CxoToday
CxoToday
HomePress Release April 2024 Patch Tuesday: Comment from Satnam Narang, Senior Staff Research Engineer, Tenable
Press Release

 April 2024 Patch Tuesday: Comment from Satnam Narang, Senior Staff Research Engineer, Tenable

CXOtoday News DeskCXOtoday News Desk

“Microsoft patched 147 CVEs in April, the largest number of CVEs patched in a month since we began tracking this data in 2017. The last time there were over 100 CVEs patched was October 2023, when Microsoft addressed 103 CVEs. However, the previous high for total CVEs patched in a month was in July 2023, when Microsoft addressed 130 CVEs.

 

“It’s been an unusually quiet year in terms of zero-days. This time last year, there were seven zero-day vulnerabilities exploited in the wild. In 2024, we’ve only had two zero-days exploited and both were from February. It’s difficult to pinpoint why we’ve seen this decrease, whether it’s just a lack of visibility or if it signifies a trend with attackers utilizing known vulnerabilities as part of their attacks on organizations.

 

“Microsoft fixed a SmartScreen Prompt security feature bypass vulnerability this month with CVE-2024-29988, which is credited to some of the same researchers that disclosed a similar flaw in February (CVE-2024-21412) that was exploited as a zero-day. Social engineering through direct means (email and direct messages) that requires some type of user interaction is a typical route for exploitation for this type of flaw. CVE-2024-21412 was used as part of a DarkGate campaign that leveraged fake software installers impersonating Apple’s iTunes, Notion, NVIDIA and more. Microsoft Defender SmartScreen is supposed to provide additional protections for end users against phishing and malicious websites. However, as the name implies, these flaws bypass these security features, which leads to end users being infected with malware.

 

“This month’s release addresses 24 vulnerabilities in Windows Secure Boot, the majority of which are considered “Exploitation Less Likely” according to Microsoft. However, the last time Microsoft patched a flaw in Windows Secure Boot (CVE-2023-24932) in May 2023 had a notable impact as it was exploited in the wild and linked to the BlackLotus UEFI bootkit, which was sold on dark web forums for $5,000. BlackLotus can bypass functionality called secure boot, which is designed to block malware from being able to load when booting up. While none of these Secure Boot vulnerabilities addressed this month were exploited in the wild, they serve as a reminder that flaws in Secure Boot persist, and we could see more malicious activity related to Secure Boot in the future.” – Satnam Narang, Senior Staff Research Engineer, Tenable

Tags :Tenable
add a comment

You Might Also Like

CxoToday
CXOtoday is a premier resource on the world of IT, relevant to key business decision makers. We offer IT perspective & news to the C-suite audience. We also provide business and technology news to those who evaluate, invest, and manage the IT infrastructure of organizations. CXOtoday has a well-networked and strong community that encourages discussions on what’s happening in the world of IT and its impact on businesses.

Useful Links

Information

Connect

Facebook Twitter Linkedin

Copyright © 2024 Trivone. All Rights Reserved.

channeltimes
Techtree
SupportBiz
khelnama