Microsoft Security Bulletin Coverage for April 2024
Overview
Microsoft’s April 2024 Patch Tuesday has 147 vulnerabilities, 68 of which are Remote Code Execution (RCE) vulnerabilities. The SonicWall Capture Labs threat research team has analyzed and addressed Microsoft’s security advisories for April 2024 and has produced coverage for 8 of the reported vulnerabilities.
Vulnerabilities with Detections
| CVE | CVE Title | Signature |
| CVE-2024-26158 | Microsoft Install Service Elevation of Privilege Vulnerability | ASPY 558 Exploit-exe exe.MP_378 |
| CVE-2024-26209 | Microsoft Local Security Authority Subsystem Service Information Disclosure Vulnerability | ASPY 557 Exploit-exe exe.MP_377 |
| CVE-2024-26211 | Windows Remote Access Connection Manager Elevation of Privilege Vulnerability | ASPY 560 Exploit-exe exe.MP_380 |
| CVE-2024-26212 | DHCP Server Service Denial of Service Vulnerability | ASPY 559 Exploit-exe exe.MP_379 |
| CVE-2024-26218 | Windows Kernel Elevation of Privilege Vulnerability | ASPY 561 Exploit-exe exe.MP_381 |
| CVE-2024-26230 | Windows Telephony Server Elevation of Privilege Vulnerability | ASPY 555 Exploit-exe exe.MP_376 |
| CVE-2024-26234 | Proxy Driver Spoofing Vulnerability | ASPY 554 Exploit-exe exe.MP_375 |
| CVE-2024-26256 | Windows Compressed Folders (zip) Remote Code Execution Vulnerability | ASPY 556 Malformed-File zip.MP.2 |
Release Breakdown
The vulnerabilities can be classified into the following categories:
For April there are 142 critical, 3 Important and 2 moderate vulnerabilities.
2024 Patch Tuesday Monthly Comparison
Microsoft tracks vulnerabilities that are being actively exploited at the time of discovery and those that have been disclosed publicly before the Patch Tuesday release for each month. The above chart displays these metrics as seen each month.
Denial of Service Vulnerabilities
| CVE-2024-20685 | Azure Private 5G Core Denial of Service Vulnerability |
| CVE-2024-26183 | Windows Kerberos Denial of Service Vulnerability |
| CVE-2024-26212 | DHCP Server Service Denial of Service Vulnerability |
| CVE-2024-26215 | DHCP Server Service Denial of Service Vulnerability |
| CVE-2024-26219 | HTTP.sys Denial of Service Vulnerability |
| CVE-2024-26254 | Microsoft Virtual Machine Bus (VMBus) Denial of Service Vulnerability |
| CVE-2024-29064 | Windows Hyper-V Denial of Service Vulnerability |
Elevation of Privilege Vulnerabilities
| CVE-2024-20693 | Windows Kernel Elevation of Privilege Vulnerability |
| CVE-2024-21324 | Microsoft Defender for IoT Elevation of Privilege Vulnerability |
| CVE-2024-21424 | Azure Compute Gallery Elevation of Privilege Vulnerability |
| CVE-2024-21447 | Windows Authentication Elevation of Privilege Vulnerability |
| CVE-2024-26158 | Microsoft Install Service Elevation of Privilege Vulnerability |
| CVE-2024-26211 | Windows Remote Access Connection Manager Elevation of Privilege Vulnerability |
| CVE-2024-26213 | Microsoft Brokering File System Elevation of Privilege Vulnerability |
| CVE-2024-26216 | Windows File Server Resource Management Service Elevation of Privilege Vulnerability |
| CVE-2024-26218 | Windows Kernel Elevation of Privilege Vulnerability |
| CVE-2024-26229 | Windows CSC Service Elevation of Privilege Vulnerability |
| CVE-2024-26230 | Windows Telephony Server Elevation of Privilege Vulnerability |
| CVE-2024-26235 | Windows Update Stack Elevation of Privilege Vulnerability |
| CVE-2024-26236 | Windows Update Stack Elevation of Privilege Vulnerability |
| CVE-2024-26237 | Windows Defender Credential Guard Elevation of Privilege Vulnerability |
| CVE-2024-26239 | Windows Telephony Server Elevation of Privilege Vulnerability |
| CVE-2024-26241 | Win32k Elevation of Privilege Vulnerability |
| CVE-2024-26242 | Windows Telephony Server Elevation of Privilege Vulnerability |
| CVE-2024-26243 | Windows USB Print Driver Elevation of Privilege Vulnerability |
| CVE-2024-26245 | Windows SMB Elevation of Privilege Vulnerability |
| CVE-2024-26248 | Windows Kerberos Elevation of Privilege Vulnerability |
| CVE-2024-28904 | Microsoft Brokering File System Elevation of Privilege Vulnerability |
| CVE-2024-28905 | Microsoft Brokering File System Elevation of Privilege Vulnerability |
| CVE-2024-28907 | Microsoft Brokering File System Elevation of Privilege Vulnerability |
| CVE-2024-28917 | Azure Arc-enabled Kubernetes Extension Cluster-Scope Elevation of Privilege Vulnerability |
| CVE-2024-29052 | Windows Storage Elevation of Privilege Vulnerability |
| CVE-2024-29054 | Microsoft Defender for IoT Elevation of Privilege Vulnerability |
| CVE-2024-29055 | Microsoft Defender for IoT Elevation of Privilege Vulnerability |
| CVE-2024-29056 | Windows Authentication Elevation of Privilege Vulnerability |
| CVE-2024-29989 | Azure Monitor Agent Elevation of Privilege Vulnerability |
