Security Affairs
EU Targets FSB-Linked Hackers in New Sanctions Over Cyber Sabotage|Dutch Nationals Suspected in Odido Hack That Exposed Six Million Customers|Australia Alerts Organizations to Ongoing CMS Exploitation Attacks|Ryuk Ransomware Member Pleads Guilty Over Attacks on U.S. Organizations|Progress Told ShareFile Customers to Pull the Plug on Their Servers. Here’s What We Know.|SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 105|Security Affairs newsletter Round 585 by Pierluigi Paganini – INTERNATIONAL EDITION|U.S. CISA adds iCagenda and Balbooa Forms flaws to its Known Exploited Vulnerabilities catalog|Critical U-Boot Bugs Undermine Secure Boot on Millions of Devices|Update Now: Critical Zimbra Classic Web Client Flaw Could Expose Mailboxes|Ransomware Never Stopped: Over 9,000 Confirmed Attacks Since 2018|222 GitHub Repositories Linked to Fake Go Package Malware Operation|EU Targets FSB-Linked Hackers in New Sanctions Over Cyber Sabotage|Dutch Nationals Suspected in Odido Hack That Exposed Six Million Customers|Australia Alerts Organizations to Ongoing CMS Exploitation Attacks|Ryuk Ransomware Member Pleads Guilty Over Attacks on U.S. Organizations|Progress Told ShareFile Customers to Pull the Plug on Their Servers. Here’s What We Know.|SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 105|Security Affairs newsletter Round 585 by Pierluigi Paganini – INTERNATIONAL EDITION|U.S. CISA adds iCagenda and Balbooa Forms flaws to its Known Exploited Vulnerabilities catalog|Critical U-Boot Bugs Undermine Secure Boot on Millions of Devices|Update Now: Critical Zimbra Classic Web Client Flaw Could Expose Mailboxes|Ransomware Never Stopped: Over 9,000 Confirmed Attacks Since 2018|222 GitHub Repositories Linked to Fake Go Package Malware Operation|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Microsoft Patches Tuesday security updates for April 2024 fixed hundreds of issues

Microsoft Patches Tuesday security updates for April 2024 addressed three Critical vulnerabilities, none actively exploited in the wild. Microsoft Patches Tuesday security updates for April 2024 addressed 147 vulnerabilities in multiple products. This is the highest number of fixed issues from Microsoft this year and the largest since at least 2017. The issues impact Microsoft […]

Microsoft Patch Tuesday

Microsoft Patches Tuesday security updates for April 2024 addressed three Critical vulnerabilities, none actively exploited in the wild.

Microsoft Patches Tuesday security updates for April 2024 addressed 147 vulnerabilities in multiple products. This is the highest number of fixed issues from Microsoft this year and the largest since at least 2017. The issues impact Microsoft Windows and Windows Components; Office and Office Components; Azure; .NET Framework and Visual Studio; SQL Server; DNS Server; Windows Defender; Bitlocker; and Windows Secure Boot. According to ZDI, three of these vulnerabilities were reported through their ZDI program.

Only three vulnerabilities, tracked as CVE-2024-21322, CVE-2024-21323, and CVE-2024-29053, are rated Critical, the good news is that they are not actively exploited in the wild.

Below are some of the most interesting issues addressed by the IT giant:

CVE-2024-29988 – SmartScreen Prompt Security Feature Bypass Vulnerability. An attacker can exploit this security feature bypass vulnerability by tricking a user into launching malicious files using a launcher application that requests that no UI be shown. An attacker could send the targeted user a specially crafted file that is designed to trigger the remote code execution issue. The flaw is actively exploited in the wild.

CVE-2024-20678 – Remote Procedure Call Runtime Remote Code Execution Vulnerability. Any authenticated user can exploit this vulnerability, according to Microsoft it does not require admin or other elevated privileges.

CVE-2024-26234 – Proxy Driver Spoofing Vulnerability – The flaw reported by Sophos ties a malicious driver signed with a valid Microsoft Hardware Publisher Certificate. The driver was used in attacks in the wild to deploy a backdoor.

CVE-2024-26221 – Windows DNS Server Remote Code Execution Vulnerability. In a network-based attack an attacker would need to have the privileges to query the Domain Name Service (DNS). If the timing of DNS queries is perfect, the attacker could execute code remotely on the target server.

The full list of flaw fixed by Microsoft in April 2024 is available here.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, Patches Tuesday)