Security News

Microsoft Security Bulletin Coverage for April 2024

By

Overview
Microsoft’s April 2024 Patch Tuesday has 147 vulnerabilities, 68 of which are Remote Code Execution (RCE) vulnerabilities. The SonicWall Capture Labs threat research team has analyzed and addressed Microsoft’s security advisories for April 2024 and has produced coverage for 8 of the reported vulnerabilities.

Vulnerabilities with Detections

CVECVE TitleSignature
CVE-2024-26158Microsoft Install Service Elevation of Privilege VulnerabilityASPY 558 Exploit-exe exe.MP_378
CVE-2024-26209Microsoft Local Security Authority Subsystem Service Information Disclosure VulnerabilityASPY 557 Exploit-exe exe.MP_377
CVE-2024-26211Windows Remote Access Connection Manager Elevation of Privilege VulnerabilityASPY 560 Exploit-exe exe.MP_380
CVE-2024-26212DHCP Server Service Denial of Service VulnerabilityASPY 559 Exploit-exe exe.MP_379
CVE-2024-26218Windows Kernel Elevation of Privilege VulnerabilityASPY 561 Exploit-exe exe.MP_381
CVE-2024-26230Windows Telephony Server Elevation of Privilege VulnerabilityASPY 555 Exploit-exe exe.MP_376
CVE-2024-26234Proxy Driver Spoofing VulnerabilityASPY 554 Exploit-exe exe.MP_375
CVE-2024-26256Windows Compressed Folders (zip) Remote Code Execution VulnerabilityASPY 556 Malformed-File zip.MP.2

Release Breakdown

The vulnerabilities can be classified into the following categories:

For April there are 142 critical, 3 Important and 2 moderate vulnerabilities.

2024 Patch Tuesday Monthly Comparison

Microsoft tracks vulnerabilities that are being actively exploited at the time of discovery and those that have been disclosed publicly before the Patch Tuesday release for each month. The above chart displays these metrics as seen each month.

Denial of Service Vulnerabilities 

CVE-2024-20685Azure Private 5G Core Denial of Service Vulnerability
CVE-2024-26183Windows Kerberos Denial of Service Vulnerability
CVE-2024-26212DHCP Server Service Denial of Service Vulnerability
CVE-2024-26215DHCP Server Service Denial of Service Vulnerability
CVE-2024-26219HTTP.sys Denial of Service Vulnerability
CVE-2024-26254Microsoft Virtual Machine Bus (VMBus) Denial of Service Vulnerability
CVE-2024-29064Windows Hyper-V Denial of Service Vulnerability

Elevation of Privilege Vulnerabilities

CVE-2024-20693Windows Kernel Elevation of Privilege Vulnerability
CVE-2024-21324Microsoft Defender for IoT Elevation of Privilege Vulnerability
CVE-2024-21424Azure Compute Gallery Elevation of Privilege Vulnerability
CVE-2024-21447Windows Authentication Elevation of Privilege Vulnerability
CVE-2024-26158Microsoft Install Service Elevation of Privilege Vulnerability
CVE-2024-26211Windows Remote Access Connection Manager Elevation of Privilege Vulnerability
CVE-2024-26213Microsoft Brokering File System Elevation of Privilege Vulnerability
CVE-2024-26216Windows File Server Resource Management Service Elevation of Privilege Vulnerability
CVE-2024-26218Windows Kernel Elevation of Privilege Vulnerability
CVE-2024-26229Windows CSC Service Elevation of Privilege Vulnerability
CVE-2024-26230Windows Telephony Server Elevation of Privilege Vulnerability
CVE-2024-26235Windows Update Stack Elevation of Privilege Vulnerability
CVE-2024-26236Windows Update Stack Elevation of Privilege Vulnerability
CVE-2024-26237Windows Defender Credential Guard Elevation of Privilege Vulnerability
CVE-2024-26239Windows Telephony Server Elevation of Privilege Vulnerability
CVE-2024-26241Win32k Elevation of Privilege Vulnerability
CVE-2024-26242Windows Telephony Server Elevation of Privilege Vulnerability
CVE-2024-26243Windows USB Print Driver Elevation of Privilege Vulnerability
CVE-2024-26245Windows SMB Elevation of Privilege Vulnerability
CVE-2024-26248Windows Kerberos Elevation of Privilege Vulnerability
CVE-2024-28904Microsoft Brokering File System Elevation of Privilege Vulnerability
CVE-2024-28905Microsoft Brokering File System Elevation of Privilege Vulnerability
CVE-2024-28907Microsoft Brokering File System Elevation of Privilege Vulnerability
CVE-2024-28917Azure Arc-enabled Kubernetes Extension Cluster-Scope Elevation of Privilege Vulnerability
CVE-2024-29052Windows Storage Elevation of Privilege Vulnerability
CVE-2024-29054Microsoft Defender for IoT Elevation of Privilege Vulnerability
CVE-2024-29055Microsoft Defender for IoT Elevation of Privilege Vulnerability
CVE-2024-29056Windows Authentication Elevation of Privilege Vulnerability
CVE-2024-29989Azure Monitor Agent Elevation of Privilege Vulnerability
CVE-2024-29990Microsoft Azure Kubernetes Service Confidential Container Elevation of Privilege Vulnerability
CVE-2024-29993Azure CycleCloud Elevation of Privilege Vulnerability