| CVE-2024-29990 | Microsoft Azure Kubernetes Service Confidential Container Elevation of Privilege Vulnerability |
| CVE-2024-29993 | Azure CycleCloud Elevation of Privilege Vulnerability |
Information Disclosure Vulnerabilities
| CVE-2024-26172 | Windows DWM Core Library Information Disclosure Vulnerability |
| CVE-2024-26207 | Windows Remote Access Connection Manager Information Disclosure Vulnerability |
| CVE-2024-26209 | Microsoft Local Security Authority Subsystem Service Information Disclosure Vulnerability |
| CVE-2024-26217 | Windows Remote Access Connection Manager Information Disclosure Vulnerability |
| CVE-2024-26220 | Windows Mobile Hotspot Information Disclosure Vulnerability |
| CVE-2024-26226 | Windows Distributed File System (DFS) Information Disclosure Vulnerability |
| CVE-2024-26255 | Windows Remote Access Connection Manager Information Disclosure Vulnerability |
| CVE-2024-28900 | Windows Remote Access Connection Manager Information Disclosure Vulnerability |
| CVE-2024-28901 | Windows Remote Access Connection Manager Information Disclosure Vulnerability |
| CVE-2024-28902 | Windows Remote Access Connection Manager Information Disclosure Vulnerability |
| CVE-2024-29063 | Azure AI Search Information Disclosure Vulnerability |
| CVE-2024-29992 | Azure Identity Library for .NET Information Disclosure Vulnerability |
Remote Code Execution Vulnerabilities
| CVE-2024-20678 | Remote Procedure Call Runtime Remote Code Execution Vulnerability |
| CVE-2024-21322 | Microsoft Defender for IoT Remote Code Execution Vulnerability |
| CVE-2024-21323 | Microsoft Defender for IoT Remote Code Execution Vulnerability |
| CVE-2024-21409 | .NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability |
| CVE-2024-26179 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability |
| CVE-2024-26193 | Azure Migrate Remote Code Execution Vulnerability |
| CVE-2024-26195 | DHCP Server Service Remote Code Execution Vulnerability |
| CVE-2024-26200 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability |
| CVE-2024-26202 | DHCP Server Service Remote Code Execution Vulnerability |
| CVE-2024-26205 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability |
| CVE-2024-26208 | Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability |
| CVE-2024-26210 | Microsoft WDAC OLE DB Provider for SQL Server Remote Code Execution Vulnerability |
| CVE-2024-26214 | Microsoft WDAC SQL Server ODBC Driver Remote Code Execution Vulnerability |
| CVE-2024-26221 | Windows DNS Server Remote Code Execution Vulnerability |
| CVE-2024-26222 | Windows DNS Server Remote Code Execution Vulnerability |
| CVE-2024-26223 | Windows DNS Server Remote Code Execution Vulnerability |
| CVE-2024-26224 | Windows DNS Server Remote Code Execution Vulnerability |
| CVE-2024-26227 | Windows DNS Server Remote Code Execution Vulnerability |
| CVE-2024-26231 | Windows DNS Server Remote Code Execution Vulnerability |
| CVE-2024-26232 | Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability |
| CVE-2024-26233 | Windows DNS Server Remote Code Execution Vulnerability |
| CVE-2024-26244 | Microsoft WDAC OLE DB Provider for SQL Server Remote Code Execution Vulnerability |
| CVE-2024-26252 | Windows rndismp6.sys Remote Code Execution Vulnerability |
| CVE-2024-26253 | Windows rndismp6.sys Remote Code Execution Vulnerability |
| CVE-2024-26256 | libarchive Remote Code Execution Vulnerability |
| CVE-2024-26257 | Microsoft Excel Remote Code Execution Vulnerability |
| CVE-2024-28906 | Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability |
| CVE-2024-28908 | Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability |
| CVE-2024-28909 | Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability |
| CVE-2024-28910 | Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability |
| CVE-2024-28911 | Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability |
| CVE-2024-28912 | Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability |
| CVE-2024-28913 | Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability |
| CVE-2024-28914 | Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability |
| CVE-2024-28915 | Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability |
| CVE-2024-28926 | Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability |
| CVE-2024-28927 | Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability |
| CVE-2024-28929 | Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability |
| CVE-2024-28930 | Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability |
| CVE-2024-28931 | Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability |
| CVE-2024-28932 | Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability |
| CVE-2024-28933 | Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability |
| CVE-2024-28934 | Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability |
