Microsoft releases record Microsoft released 147 patches in April, as well as additional third-party updates, bringing the total to 155. This is one of the most comprehensive patch days in years. Some vulnerabilities are already being exploited.
The patch day on April 2024 is once again going to be a big deal. First of all, there are 155 updates/CVEs, a new record number of updates in recent years. In addition, some of the gaps are already known and are being exploited by attackers.
With Windows Autopatch, quality and feature updates, drivers, firmware and apps can be provided automatically.
Never patch clients manually again!
Automate updates with Windows Autopatch
Vulnerability in Windows SmartScreen is already being exploited
The vulnerability CVE-2024-29988affects all Windows versions, up to Windows Server 2022, Windows 10 22H2 and Windows 11 23H2. The vulnerability in Georgia Phone Number List the Windows security technology SmartScreen allows attackers to execute distributed malware on the PC without SmartScreen intervening. The gap appears to work similarly to CVE-2024-21412and raises doubts about how SmartScreen can actually protect Windows users.
Security risk due to proxy driver spoofing in Windows
Another vulnerability that has been made public and is currently being exploited by cyber criminals also affects all current versions of Windows. The vulnerability CVE-2024-26234should therefore be closed as soon as possible by admins or users installing the appropriate update.
Remote Procedure Call Runtime Remote Code Execution possible The vulnerability CVE-2024-20678also affects all versions of Windows. The RPC exploit allows Cell Phone Number Database attackers to execute commands on the PC via the network/Internet. It is not yet clear whether authentication is necessary for this. The attack is probably carri out via TCP port 135 , which can even be reach via the Internet on many PCs.
Many vulnerabilities in the Windows Server DNS server
This month, there are also various updates for the DNS component in Windows. Attackers can even use the vulnerability to execute code remotely (RCE). This can happen if a user has the right to query the DNS server. The vulnerability CVE-2024-26221is particularly serious and should be close quickly. Attackers can even execute the code with the rights of the DNS server. This can quickly become a problem in Windows networks.
With free tools like Windows Update Mini Bulk Database Tool and Co, admins get more control over updates in Windows.
More control over updates in Windows
Keep Windows Updates Under Control with 7 Free Tools
We have been publishing regular reports on Microsoft Patch Day for many years. We would like to hear from you how we can make the reports even more useful for your daily work. What additional information would you like, what can we make clearer. What can we leave out? Send us an email! We read every message, we promise.
