windows DNS Server Remote Code Execution Vulnerability | Important |
| Role: Windows Hyper-V | CVE-2024-29064 | Windows Hyper-V Denial of Service Vulnerability | Important |
| SQL Server | CVE-2024-28937 | Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability | Important |
| SQL Server | CVE-2024-28938 | Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability | Important |
| SQL Server | CVE-2024-29044 | Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability | Important |
| SQL Server | CVE-2024-28935 | Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability | Important |
| SQL Server | CVE-2024-28940 | Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability | Important |
| SQL Server | CVE-2024-28943 | Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability | Important |
| SQL Server | CVE-2024-28941 | Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability | Important |
| SQL Server | CVE-2024-28910 | Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability | Important |
| SQL Server | CVE-2024-28944 | Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability | Important |
| SQL Server | CVE-2024-28908 | Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability | Important |
| SQL Server | CVE-2024-28909 | Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability | Important |
| SQL Server | CVE-2024-29985 | Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability | Important |
| SQL Server | CVE-2024-28906 | Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability | Important |
| SQL Server | CVE-2024-28926 | Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability | Important |
| SQL Server | CVE-2024-28933 | Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability | Important |
| SQL Server | CVE-2024-28934 | Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability | Important |
| SQL Server | CVE-2024-28927 | Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability | Important |
| SQL Server | CVE-2024-28930 | Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability | Important |
| SQL Server | CVE-2024-29046 | Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability | Important |
| SQL Server | CVE-2024-28932 | Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability | Important |
| SQL Server | CVE-2024-29047 | Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability | Important |
| SQL Server | CVE-2024-28931 | Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability | Important |
| SQL Server | CVE-2024-29984 | Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability | Important |
| SQL Server | CVE-2024-28929 | Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability | Important |
| SQL Server | CVE-2024-28939 | Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability | Important |
| SQL Server | CVE-2024-28942 | Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability | Important |
| SQL Server | CVE-2024-29043 | Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability | Important |
| SQL Server | CVE-2024-28936 | Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability | Important |
| SQL Server | CVE-2024-29045 | Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability | Important |
| SQL Server | CVE-2024-28915 | Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability | Important |
| SQL Server | CVE-2024-28913 | Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability | Important |
| SQL Server | CVE-2024-28945 | Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability | Important |
| SQL Server | CVE-2024-29048 | Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability | Important |
| SQL Server | CVE-2024-28912 | Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability | Important |
| SQL Server | CVE-2024-28914 | Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability | Important |
| SQL Server | CVE-2024-29983 | Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability | Important |
| SQL Server | CVE-2024-28911 | Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability | Important |
| SQL Server | CVE-2024-29982 | Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability | Important |
| Windows Authentication Methods | CVE-2024-29056 | Windows Authentication Elevation of Privilege Vulnerability | Important |
| Windows Authentication Methods | CVE-2024-21447 | Windows Authentication Elevation of Privilege Vulnerability | Important |
