{
    "file_item": {
        "filepath": "security-advisories",
        "filename": "CERT-EU-SA2024-034.pdf"
    },
    "title": "Multiple Vulnerabilities in Microsoft Products",
    "serial_number": "2024-034",
    "publish_date": "10-04-2024 07:45:54",
    "description": "On April 9, 2024, Microsoft addressed 150 vulnerabilities in its April 2024 Patch Tuesday update, including 67 remote code execution (RCE) vulnerabilities and 2 zero-days exploited in malware attacks.<br>\nIt is recommended applying updates as soon as possible on affected products.<br>\n",
    "url_title": "2024-034",
    "content_markdown": "---\ntitle: 'Multiple Vulnerabilities in\u00a0Microsoft\u00a0Products'\nnumber: '2024-034'\nversion: '1.0'\noriginal_date: 'April 9, 2024'\ndate: 'April 10, 2024'\n---\n\n_History:_\n\n* _10/04/2024 --- v1.0 -- Initial publication_\n\n# Summary\n\nOn April 9, 2024, Microsoft addressed 150 vulnerabilities in its April 2024 Patch Tuesday update [1], including 67 remote code execution (RCE) vulnerabilities and 2 zero-days exploited in malware attacks [2].\n\nIt is recommended applying updates as soon as possible on affected products.\n\n# Technical Details\n\nThe first zero-day vulnerability, tracked as **CVE-2024-26234**, is described as a proxy driver spoofing vulnerability and was issued to track a malicious driver signed using a valid Microsoft Hardware Publisher Certificate [2]. Microsoft has added the relevant certificates to its revocation list as part of the usual Patch Tuesday cycle.\n\nThe second vulnerability, tracked as **CVE-2024-29988,** is described as a SmartScreen prompt security feature bypass vulnerability caused by a protection mechanism failure weakness [2]. This vulnerability is related to `CVE-2024-21412`, which was discovered by ZDI threat researchers and first addressed in February. The first patch did not completely resolve the vulnerability. This update addresses the second part of the exploit chain. \n\n# Affected Products\n\nAffected products include, but are not limited to, Microsoft Windows, Azure, Office, Windows Defender, SQL Server, DNS Server [3].\n\n# Recommendations\n\nIt is recommended applying updates as soon as possible on affected assets.\n\n# References\n\n[1] <https://www.bleepingcomputer.com/news/microsoft/microsoft-april-2024-patch-tuesday-fixes-150-security-flaws-67-rces/>\n\n[2] <https://www.bleepingcomputer.com/news/microsoft/microsoft-fixes-two-windows-zero-days-exploited-in-malware-attacks/>\n\n[3] <https://msrc.microsoft.com/update-guide/releaseNote/2024-Apr>\n",
    "content_html": "<p><em>History:</em></p><ul><li><em>10/04/2024 --- v1.0 -- Initial publication</em></li></ul><h2 id=\"summary\">Summary</h2><p>On April 9, 2024, Microsoft addressed 150 vulnerabilities in its April 2024 Patch Tuesday update [1], including 67 remote code execution (RCE) vulnerabilities and 2 zero-days exploited in malware attacks [2].</p><p>It is recommended applying updates as soon as possible on affected products.</p><h2 id=\"technical-details\">Technical Details</h2><p>The first zero-day vulnerability, tracked as <strong>CVE-2024-26234</strong>, is described as a proxy driver spoofing vulnerability and was issued to track a malicious driver signed using a valid Microsoft Hardware Publisher Certificate [2]. Microsoft has added the relevant certificates to its revocation list as part of the usual Patch Tuesday cycle.</p><p>The second vulnerability, tracked as <strong>CVE-2024-29988,</strong> is described as a SmartScreen prompt security feature bypass vulnerability caused by a protection mechanism failure weakness [2]. This vulnerability is related to <code>CVE-2024-21412</code>, which was discovered by ZDI threat researchers and first addressed in February. The first patch did not completely resolve the vulnerability. This update addresses the second part of the exploit chain. </p><h2 id=\"affected-products\">Affected Products</h2><p>Affected products include, but are not limited to, Microsoft Windows, Azure, Office, Windows Defender, SQL Server, DNS Server [3].</p><h2 id=\"recommendations\">Recommendations</h2><p>It is recommended applying updates as soon as possible on affected assets.</p><h2 id=\"references\">References</h2><p>[1] <a rel=\"noopener\" target=\"_blank\" href=\"https://www.bleepingcomputer.com/news/microsoft/microsoft-april-2024-patch-tuesday-fixes-150-security-flaws-67-rces/\">https://www.bleepingcomputer.com/news/microsoft/microsoft-april-2024-patch-tuesday-fixes-150-security-flaws-67-rces/</a></p><p>[2] <a rel=\"noopener\" target=\"_blank\" href=\"https://www.bleepingcomputer.com/news/microsoft/microsoft-fixes-two-windows-zero-days-exploited-in-malware-attacks/\">https://www.bleepingcomputer.com/news/microsoft/microsoft-fixes-two-windows-zero-days-exploited-in-malware-attacks/</a></p><p>[3] <a rel=\"noopener\" target=\"_blank\" href=\"https://msrc.microsoft.com/update-guide/releaseNote/2024-Apr\">https://msrc.microsoft.com/update-guide/releaseNote/2024-Apr</a></p>",
    "licence": {
        "title": "Creative Commons Attribution 4.0 International (CC-BY 4.0)",
        "link": "https://creativecommons.org/licenses/by/4.0/",
        "restrictions": "https://cert.europa.eu/legal-notice",
        "author": "The Cybersecurity Service for the Union institutions, bodies, offices and agencies"
    }
}