Information Disclosure Vulnerabilities

CVE-2024-26172Windows DWM Core Library Information Disclosure  Vulnerability
CVE-2024-26207Windows Remote Access Connection Manager Information Disclosure Vulnerability
CVE-2024-26209Microsoft Local Security Authority Subsystem Service Information Disclosure Vulnerability
CVE-2024-26217Windows Remote Access Connection Manager Information Disclosure Vulnerability
CVE-2024-26220Windows Mobile Hotspot Information Disclosure Vulnerability
CVE-2024-26226Windows Distributed File System (DFS) Information Disclosure Vulnerability
CVE-2024-26255Windows Remote Access Connection Manager Information Disclosure Vulnerability
CVE-2024-28900Windows Remote Access Connection Manager Information Disclosure Vulnerability
CVE-2024-28901Windows Remote Access Connection Manager Information Disclosure Vulnerability
CVE-2024-28902Windows Remote Access Connection Manager Information Disclosure Vulnerability
CVE-2024-29063Azure AI Search Information Disclosure Vulnerability
CVE-2024-29992Azure Identity Library for .NET Information Disclosure Vulnerability

 Remote Code Execution Vulnerabilities 

CVE-2024-20678Remote Procedure Call Runtime Remote Code Execution Vulnerability
CVE-2024-21322Microsoft Defender for IoT Remote Code Execution Vulnerability
CVE-2024-21323Microsoft Defender for IoT Remote Code Execution Vulnerability
CVE-2024-21409.NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability
CVE-2024-26179Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
CVE-2024-26193Azure Migrate Remote Code Execution Vulnerability
CVE-2024-26195DHCP Server Service Remote Code Execution Vulnerability
CVE-2024-26200Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
CVE-2024-26202DHCP Server Service Remote Code Execution Vulnerability
CVE-2024-26205Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
CVE-2024-26208Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability
CVE-2024-26210Microsoft WDAC OLE DB Provider for SQL Server Remote Code Execution Vulnerability
CVE-2024-26214Microsoft WDAC SQL Server ODBC Driver Remote Code Execution Vulnerability
CVE-2024-26221Windows DNS Server Remote Code Execution Vulnerability
CVE-2024-26222Windows DNS Server Remote Code Execution Vulnerability
CVE-2024-26223Windows DNS Server Remote Code Execution Vulnerability
CVE-2024-26224Windows DNS Server Remote Code Execution Vulnerability
CVE-2024-26227Windows DNS Server Remote Code Execution Vulnerability
CVE-2024-26231Windows DNS Server Remote Code Execution Vulnerability
CVE-2024-26232Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability
CVE-2024-26233Windows DNS Server Remote Code Execution Vulnerability
CVE-2024-26244Microsoft WDAC OLE DB Provider for SQL Server Remote Code Execution Vulnerability
CVE-2024-26252Windows rndismp6.sys Remote Code Execution Vulnerability
CVE-2024-26253Windows rndismp6.sys Remote Code Execution Vulnerability
CVE-2024-26256libarchive Remote Code Execution Vulnerability
CVE-2024-26257Microsoft Excel Remote Code Execution Vulnerability
CVE-2024-28906Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
CVE-2024-28908Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
CVE-2024-28909Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
CVE-2024-28910Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
CVE-2024-28911Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
CVE-2024-28912Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
CVE-2024-28913Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
CVE-2024-28914Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
CVE-2024-28915Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
CVE-2024-28926Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
CVE-2024-28927Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
CVE-2024-28929Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
CVE-2024-28930Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
CVE-2024-28931Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
CVE-2024-28932Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
CVE-2024-28933Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
CVE-2024-28934Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
CVE-2024-28935Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
CVE-2024-28936Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
CVE-2024-28937Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
CVE-2024-28938Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
CVE-2024-28939Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
CVE-2024-28940Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
CVE-2024-28941Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
CVE-2024-28942Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
CVE-2024-28943Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
CVE-2024-28944Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
CVE-2024-28945Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
CVE-2024-29043Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
CVE-2024-29044Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
CVE-2024-29045Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
CVE-2024-29046Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
CVE-2024-29047Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
CVE-2024-29048Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
CVE-2024-29050Windows Cryptographic Services Remote Code Execution Vulnerability
CVE-2024-29053Microsoft Defender for IoT Remote Code Execution Vulnerability
CVE-2024-29066Windows Distributed File System (DFS) Remote Code Execution Vulnerability
CVE-2024-29982Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
CVE-2024-29983Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
CVE-2024-29984Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
CVE-2024-29985Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
CVE-2024-29988SmartScreen Prompt Security Feature Bypass Vulnerability