| Windows BitLocker | CVE-2024-20665 | BitLocker Security Feature Bypass Vulnerability | Important |
| Windows Compressed Folder | CVE-2024-26256 | libarchive Remote Code Execution Vulnerability | Important |
| Windows Cryptographic Services | CVE-2024-26228 | Windows Cryptographic Services Security Feature Bypass Vulnerability | Important |
| Windows Cryptographic Services | CVE-2024-29050 | Windows Cryptographic Services Remote Code Execution Vulnerability | Important |
| Windows Defender Credential Guard | CVE-2024-26237 | Windows Defender Credential Guard Elevation of Privilege Vulnerability | Important |
| Windows DHCP Server | CVE-2024-26212 | DHCP Server Service Denial of Service Vulnerability | Important |
| Windows DHCP Server | CVE-2024-26215 | DHCP Server Service Denial of Service Vulnerability | Important |
| Windows DHCP Server | CVE-2024-26195 | DHCP Server Service Remote Code Execution Vulnerability | Important |
| Windows DHCP Server | CVE-2024-26202 | DHCP Server Service Remote Code Execution Vulnerability | Important |
| Windows Distributed File System (DFS) | CVE-2024-29066 | Windows Distributed File System (DFS) Remote Code Execution Vulnerability | Important |
| Windows Distributed File System (DFS) | CVE-2024-26226 | Windows Distributed File System (DFS) Information Disclosure Vulnerability | Important |
| Windows DWM Core Library | CVE-2024-26172 | Windows DWM Core Library Information Disclosure Vulnerability | Important |
| Windows File Server Resource Management Service | CVE-2024-26216 | Windows File Server Resource Management Service Elevation of Privilege Vulnerability | Important |
| Windows HTTP.sys | CVE-2024-26219 | HTTP.sys Denial of Service Vulnerability | Important |
| Windows Internet Connection Sharing (ICS) | CVE-2024-26253 | Windows rndismp6.sys Remote Code Execution Vulnerability | Important |
| Windows Internet Connection Sharing (ICS) | CVE-2024-26252 | Windows rndismp6.sys Remote Code Execution Vulnerability | Important |
| Windows Kerberos | CVE-2024-26183 | Windows Kerberos Denial of Service Vulnerability | Important |
| Windows Kerberos | CVE-2024-26248 | Windows Kerberos Elevation of Privilege Vulnerability | Important |
| Windows Kernel | CVE-2024-20693 | Windows Kernel Elevation of Privilege Vulnerability | Important |
| Windows Kernel | CVE-2024-26245 | Windows SMB Elevation of Privilege Vulnerability | Important |
| Windows Kernel | CVE-2024-26229 | Windows CSC Service Elevation of Privilege Vulnerability | Important |
| Windows Kernel | CVE-2024-26218 | Windows Kernel Elevation of Privilege Vulnerability | Important |
| Windows Local Security Authority Subsystem Service (LSASS) | CVE-2024-26209 | Microsoft Local Security Authority Subsystem Service Information Disclosure Vulnerability | Important |
| Windows Message Queuing | CVE-2024-26232 | Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability | Important |
| Windows Message Queuing | CVE-2024-26208 | Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability | Important |
| Windows Mobile Hotspot | CVE-2024-26220 | Windows Mobile Hotspot Information Disclosure Vulnerability | Important |
| Windows Proxy Driver | CVE-2024-26234 | Proxy Driver Spoofing Vulnerability | Important |
| Windows Remote Access Connection Manager | CVE-2024-28902 | Windows Remote Access Connection Manager Information Disclosure Vulnerability | Important |
| Windows Remote Access Connection Manager | CVE-2024-28900 | Windows Remote Access Connection Manager Information Disclosure Vulnerability | Important |
| Windows Remote Access Connection Manager | CVE-2024-28901 | Windows Remote Access Connection Manager Information Disclosure Vulnerability | Important |
| Windows Remote Access Connection Manager | CVE-2024-26255 | Windows Remote Access Connection Manager Information Disclosure Vulnerability | Important |
| Windows Remote Access Connection Manager | CVE-2024-26230 | Windows Telephony Server Elevation of Privilege Vulnerability | Important |
| Windows Remote Access Connection Manager | CVE-2024-26239 | Windows Telephony Server Elevation of Privilege Vulnerability | Important |
| Windows Remote Access Connection Manager | CVE-2024-26207 | Windows Remote Access Connection Manager Information Disclosure Vulnerability | Important |
| Windows Remote Access Connection Manager | CVE-2024-26217 | Windows Remote Access Connection Manager Information Disclosure Vulnerability | Important |
