Today’s VERT Alert addresses Microsoft’s April 2024 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1101 as soon as coverage is completed.
In-The-Wild & Disclosed CVEs
This CVE describes a Proxy Driver Spoofing Vulnerability that, thanks to Microsoft’s new CWE listings, we know is tied to Improper Access Control. From a published Sophos write-up, we know that this is tied to a threat actor that has been working with a valid Microsoft Windows hardware Compatibility Program (WHCP) Certificate that has now been revoked. Sophos reports finding samples of the malicious files dating back to January 2023. Microsoft has reported this vulnerability as Exploitation Detected.
CVE Breakdown by Tag
While historical Microsoft Security Bulletin groupings are gone, Microsoft vulnerabilities are tagged with an identifier. This list provides a breakdown of the CVEs on a per tag basis. Vulnerabilities are also color coded to aid with identifying key issues.
- Traditional Software
- Mobile Software
- Cloud or Cloud Adjacent
- Vulnerabilities that are being exploited or that have been disclosed will be highlighted.
|
Tag |
CVE Count |
CVEs |
|
Microsoft Edge (Chromium-based) |
5 |
CVE-2024-3156, CVE-2024-3158, CVE-2024-3159, CVE-2024-29981, CVE-2024-29049 |
|
Windows Secure Boot |
26 |
CVE-2024-20669, CVE-2024-20688, CVE-2024-20689, CVE-2024-26250, CVE-2024-28920, CVE-2024-28922, CVE-2024-28921, CVE-2024-28919, CVE-2024-28923, CVE-2024-28896, CVE-2024-28898, CVE-2024-28903, CVE-2024-23594, CVE-2024-26168, CVE-2024-26171, CVE-2024-26175, CVE-2024-26180, CVE-2024-26189, CVE-2024-26194, CVE-2024-26240, CVE-2024-28924, CVE-2024-28925, CVE-2024-28897, CVE-2024-29061, CVE-2024-29062, CVE-2024-23593 |
|
.NET and Visual Studio |
1 |
CVE-2024-21409 |
|
Azure Compute Gallery |
1 |
CVE-2024-21424 |
|
Windows Internet Connection Sharing (ICS) |
2 |
CVE-2024-26252, CVE-2024-26253 |
|
Windows Virtual Machine Bus |
1 |
CVE-2024-26254 |
|
Windows Remote Access Connection Manager |
9 |
CVE-2024-26255, CVE-2024-28901, CVE-2024-28902, CVE-2024-26207, CVE-2024-26211, CVE-2024-26217, CVE-2024-26230, CVE-2024-26239, CVE-2024-28900 |
|
Windows Compressed Folder |
1 |
CVE-2024-26256 |
|
Windows DWM Core Library |
1 |
CVE-2024-26172 |
|
Windows Routing and Remote Access Service (RRAS) |
3 |
CVE-2024-26179, CVE-2024-26200, CVE-2024-26205 |
|
Microsoft Install Service |
1 |
CVE-2024-26158 |
|
Windows Message Queuing |
2 |
CVE-2024-26232, CVE-2024-26208 |
|
Microsoft Brokering File System |
4 |
CVE-2024-28905, CVE-2024-26213, CVE-2024-28904, CVE-2024-28907 |
|
SQL Server |
38 |
CVE-2024-28906, CVE-2024-28908, CVE-2024-28909, CVE-2024-28910, CVE-2024-28911, CVE-2024-28912, CVE-2024-28913, CVE-2024-28914, CVE-2024-28915, CVE-2024-28929, CVE-2024-28931, CVE-2024-28932, CVE-2024-28936, CVE-2024-28939, CVE-2024-28942, CVE-2024-28945, CVE-2024-29043, CVE-2024-29045, CVE-2024-29047, CVE-2024-28926, CVE-2024-28927, CVE-2024-28930, CVE-2024-28933, CVE-2024-28934, CVE-2024-28935, CVE-2024-28937, CVE-2024-28938, CVE-2024-28940, CVE-2024-28941, CVE-2024-28943, CVE-2024-28944, CVE-2024-29044, CVE-2024-29046, CVE-2024-29048, CVE-2024-29982, CVE-2024-29983, CVE-2024-29984, CVE-2024-29985 |
