Microsoft Releases April 2024 Security Updates

Apr 11, 2024 GMT+08:00

I. Overview

Microsoft has released its April 2024 Security Updates. A total of 149 security vulnerabilities have been disclosed, among which 3 are marked as important vulnerabilities. Attackers can exploit these vulnerabilities to implement remote code execution, privilege escalation, and security feature bypass. The affected applications include components such as Microsoft Windows, Microsoft Office, Microsoft Defender for IoT and .NET.

For details, visit the Microsoft official website:

https://msrc.microsoft.com/update-guide/releaseNote/2024-Apr

The following vulnerabilities require close scrutiny as their details have been disclosed or they have already been exploited by attackers:

Proxy Driver Spoofing Vulnerability (CVE-2024-26234): 0-day vulnerability. Exploiting this flaw could potentially misrepresent the agent driver's identity, allowing unauthorized control over the target system. This vulnerability has been exploited in the wild, and the risk is high.

13 vulnerabilities (such as CVE-2024-29988, CVE-2024-26256, and CVE-2024-26241) are marked as Exploitation More Likely. For details, see the official announcement. Please perform security self-check and security hardening in a timely manner to reduce attack risks.

II. Severity

Severity: important

(Severity: low, moderate, important, and critical)

III. Affected Products

Microsoft Windows, Microsoft Office, Microsoft Defender for IoT, .NET, and other products.

IV. Vulnerability Details

(Note: Vulnerabilities listed above are important ones. For more information, refer to the official website of Microsoft.)

V. Security Recommendations

1. Use Windows Update or download patches from the following address to fix the vulnerabilities:

https://msrc.microsoft.com/update-guide

2. Back up data remotely to protect your data.

Note: Before fixing vulnerabilities, back up your files and conduct a thorough test.