| Windows Remote Access Connection Manager | CVE-2024-26211 | Windows Remote Access Connection Manager Elevation of Privilege Vulnerability | Important |
| Windows Remote Procedure Call | CVE-2024-20678 | Remote Procedure Call Runtime Remote Code Execution Vulnerability | Important |
| Windows Routing and Remote Access Service (RRAS) | CVE-2024-26200 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | Important |
| Windows Routing and Remote Access Service (RRAS) | CVE-2024-26179 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | Important |
| Windows Routing and Remote Access Service (RRAS) | CVE-2024-26205 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | Important |
| Windows Secure Boot | CVE-2024-29061 | Secure Boot Security Feature Bypass Vulnerability | Important |
| Windows Secure Boot | CVE-2024-28921 | Secure Boot Security Feature Bypass Vulnerability | Important |
| Windows Secure Boot | CVE-2024-20689 | Secure Boot Security Feature Bypass Vulnerability | Important |
| Windows Secure Boot | CVE-2024-26250 | Secure Boot Security Feature Bypass Vulnerability | Important |
| Windows Secure Boot | CVE-2024-28922 | Secure Boot Security Feature Bypass Vulnerability | Important |
| Windows Secure Boot | CVE-2024-29062 | Secure Boot Security Feature Bypass Vulnerability | Important |
| Windows Secure Boot | CVE-2024-20669 | Secure Boot Security Feature Bypass Vulnerability | Important |
| Windows Secure Boot | CVE-2024-28898 | Secure Boot Security Feature Bypass Vulnerability | Important |
| Windows Secure Boot | CVE-2024-20688 | Secure Boot Security Feature Bypass Vulnerability | Important |
| Windows Secure Boot | CVE-2024-23593 | Lenovo: CVE-2024-23593 Zero Out Boot Manager and drop to UEFI Shell | Important |
| Windows Secure Boot | CVE-2024-28896 | Secure Boot Security Feature Bypass Vulnerability | Important |
| Windows Secure Boot | CVE-2024-28919 | Secure Boot Security Feature Bypass Vulnerability | Important |
| Windows Secure Boot | CVE-2024-23594 | Lenovo: CVE-2024-23594 Stack Buffer Overflow in LenovoBT.efi | Important |
| Windows Secure Boot | CVE-2024-28923 | Secure Boot Security Feature Bypass Vulnerability | Important |
| Windows Secure Boot | CVE-2024-28903 | Secure Boot Security Feature Bypass Vulnerability | Important |
| Windows Secure Boot | CVE-2024-26189 | Secure Boot Security Feature Bypass Vulnerability | Important |
| Windows Secure Boot | CVE-2024-26240 | Secure Boot Security Feature Bypass Vulnerability | Important |
| Windows Secure Boot | CVE-2024-28924 | Secure Boot Security Feature Bypass Vulnerability | Important |
| Windows Secure Boot | CVE-2024-28897 | Secure Boot Security Feature Bypass Vulnerability | Important |
| Windows Secure Boot | CVE-2024-28925 | Secure Boot Security Feature Bypass Vulnerability | Important |
| Windows Secure Boot | CVE-2024-26175 | Secure Boot Security Feature Bypass Vulnerability | Important |
| Windows Secure Boot | CVE-2024-28920 | Secure Boot Security Feature Bypass Vulnerability | Important |
| Windows Secure Boot | CVE-2024-26194 | Secure Boot Security Feature Bypass Vulnerability | Important |
| Windows Secure Boot | CVE-2024-26180 | Secure Boot Security Feature Bypass Vulnerability | Important |
| Windows Secure Boot | CVE-2024-26171 | Secure Boot Security Feature Bypass Vulnerability | Important |
| Windows Secure Boot | CVE-2024-26168 | Secure Boot Security Feature Bypass Vulnerability | Important |
| Windows Storage | CVE-2024-29052 | Windows Storage Elevation of Privilege Vulnerability | Important |
| Windows Telephony Server | CVE-2024-26242 | Windows Telephony Server Elevation of Privilege Vulnerability | Important |
| Windows Update Stack | CVE-2024-26236 | Windows Update Stack Elevation of Privilege Vulnerability | Important |
| Windows Update Stack | CVE-2024-26235 | Windows Update Stack Elevation of Privilege Vulnerability | Important |
| Windows USB Print Driver | CVE-2024-26243 | Windows USB Print Driver Elevation of Privilege Vulnerability | Important |
| Windows Virtual Machine Bus | CVE-2024-26254 | Microsoft Virtual Machine Bus (VMBus) Denial of Service Vulnerability | Important |
| Windows Win32K – ICOMP | CVE-2024-26241 | Win32k Elevation of Privilege Vulnerability | Important |
Original Post URL: https://www.bleepingcomputer.com/news/microsoft/microsoft-april-2024-patch-tuesday-fixes-150-security-flaws-67-rces/
Category & Tags: Microsoft,Security – Microsoft,Security