 Security Feature Bypass Vulnerabilities 

CVE-2024-20665BitLocker Security Feature Bypass Vulnerability
CVE-2024-20669Secure Boot Security Feature Bypass Vulnerability
CVE-2024-20688Secure Boot Security Feature Bypass Vulnerability
CVE-2024-20689Secure Boot Security Feature Bypass Vulnerability
CVE-2024-26168Secure Boot Security Feature Bypass Vulnerability
CVE-2024-26171Secure Boot Security Feature Bypass Vulnerability
CVE-2024-26175Secure Boot Security Feature Bypass Vulnerability
CVE-2024-26180Secure Boot Security Feature Bypass Vulnerability
CVE-2024-26189Secure Boot Security Feature Bypass Vulnerability
CVE-2024-26194Secure Boot Security Feature Bypass Vulnerability
CVE-2024-26228Windows Cryptographic Services Security Feature Bypass Vulnerability
CVE-2024-26240Secure Boot Security Feature Bypass Vulnerability
CVE-2024-26250Secure Boot Security Feature Bypass Vulnerability
CVE-2024-28896Secure Boot Security Feature Bypass Vulnerability
CVE-2024-28897Secure Boot Security Feature Bypass Vulnerability
CVE-2024-28898Secure Boot Security Feature Bypass Vulnerability
CVE-2024-28903Secure Boot Security Feature Bypass Vulnerability
CVE-2024-28919Secure Boot Security Feature Bypass Vulnerability
CVE-2024-28920Secure Boot Security Feature Bypass Vulnerability
CVE-2024-28921Secure Boot Security Feature Bypass Vulnerability
CVE-2024-28922Secure Boot Security Feature Bypass Vulnerability
CVE-2024-28923Secure Boot Security Feature Bypass Vulnerability
CVE-2024-28924Secure Boot Security Feature Bypass Vulnerability
CVE-2024-28925Secure Boot Security Feature Bypass Vulnerability
CVE-2024-29061Secure Boot Security Feature Bypass Vulnerability
CVE-2024-29062Secure Boot Security Feature Bypass Vulnerability

 Spoofing Vulnerabilities 

CVE-2024-20670Outlook for Windows Spoofing Vulnerability
CVE-2024-26234Proxy Driver Spoofing Vulnerability
CVE-2024-26251Microsoft SharePoint Server Spoofing Vulnerability
Security News
The SonicWall Capture Labs Threat Research Team gathers, analyzes and vets cross-vector threat information from the SonicWall Capture Threat network, consisting of global devices and resources, including more than 1 million security sensors in nearly 200 countries and territories. The research team identifies, analyzes, and mitigates critical vulnerabilities and malware daily through in-depth research, which drives protection for all SonicWall customers. In addition to safeguarding networks globally, the research team supports the larger threat intelligence community by releasing weekly deep technical analyses of the most critical threats to small businesses, providing critical knowledge that defenders need to protect their networks.
Recommended Cyber Security Stories
Nibiru ransomware actively spreading in the wild
Backoff: New Point Of Sale Malware (August 06,2014)
Yahos Worm Spreading in the Wild (Aug 12, 2010)
Microsoft Security Bulletin Coverage for July 2019
Sudden spike in Slempo samples observed for Android (June 7, 2018)
Microsoft Security Bulletin Coverage (Nov 8, 2011)
WebLogic Client Certificate Buffer Overflow (May 7, 2009)
VLC Player TY Buffer Overflow (Dec 05, 2008)