|
Windows Cryptographic Services |
2 |
CVE-2024-29050, CVE-2024-26228 |
|
Azure AI Search |
1 |
CVE-2024-29063 |
|
Role: Windows Hyper-V |
1 |
CVE-2024-29064 |
|
Windows Distributed File System (DFS) |
2 |
CVE-2024-29066, CVE-2024-26226 |
|
Azure Private 5G Core |
1 |
CVE-2024-20685 |
|
Internet Shortcut Files |
1 |
CVE-2024-29988 |
|
Microsoft Azure Kubernetes Service |
1 |
CVE-2024-29990 |
|
Intel |
1 |
CVE-2024-2201 |
|
Windows Remote Procedure Call |
1 |
CVE-2024-20678 |
|
Windows BitLocker |
1 |
CVE-2024-20665 |
|
Windows Kernel |
4 |
CVE-2024-20693, CVE-2024-26218, CVE-2024-26229, CVE-2024-26245 |
|
Microsoft Defender for IoT |
6 |
CVE-2024-21322, CVE-2024-21323, CVE-2024-21324, CVE-2024-29053, CVE-2024-29055, CVE-2024-29054 |
|
Windows Authentication Methods |
2 |
CVE-2024-21447, CVE-2024-29056 |
|
Azure Migrate |
1 |
CVE-2024-26193 |
|
Windows Kerberos |
2 |
CVE-2024-26183, CVE-2024-26248 |
|
Windows DHCP Server |
4 |
CVE-2024-26195, CVE-2024-26202, CVE-2024-26212, CVE-2024-26215 |
|
Windows Local Security Authority Subsystem Service (LSASS) |
1 |
CVE-2024-26209 |
|
Windows HTTP.sys |
1 |
CVE-2024-26219 |
|
Windows Mobile Hotspot |
1 |
CVE-2024-26220 |
|
Role: DNS Server |
7 |
CVE-2024-26221, CVE-2024-26222, CVE-2024-26223, CVE-2024-26224, CVE-2024-26227, CVE-2024-26231, CVE-2024-26233 |
|
Windows Win32K - ICOMP |
1 |
CVE-2024-26241 |
|
Windows USB Print Driver |
1 |
CVE-2024-26243 |
|
Microsoft WDAC OLE DB provider for SQL |
2 |
CVE-2024-26210, CVE-2024-26244 |
|
Windows Proxy Driver |
1 |
CVE-2024-26234 |
|
Windows Update Stack |
2 |
CVE-2024-26235, CVE-2024-26236 |
|
Windows Defender Credential Guard |
1 |
CVE-2024-26237 |
|
Windows Telephony Server |
1 |
CVE-2024-26242 |
|
Microsoft WDAC ODBC Driver |
1 |
CVE-2024-26214 |
|
Windows File Server Resource Management Service |
1 |
CVE-2024-26216 |
|
Microsoft Office SharePoint |
1 |
CVE-2024-26251 |
|
Microsoft Office Excel |
1 |
CVE-2024-26257 |
|
Azure Arc |
1 |
CVE-2024-28917 |
|
Windows Storage |
1 |
CVE-2024-29052 |
|
Microsoft Office Outlook |
1 |
CVE-2024-20670 |
|
Azure Monitor |
1 |
CVE-2024-29989 |
|
Azure SDK |
1 |
CVE-2024-29992 |
|
Azure |
1 |
CVE-2024-29993 |
|
Mariner |
2 |
CVE-2019-3816, CVE-2019-3833 |
Other Information
At the time of publication, there were no new advisories included with the April Security Guidance.
Meet Fortra™ Your Cybersecurity Ally™
Fortra is creating a simpler, stronger, and more straightforward future for cybersecurity by offering a portfolio of integrated and scalable solutions. Learn more about how Fortra’s portfolio of solutions can benefit your business.
