Randy Franklin Smith's Ultimate Windows Security

Upcoming Webinars

Unpacking a Linux Supply Chain Compromise Using the Recently Published XZ Utils Backdoor as the Example
Assessing the Security of Your Active Directory: User Accounts
Anatomy of a Cloud Hack: The Cloudflare/Okta Compromise – A Story of Tokens, Lateral Movement, Persistence and the Salvation of Zero Trust and Hard MFA Tokens

Webinar Library

Latest Blogs

How to Detect Pass-the-Hash Attacks Blog Series

Come meet Randy in Orlando at Microsoft Ignite at Quest's Booth #1818

Detecting Pass-the-Hash with Honeypots

Catch Malware Hiding in WMI with Sysmon

For of all sad words of tongue or pen, the saddest are these: 'We weren’t logging’

Experimenting with Windows Security: Controls for Enforcing Policies

Sysmon Event IDs 1, 6, 7 Report All the Binary Code Executing on Your Network

Yet Another Ransomware Can That Can be Immediately Detected with Process Tracking on Workstations

Cracking AD Passwords with NTDSXtract, Dsusers.py and John the Ripper

Cracking local windows passwords with Mimikatz, LSA dump and Hashcat

Top Resources

Security Log

Additional Resources

April, 2024: Patch Tuesday - One Zero Day and Record Number of Patches!

Welcome to my April Patch Tuesday. Last month wasn't very active but Microsoft has more than made up for that today. We have a record number of patches, 150, released today and an additional 22 released since March's Patch Tuesday. This brings the total number of patches for the past month to (...drum roll...) 172 vulnerabilities. I do not believe I have ever seen this many patches in a single month in the past.

The good news is that only one of these vulnerabilities is a zero day: CVE-2024-26234. Microsoft reports that this spoofing vulnerability is both publicly disclosed and also exploited in the wild. The CVSS score is medium at 6.7/5.8. This may be due to the fact that this exploit requires an attacker to have authorized privileges that provide significant control (think admin privileges). Either way my recommendation is to patch/update this ASAP.

Another CVE to look at is CVE-2024-28916. For those of you in corporate evironments that deploy OS's to your endpoints, lockdown installation images and remove all the bloatware, then this CVE can most likely be ignored since it affects Xbox Gaming Services. I am including it for two reasons: 1. Microsoft included it and 2. I do know of many organizations that don't use golden images and allow employees to use personal laptops and desktops. As a matter of fact, a close friend was just recently getting nagging popups on his work laptop to update Xbox Gaming Services. He didn't have a local admin account so he couldn't unistall it. So I know that many of you may want to get this patch installed immediately. Microsoft reports that this elevation of privilege vulnerability is publicly disclosed and that exploitation is more likely. As of today, it has not been detected in the wild.

Besides the two mentioned above we have three critical updates. They are all remote code executions for MS Defender for IoT. CVE-2024-21322, CVE-2024-21323 and CVE-2024-29053 are all rated by Microsoft as "Exploitation Less Likely". In my opinion, since these are also rated critical then you should test and update them ASAP.

