Microsoft fixes 149 flaws, including zero-days, in massive patch released in April

Microsoft

Microsoft released the April 2024 security update, which fixed a record 149 vulnerabilities, two of which have been widely exploited.

Of the 149 defects, 3 defects were rated as Critical, 142 defects were rated as Important, 3 defects were rated as Moderate, and 1 defect was rated as Low in severity. The update does not include 21 vulnerabilities that the company addressed in its Chromium-based Edge browser after releasing March 2024 Patch Tuesday fixes.

Two disadvantages that are being actively exploited are as follows:

  • CVE-2024-26234 (CVSS Rating: 6.7) – Agent Driver Spoofing Vulnerability
  • CVE-2024-29988 (CVSS Rating: 8.8) – SmartScreen Prompts Security Feature Bypass Vulnerability

While Microsoft’s own advisory did not provide information about CVE-2024-26234, cybersecurity firm Sophos said it discovered a malicious executable signed by a valid Microsoft Windows Hardware Compatibility Releaser in December 2023 ( “Catalog.exe” or “Catalog Authentication Client Service”) (WHCP) credentials.

Authenticode analysis of the binary file shows that the original request was issued by Hainan Youhu Technology Co., Ltd., which is also the publisher of another tool called LaiXi Android Screen Mirroring.

The latter is described as “a marketing software… [that] It can connect to hundreds of mobile phones and control them in batches to automate batch following, likes, comments and other tasks. “

The so-called authentication service contains a component called 3proxy, which is designed to monitor and intercept network traffic on infected systems, effectively acting as a backdoor.

Sophos researcher Andreas Klopsch said: “We have no evidence that LaiXi developers intentionally embedded malicious files into their products, or that threat actors conducted a supply chain attack to insert them into the compilation/build process of LaiXi applications. “.

The cybersecurity firm also said it discovered multiple other backdoor variants in the wild dating back to January 5, 2023, suggesting the campaign has been ongoing at least since then. Microsoft has since added the relevant documents to its revocation list.

Internet security

Another security vulnerability reportedly under active attack is CVE-2024-29988, which, like CVE-2024-21412 and CVE-2023-36025, allows attackers to bypass Microsoft Defender Smartscreen protection when opening a specially crafted file.

“To exploit this security feature to bypass the vulnerability, an attacker would need to convince the user to launch a malicious file using a launcher application that requests no UI to be displayed,” Microsoft said.

“In an email or instant messaging attack scenario, an attacker could send a specially crafted file designed to exploit a remote code execution vulnerability to the target user.”

The zero-day project revealed that there is evidence that the flaw is being exploited, although Microsoft has marked it as “more likely to be exploited” assessment.

Another important vulnerability is CVE-2024-29990 (CVSS score: 9.0), an elevation of privilege vulnerability affecting the Microsoft Azure Kubernetes Service secret container that could potentially be exploited by an unauthenticated attacker to steal credentials.

“An attacker could gain access to untrusted AKS Kubernetes nodes and AKS confidential containers to take over confidential guests and containers outside of the network stack to which they may be bound,” Redmond said.

All told, this release is notable for resolving up to 68 remote code executions, 31 privilege escalations, 26 security feature bypasses, and 6 Denial of Service (DoS) bugs. Interestingly, 24 of the 26 security bypass flaws were related to Secure Boot.

“While none of the Secure Boot vulnerabilities addressed this month have been exploited in the wild, they serve as a reminder that flaws in Secure Boot still exist and we may see more Secure Boot-related malware in the future,” said senior staff member Satnam Narang. activity,” Tenable’s research engineers said in a statement.

The disclosure comes as Microsoft faces criticism for its security practices, with a recent report from the U.S. Cyber ​​Security Review Board (CSRB) saying the company did not do enough to stop a Chinese threat group tracked as Storm Planned cyber espionage activities. Last year -0558.

It also follows the company’s decision to publish root cause data for security flaws using the Common Weakness Enumeration (CWE) industry standard. However, it is worth noting that these changes will only take effect from recommendations issued since March 2024.

“Adding CWE assessments to Microsoft security bulletins helps pinpoint the general root cause of vulnerabilities,” Adam Barnett, principal software engineer at Rapid7, said in a statement shared with The Hacker News.

