CVE-2024-29988: ‘In-the-Wild’ Flaw Among Microsoft’s April 2024 Patch Tuesday
Microsoft’s April 2024 Patch Tuesday release brings a staggering 147 new vulnerability fixes across its software ecosystem. The sheer volume highlights the relentless cybersecurity battle, especially considering reports of a zero-day vulnerability already being actively exploited. This month’s updates target critical weaknesses in Windows, Office, Azure, .NET Framework, SQL Server, and more.
Zero-Day Alert
While none of the patched vulnerabilities are officially listed as under active attack, a security researcher from the Zero Day Initiative (ZDI) has uncovered evidence of CVE-2024-29988 being exploited in the wild. This SmartScreen bypass lets attackers sneak malware past Microsoft’s Mark of the Web (MotW) protections. Treat this one as a zero-day threat until Microsoft confirms otherwise.
Dmitrij Lenz and Vlad Stolyarov from Google’s Threat Analysis Group have also reported on CVE-2024-29988.
Notable Vulnerabilities
- CVE-2024-20678 – Remote Procedure Call (RPC) Flaw An alarming Remote Code Execution (RCE) vulnerability in RPC requires authentication but no special privileges. This bug, combined with the internet exposure of many RPC services, is likely to become a primary target for attack.
- CVE-2024-20670 – NTLM Relaying in Outlook This vulnerability allows attackers to harvest NTLM hashes from unsuspecting Outlook users who click within emails (preview pane is not a risk). Expect this to be weaponized with recent NTLM relaying exploits.
- CVE-2024-26221 (and 6 others) – DNS Server RCE Risk A cluster of critical vulnerabilities in Windows DNS Server allows for timing-based remote code execution if an authorized user performs targeted DNS queries. With your DNS infrastructure being mission-critical, prioritize these patches.
The Severity Breakdown
- Critical: 3
- Important: 142
- Moderate: 2
Recommendations
- Patch Immediately: Don’t delay. The risk of targeted attacks on these vulnerabilities is rising, especially with evidence of that zero-day exploit.
- Zero-Trust Mindset: Even after patching, remain vigilant. Attackers may already have footholds in systems using the in-the-wild exploit.
- Security Training: User education is key. Remind your team about the dangers of clicking suspicious links or attachments in emails to help minimize the impact of Outlook-based attacks.
