Security operations · 2 MIN READ · AARON WALTON AND MATT JASTRAM · APR 9, 2024 · TAGS: MDR
This Patch Tuesday includes 150 published CVEs from Microsoft, and Adobe delivers multiple security updates to address 24 CVEs.
Patch Tuesday, April 2024 edition, is out and our team reviewed the newly released patches. Here are our top takeaways.
Microsoft
Microsoft must have decided to roll out April Fool’s Day a week late this month with a record-breaking 150 CVEs to address… There is little evidence threat actors are exploiting these vulnerabilities in the wild, but here are steps we recommend to reduce exploit risk:
- Server Hygiene: Microsoft’s massive list of CVEs includes fifty-six server-specific vulnerabilities. Unpatched, externally facing servers continue to be prime attacker targets for our managed detection and response (MDR) customers. Multi-server versions are impacted, so review with your server version in mind. Here’s a summary of the total vulnerabilities impacting various server types: SQL Servers (38), DNS Servers (7), Windows DHCP Servers (4), Windows File Server Resource Management Services (1), and Windows Telephony Server (1).
- Remediate the SmartScreen Prompt Security Feature Bypass CVE-2024-29988 Vulnerability. We’ve consistently seen adversaries conduct brute-force phishing attempts against our MDR customers, which lead to malware compromise (predominantly ZIP files). Be warned: if a threat actor successfully provides a crafted file to a user, the remote code execution (RCE) can quickly escalate into a cyber incident.
- Remediate the Microsoft Proxy Driver Spoofing CVE-2024-26234 Vulnerability. This was the single Microsoft vulnerability that was listed as, ‘Exploitation Detected’ this month. With seventeen Windows server versions and 36 additional Windows versions impacted, this should be on your punch list to remediate.
- Remediate Windows DNS Server Remote Code Execution CVE-2024-26221-4, CVE-2024-26227, CVE-2024-26231, & CVE-2024-26233 Vulnerabilities. For these similar CVEs, if an attacker gains network access, they’re able to both query and issue commands to your DNS server! These CVEs impact multiple Windows server versions, so ensure you remediate the risk.
Adobe
- Remediate the Adobe Media Encoder Critical CVE-2024-20772 that could lead to arbitrary code execution. MacOS and Windows admins or users can quickly initiate the Adobe Creative Cloud update, reducing the likelihood of a threat actor using a native-code to execute (potentially without the user’s awareness).
- Remediate the Adobe Animate Critical CVE-2024-20795 & CVE-2024-20797 that could also lead to arbitrary code execution. To lower your risk, Adobe leverages its Admin Console to auto-update MacOS and Windows to the latest Creative Cloud application.
That’s it for this month. If you have any questions about these specific vulnerabilities (and others on the Patch Tuesday list)—or if you’re interested in learning how Expel Vulnerability Prioritization can give you context for your own environment—feel free to get in touch.
