- 109/2024
- Critical
- April 9, 2024
- 10:16 pm
Microsoft has released its monthly patch of security updates, known as Patch Tuesday.
Microsoft has fixed (150) vulnerabilities, with (3) classified as critical as they could allow the attacker to execute arbitrary code, and gain access to the affected products.
April’s Patch Tuesday was released to fix security flaws in several Microsoft products such as Windows Authentication Methods, .NET and Visual Studio, Azure Kubernetes Service Confidential Containers, Windows Remote Access Connection Manager, Intel, Internet Shortcut Files, Microsoft Brokering File System, Microsoft Defender for IoT, Microsoft Install Service, DNS Server, Windows Hyper-V, SQL Server, Windows BitLocker, Windows Compressed Folder, Windows DHCP Server, Windows Kernel, Windows Secure Boot, Microsoft WDAC OLE DB provider for SQL, Microsoft Office Excel, Microsoft Office Outlook, Microsoft WDAC ODBC Driver, and Microsoft Office SharePoint.
Sample of the addressed vulnerabilities:
1. Microsoft Azure Kubernetes Service Confidential Container Elevation of Privilege Vulnerability (CVE-2024-29990):
- CVSS: 9
- Attack Vector: Network
- Attack Complexity: High
- Privileges Required: None
- User Interaction: None
- Consequences: Gain Privilege
2. Microsoft Defender for IoT Remote Code Execution (CVE-2024-29053):
- CVSS: 8.8
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Consequences: Gain Access
Vulnerabilities
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.