Patch data provided by:
Technology	Products Affected	Severity	Reference	Workaround/ Exploited / Publicly Disclosed	Vulnerability Info
Windows	Windows 10, 11 Server 2008 SP2, 2008R2 SP1, 2012, 2012 R2, 2016, 2019, 2022 including Server Core Installations	Important	CVE-2024-20665 CVE-2024-20669 CVE-2024-20678 CVE-2024-20688 CVE-2024-20689 CVE-2024-20693 CVE-2024-21447 CVE-2024-2201 CVE-2024-23593 CVE-2024-23594 CVE-2024-26158 CVE-2024-26168 CVE-2024-26171 CVE-2024-26172 CVE-2024-26175 CVE-2024-26179 CVE-2024-26180 CVE-2024-26183 CVE-2024-26189 CVE-2024-26194 CVE-2024-26195 CVE-2024-26200 CVE-2024-26202 CVE-2024-26205 CVE-2024-26207 CVE-2024-26208 CVE-2024-26209 CVE-2024-26210 CVE-2024-26211 CVE-2024-26212 CVE-2024-26213 CVE-2024-26214 CVE-2024-26215 CVE-2024-26216 CVE-2024-26217 CVE-2024-26218 CVE-2024-26219 CVE-2024-26220 CVE-2024-26221 CVE-2024-26222 CVE-2024-26223 CVE-2024-26224 CVE-2024-26226 CVE-2024-26227 CVE-2024-26228 CVE-2024-26229 CVE-2024-26230 CVE-2024-26231 CVE-2024-26232 CVE-2024-26233 CVE-2024-26234 CVE-2024-26235 CVE-2024-26236 CVE-2024-26237 CVE-2024-26239 CVE-2024-26240 CVE-2024-26241 CVE-2024-26242 CVE-2024-26243 CVE-2024-26244 CVE-2024-26245 CVE-2024-26248 CVE-2024-26250 CVE-2024-26252 CVE-2024-26253 CVE-2024-26254 CVE-2024-26255 CVE-2024-26256 CVE-2024-28896 CVE-2024-28897 CVE-2024-28898 CVE-2024-28900 CVE-2024-28901 CVE-2024-28902 CVE-2024-28903 CVE-2024-28904 CVE-2024-28905 CVE-2024-28907 CVE-2024-28919 CVE-2024-28920 CVE-2024-28921 CVE-2024-28922 CVE-2024-28923 CVE-2024-28924 CVE-2024-28925 CVE-2024-29050 CVE-2024-29052 CVE-2024-29056 CVE-2024-29061 CVE-2024-29062 CVE-2024-29064 CVE-2024-29066 CVE-2024-29988	Workaround: No Exploited: Yes Public: Yes	Denial of Service Elevation of Privilege Information Disclosure Remote Code Execution Security Feature Bypass Spoofing
Edge	Chromium-based Edge for Android	Moderate	CVE-2024-2400 CVE-2024-26163 CVE-2024-26246 CVE-2024-26247 CVE-2024-2625 CVE-2024-2626 CVE-2024-2627 CVE-2024-2628 CVE-2024-2629 CVE-2024-2630 CVE-2024-2631 CVE-2024-2883 CVE-2024-2885 CVE-2024-2886 CVE-2024-2887 CVE-2024-29049 CVE-2024-29057 CVE-2024-29981 CVE-2024-3156 CVE-2024-3158 CVE-2024-3159	Workaround: No Exploited: No Public: No	Security Feature Bypass Spoofing
Office and SharePoint	365 Apps for Enterprise SharePoint Server 2016/2019 SharePoint Server Subscription Edition LTSC for Mac 2021 Outlook for Windows	Important	CVE-2024-26251 CVE-2024-26257 CVE-2024-20670	Workaround: No Exploited: No Public: No	Remote Code Execution Spoofing
SQL Server	ODBC Driver 17 & 18 for Linux, MacOS, Windows OLE Driver 18 & 19 2019 CU25 & GDR 2022 CU12 & GDR	Important	CVE-2024-29044 CVE-2024-28939 CVE-2024-28938 CVE-2024-28932 CVE-2024-28930 CVE-2024-28929 CVE-2024-28914 CVE-2024-28913 CVE-2024-28912 CVE-2024-28915 CVE-2024-29048 CVE-2024-28931 CVE-2024-29984 CVE-2024-29983 CVE-2024-28906 CVE-2024-28944 CVE-2024-28941 CVE-2024-28910 CVE-2024-28909 CVE-2024-28908 CVE-2024-29982 CVE-2024-29046 CVE-2024-28937 CVE-2024-28935 CVE-2024-28927 CVE-2024-28926 CVE-2024-28934 CVE-2024-28933 CVE-2024-29045 CVE-2024-28943 CVE-2024-28940 CVE-2024-29043 CVE-2024-28945 CVE-2024-28942 CVE-2024-28936 CVE-2024-28911 CVE-2024-29985 CVE-2024-29047	Workaround: No Exploited: No Public: No	Remote Code Execution
Developer Tools	.NET 6.0, 7.0, 8.0 .NET Framework 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4.6, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8, 4.8.1	Important	CVE-2024-21409 CVE-2024-29059	Workaround: No Exploited: No Public: No	Information Disclosure Remote Code Execution
Visual Studio	2019 16.11 - 16.0 2022 17.4, 17.6, 17.8, 17.9	Important	CVE-2024-21409 CVE-2024-28929 CVE-2024-28930 CVE-2024-28931 CVE-2024-28932 CVE-2024-28933 CVE-2024-28934 CVE-2024-28935 CVE-2024-28936 CVE-2024-28937 CVE-2024-28938	Workaround: No Exploited: No Public: No	Remote Code Execution
Apps	Xbox Gaming Services	Important	CVE-2024-28916	Workaround: No Exploited: No Public: Yes	Elevation of Privilege
Azure	AI Search Arc Cluster microsoft. azstackhci. operator Extension Arc Cluster microsoft. azure. hybridnetwork Extension Arc Cluster microsoft. azurekeyvaultsecrets provider Extension Arc Cluster microsoft. iotoperations.mq Extension Arc Cluster microsoft. networkfabricsservice extension Extension Arc Cluster microsoft.openservicemesh Extension Arc Cluster microsoft.videoindexer Extension Compute Gallery CycleCloud 8.6.0 Identify Library for .NET Kubernetes Service Confidential Containers Migrate Monitor Agent Private 5G Core	Important	CVE-2024-20685 CVE-2024-21424 CVE-2024-26193 CVE-2024-28917 CVE-2024-29063 CVE-2024-29989 CVE-2024-29990 CVE-2024-29992 CVE-2024-29993	Workaround: No Exploited: No Public: No	Denial of Service Elevation of Privilege Information Disclosure Remote Code Execution
System Center	Defender for IoT	Critical	CVE-2024-21322 CVE-2024-21323 CVE-2024-21324 CVE-2024-29053 CVE-2024-29054 CVE-2024-29055	Workaround: No Exploited: No Public: No	Elevation of Privilege Remote Code Execution

Send me this chart next Patch Tuesday.

User name:
Password:
	/ Forgot?
	Register

April 2024 Patch Tuesday	"Patch Tuesday - One Zero Day and Record Number of Patches! " - sponsored by LOGbinder

Home

Follow @randyfsmith

About | Newsletter | Contact

Ultimate IT Security is a division of Monterey Technology Group, Inc. ©2006-2024 Monterey Technology Group, Inc. All rights reserved.
Disclaimer: We do our best to provide quality information and expert commentary but use all information at your own risk. For complaints, please contact abuse@ultimatewindowssecurity.com.