| CVE-2024-28935 | Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability |
| CVE-2024-28936 | Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability |
| CVE-2024-28937 | Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability |
| CVE-2024-28938 | Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability |
| CVE-2024-28939 | Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability |
| CVE-2024-28940 | Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability |
| CVE-2024-28941 | Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability |
| CVE-2024-28942 | Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability |
| CVE-2024-28943 | Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability |
| CVE-2024-28944 | Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability |
| CVE-2024-28945 | Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability |
| CVE-2024-29043 | Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability |
| CVE-2024-29044 | Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability |
| CVE-2024-29045 | Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability |
| CVE-2024-29046 | Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability |
| CVE-2024-29047 | Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability |
| CVE-2024-29048 | Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability |
| CVE-2024-29050 | Windows Cryptographic Services Remote Code Execution Vulnerability |
| CVE-2024-29053 | Microsoft Defender for IoT Remote Code Execution Vulnerability |
| CVE-2024-29066 | Windows Distributed File System (DFS) Remote Code Execution Vulnerability |
| CVE-2024-29982 | Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability |
| CVE-2024-29983 | Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability |
| CVE-2024-29984 | Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability |
| CVE-2024-29985 | Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability |
| CVE-2024-29988 | SmartScreen Prompt Security Feature Bypass Vulnerability |
Security Feature Bypass Vulnerabilities
| CVE-2024-20665 | BitLocker Security Feature Bypass Vulnerability |
| CVE-2024-20669 | Secure Boot Security Feature Bypass Vulnerability |
| CVE-2024-20688 | Secure Boot Security Feature Bypass Vulnerability |
| CVE-2024-20689 | Secure Boot Security Feature Bypass Vulnerability |
| CVE-2024-26168 | Secure Boot Security Feature Bypass Vulnerability |
| CVE-2024-26171 | Secure Boot Security Feature Bypass Vulnerability |
| CVE-2024-26175 | Secure Boot Security Feature Bypass Vulnerability |
| CVE-2024-26180 | Secure Boot Security Feature Bypass Vulnerability |
| CVE-2024-26189 | Secure Boot Security Feature Bypass Vulnerability |
| CVE-2024-26194 | Secure Boot Security Feature Bypass Vulnerability |
| CVE-2024-26228 | Windows Cryptographic Services Security Feature Bypass Vulnerability |
| CVE-2024-26240 | Secure Boot Security Feature Bypass Vulnerability |
| CVE-2024-26250 | Secure Boot Security Feature Bypass Vulnerability |
| CVE-2024-28896 | Secure Boot Security Feature Bypass Vulnerability |
| CVE-2024-28897 | Secure Boot Security Feature Bypass Vulnerability |
| CVE-2024-28898 | Secure Boot Security Feature Bypass Vulnerability |
| CVE-2024-28903 | Secure Boot Security Feature Bypass Vulnerability |
| CVE-2024-28919 | Secure Boot Security Feature Bypass Vulnerability |
| CVE-2024-28920 | Secure Boot Security Feature Bypass Vulnerability |
| CVE-2024-28921 | Secure Boot Security Feature Bypass Vulnerability |
| CVE-2024-28922 | Secure Boot Security Feature Bypass Vulnerability |
| CVE-2024-28923 | Secure Boot Security Feature Bypass Vulnerability |
| CVE-2024-28924 | Secure Boot Security Feature Bypass Vulnerability |
| CVE-2024-28925 | Secure Boot Security Feature Bypass Vulnerability |
| CVE-2024-29061 | Secure Boot Security Feature Bypass Vulnerability |
| CVE-2024-29062 | Secure Boot Security Feature Bypass Vulnerability |
Spoofing Vulnerabilities
| CVE-2024-20670 | Outlook for Windows Spoofing Vulnerability |
| CVE-2024-26234 | Proxy Driver Spoofing Vulnerability |
| CVE-2024-26251 | Microsoft SharePoint Server Spoofing Vulnerability |
The SonicWall Capture Labs Threat Research Team gathers, analyzes and vets cross-vector threat information from the SonicWall Capture Threat network, consisting of global devices and resources, including more than 1 million security sensors in nearly 200 countries and territories. The research team identifies, analyzes, and mitigates critical vulnerabilities and malware daily through in-depth research, which drives protection for all SonicWall customers. In addition to safeguarding networks globally, the research team supports the larger threat intelligence community by releasing weekly deep technical analyses of the most critical threats to small businesses, providing critical knowledge that defenders need to protect their networks.
