Wednesday, November 6, 2024
HomeCyber Security NewsMicrosoft Patch Tuesday: 149 Security Vulnerabilities & Zero-days

Microsoft Patch Tuesday: 149 Security Vulnerabilities & Zero-days

Published on

Malware protection

On April Patch Tuesday, Microsoft fixed 149 bugs—one of the biggest security update releases in the company’s history. 

Many of its software products, such as Microsoft Office and its SQL Server database package, have fixed vulnerabilities.

The majority of vulnerabilities are in the Windows operating system, and nine CVEs were found in the Azure cloud platform.

- Advertisement - SIEM as a Service

Three of the 149 issues are classified as Critical, 142 as Important, three as Moderate, and one as Low in severity.

The update also addresses a vulnerability tracked as CVE-2024-26234, which is currently being exploited.

Details Of The Flaw Exploited In The Wild

CVE-2024-26234 – Proxy Driver Spoofing Vulnerability

Proxy driver spoofing vulnerability is tracked as CVE-2024-26234 and has a CVSS rating 6.7.

An attacker would require high privileges to take over the system, exploit the vulnerability, and spoof the proxy driver.

Document
Stop Advanced Phishing Attack With AI

AI-Powered Protection for Business Email Security

Trustifi’s Advanced threat protection prevents the widest spectrum of sophisticated attacks before they reach a user’s mailbox. Stopping 99% of phishing attacks missed by other email security solutions. .

Microsoft fixed this zero-day vulnerability that impacted Windows desktop and server operating systems and was made public.

Administrators should promptly install the Windows cumulative update on their systems to prevent a security compromise, as this vulnerability is actively exploited in the wild.

Critical Flaws Addressed

CVE-2024-21322 – Microsoft Defender For IoT Remote Code Execution Vulnerability

This vulnerability, which has a CVSS base score of 7.2, is classified as critical for Improper Neutralization of Special Elements used in a Command (‘Command Injection’)

“Successful exploitation of this vulnerability requires the attacker to be an administrator of the web application. As is best practice, regular validation and audits of administrative groups should be conducted”, Microsoft said.

CVE-2024-21323 – Microsoft Defender For IoT Remote Code Execution Vulnerability

Microsoft Defender for IoT Remote Code Execution Vulnerability has a base CVSS score of 8.8.

For the IoT sensor to successfully exploit this issue, the attacker must be able to deliver a malicious update package over the network to the Defender.

The attacker first needs to establish their identity and obtain the required authorization to start the update procedure. 

“Successfully exploiting this path traversal vulnerability would require an attacker to send a tar file to the Defender for IoT sensor.”

Microsoft said that after the extraction process, the attacker could send unsigned update packages and overwrite any file they chose.

CVE-2024-29053 – Microsoft Defender For IoT Remote Code Execution Vulnerability

This is also a critical Microsoft Defender for IoT,  Remote Code Execution Vulnerability, with a CVSS base score of 8.8. 

Any authorized attacker can exploit this vulnerability. Admin or other advanced rights are not needed.

“An authenticated attacker with access to the file upload feature could exploit this path traversal vulnerability by uploading malicious files to sensitive locations on the server,” Microsoft.

Azure Vulnerabilities Addressed

  • CVE-2024-29993 – Azure
  • CVE-2024-29063 – Azure AI Search
  • CVE-2024-28917- Azure Arc
  • CVE-2024-21424 – Azure Compute Gallery
  • CVE-2024-26193 – Azure Migrate
  • CVE-2024-29989 – Azure Monitor
  • CVE-2024-20685- Azure Private 5G Core
  • CVE-2024-29990 – Microsoft Azure Kubernetes Service

Additionally, 41 SQL Server fixes have been released, all of which address issues related to remote code execution.

In addition to the vulnerabilities addressed in this month’s Patch Tuesday release, Microsoft has republished six CVEs.

It is recommended that users upgrade the impacted products to prevent threat actors from exploiting these vulnerabilities.

Secure your emails in a heartbeat! To find your ideal email security vendor, Take a Free 30-Second Assessment.

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

ClickFix Exploits GMeet & Zoom Pages to Deliver Sophisticated Malware

A new tactic, "ClickFix," has emerged. It exploits fake Google Meet and Zoom pages...

APT36 Hackers Attacking Windows Deevices With ElizaRAT

APT36, a sophisticated threat actor, has been actively targeting Indian entities with advanced malware...

Hackers Using AV/EDR Bypass Tool From Cybercrime Forums To Bypass Endpoints

Researchers uncovered two previously unknown endpoints with older Cortex XDR agents that used to...

Hackers Created 100+ Fake Web Stores To Steal Millions Of Dollars From Customers

The Phish, 'n' Ships fraud operation leverages, compromised websites to redirect users to fake...

Free Webinar

Protect Websites & APIs from Malware Attack

Malware targeting customer-facing websites and API applications poses significant risks, including compliance violations, defacements, and even blacklisting.

Join us for an insightful webinar featuring Vivek Gopalan, VP of Products at Indusface, as he shares effective strategies for safeguarding websites and APIs against malware.

Discussion points

Scan DOM, internal links, and JavaScript libraries for hidden malware.
Detect website defacements in real time.
Protect your brand by monitoring for potential blacklisting.
Prevent malware from infiltrating your server and cloud infrastructure.

More like this

ClickFix Exploits GMeet & Zoom Pages to Deliver Sophisticated Malware

A new tactic, "ClickFix," has emerged. It exploits fake Google Meet and Zoom pages...

APT36 Hackers Attacking Windows Deevices With ElizaRAT

APT36, a sophisticated threat actor, has been actively targeting Indian entities with advanced malware...

Hackers Using AV/EDR Bypass Tool From Cybercrime Forums To Bypass Endpoints

Researchers uncovered two previously unknown endpoints with older Cortex XDR agents that used to...