Microsoft has rolled out the biggest Patch Tuesday since 2017
After a relatively quiet start to the year when it comes to Windows security issues, Microsoft has surprisingly released the largest Patch Tuesday rollout in seven years. With fixes for 149 vulnerabilities affecting several product lines, 90 of these impact Windows users. Moreover, it has come to light that two zero-day vulnerabilities are included in the total, although Microsoft did not initially report them as such. While you need to take all of the vulnerabilities seriously, there are three that security experts think you should be paying very close attention to.
Windows Zero-Day Security Vulnerability CVE-2024-26234
Not long after the publication of the April Patch Tuesday security updates, Microsoft changed the status of CVE-2024-26234, a proxy driver spoofing vulnerability, to confirm that this is a zero-day that has already been exploited in the wild by threat actors and has been publicly disclosed. Discovered by Sophos X-Ops researchers, this is a backdoor in an executable that appears to be valid and complete with a Microsoft Hardware Publisher Certificate. Given the zero-day status, this vulnerability should not be underestimated. However, as Chris Goettl, vice-president of security products at Ivanti, says, “CVE-2024-26234 is only rated as Important and has a CVSS v3.1 of 6.7, so it could be easily missed by traditional methods of prioritization.”
SmartScreen Feature Bypass Zero-Day CVE-2024-29988
CVE-2024-29988 is a critical-rated vulnerability that can allow the SmartScreen security feature pop-up prompt to be bypassed. “SmartScreen is a large popup that warns the user about running an unknown file,” Ben McCarthy, lead cyber security engineer at Immersive Labs, explains, “and is often the endpoint of phishing attacks as it scares the user enough to not continue opening it.” The Trend Micro Zero-Day Initiative confirms that one of its researchers found CVE-2024-29988 being exploited in the wild, making it another zero-day. “With the same tried and tested attack flow,” McCarthy warns, “we have seen attack groups use worldwide which is phishing with malicious attachments, using this exploit, they will get more successful attacks.”
CVE-2024-26256 Should Be High On Your Patch Priority List
Another vulnerability that should be high on the list of vulnerabilities to patch quickly, CVE-2024-26256, sits with the open-source libarchive project, which is employed for file and data stream compression. “This library was introduced to Windows in 2023 to natively support .rar, gz, and tar files in the operating system,” Kev Breen, senior director of threat research at Immersive Labs, says, “and this is not the first time it has suffered from vulnerabilities.” Although it has been given a relatively low score for a remote code execution vulnerability, 7.8, Microsoft lists CVE-2024-26256 as more likely to be exploited. In order to be exploited, however, any threat actor would need to wait for “a user to make a connection” according to the Microsoft notes on this one. “It would be helpful to know what type of connection or service is exploitable,” Breen says, “so that defenders can proactively create security rules to detect potentially malicious traffic.”