“The CWE Project recently updated guidance on mapping CVEs to CWE root causes. Analysis of CWE trends can help developers reduce future occurrences by improving software development life cycle (SDLC) workflows and testing, and help Defenders understand where to direct defense in depth and deploy hardening efforts to get the best return on investment.”

In a related development, cybersecurity firm Varonis detailed two methods attackers can use to circumvent audit logs and avoid triggering download events when stealing files from SharePoint.

The first method takes advantage of SharePoint’s “Open in Application” feature to access and download files, while the second method uses Microsoft SkyDriveSync’s user agent to download files or even entire websites, while misclassifying such events. Sync for files instead of downloading.

Internet security

Microsoft became aware of these issues in November 2023, and although it has been added to the patch backlog, a fix has not yet been released. During this time, organizations are advised to closely monitor their audit logs for suspicious access events, particularly those involving the download of large numbers of files in a short period of time.

“These techniques can bypass detection and enforcement policies of traditional tools, such as cloud access security agents, data loss prevention and SIEM, by hiding downloads as less suspicious access and sync events,” said Eric Saraga.

Software patches from other vendors

In addition to Microsoft, other vendors have released security updates over the past few weeks to fix multiple vulnerabilities, including —

Did you find this article interesting?follow us Twitter and LinkedIn to read more exclusive content from us.



Source link



from Tech Empire Solutions https://techempiresolutions.com/microsoft-fixes-149-flaws-including-zero-days-in-massive-patch-released-in-april/
via https://techempiresolutions.com/

from Tech Empire Solutions https://techempiresolutions.blogspot.com/2024/04/microsoft-fixes-149-flaws-including.html
via https://techempiresolutions.com/

Comments

Post a Comment

Popular posts from this blog

Perfecta grill uses AI to help cook steaks in 90 seconds

Image
CES is increasingly becoming a barbecue show, and companies are constantly looking for ways to bring more technology to your deck or patio. One company adding artificial intelligence technology to its spice racks is Seergerills, a British startup made up of engineers and product developers. Its flagship model, the Perfecta, can cook a one-inch-thick rib-eye steak in 90 seconds. Overall, the company says the grill looks more like a see-through countertop oven and cooks food about 10 times faster than traditional cooking methods. Inside, dual vertical infrared burners cook both sides simultaneously, which not only speeds up the process but also eliminates the need for flipping. Seergerills says the burner has a maximum temperature of 1,652 degrees Fahrenheit, and the unit even ensures crisp edges thanks to 360-degree heating. The built-in artificial intelligence chef calculates the appropriate cooking time and temperature based on the food, taking into account the desired degree of done
Read more

John Wick heads to Vegas to visit interactive attractions

Image
image: Lionsgate If you’ve ever wanted to fully immerse yourself in John Wick , Lionsgate has got you covered. Later this year, action series is becoming “immersive and interactive” tourist attractions In Las Vegas. Grace Byers on horror and comedy in ‘The Dark’ According to the press release, John Wick Experience Produced in collaboration with series director Chad Stahelski and his production company 87Eleven. The 12,000-square-foot exhibit at the city’s AREA15 campus lets visitors “experience high-stakes adventures and visit themed bars and retail stores open to the public.” Guests will be given specific tasks involving characters and images from the film. They’ll also rub shoulders with Continental employees, crime bosses, and other assassins who (presumably) don’t come into contact with Wick’s bad side at any point in the movie, all in an effort to gain access to private Continental areas and learn about the interesting secret. Jenefer Brown, exec
Read more

Ford prepares for next war, Waymo recalls its self-driving car software, another self-driving startup lays off employees

Image
TechCrunch Mobility is a weekly newsletter dedicated to all things transportation. Sign up here – just click TechCrunch Mobility – and get the newsletter in your inbox every weekend. Subscription is free. welcome back TechCrunch Mobile — A central hub for news and insights about the future of transportation.This week’s news includes BMW Security breach exposes sensitive information, federal agencies fight back against Tesla super bowl ad and a new federal investigation Fisker . But first, I want to talk about my recent visit to the law, where I met some people Ford Executives understand their priorities for 2024 and beyond. It can be said with certainty Chinese electric vehicle manufacturer and Tesla is the most important; in the view of Ford executives, low-cost electric vehicles and cutting-edge software are the best ways to stop these threats. The company’s recently revealed Skunk Works project for electric vehicles is tasked with this task. Ford Chief Financial Officer J
Read more