Microsoft April 2024 Patch Tuesday fixes 150 security flaws, 67 RCEs (2024)

Update 4/9/24: Added information on two zero-day vulnerabilities that Microsoft did not initially mark as exploited.

Today is Microsoft's April 2024 Patch Tuesday, which includes security updates for 150 flaws and sixty-seven remote code execution bugs.

Only three critical vulnerabilities were fixed as part of today's Patch Tuesday, but there are over sixty-seven remote code execution bugs. More than half of the RCE flaws are found within Microsoft SQL drivers, likely sharing a common flaw.

There were also fixes for twenty-six Secure Boot bypasses released this month, including two from Lenovo.

The total count of 150 flaws does not include 5 Microsoft Edge flaws fixed on April 4th and 2 Mariner flaws. Mariner is anopen-source Linux distributiondeveloped by Microsoft for its Microsoft Azure services.

This month's Patch Tuesday fixed two zero-day vulnerabilities actively exploited in malware attacks.

Microsoft initially failed to mark the zero days as actively exploited, but Sophos and Trend Micro shared information on how they were actively exploited in attacks.

See Also
Microsoft June 2024 Patch Tuesday fixes 51 flaws, 18 RCEsUpdate release cycle for Windows clients - Windows DeploymentMicrosoft May 2024 Patch Tuesday fixes 3 zero-days, 61 flawsJune 25, 2024—KB5039302 (OS Builds 22621.3810 and 22631.3810) Preview

Below is a summary of the zero days, with more details provided in adedicated article.

Sophos shared that this CVE is assigned to a malicious driver signed with a valid Microsoft Hardware Publisher Certificate.

The driver was used to deploy a backdoor previously disclosed by Stairwell.

Team lead Christopher Budd told BleepingComputer that previous drivers reported to Microsoft that they did not receive a CVE, but rather an advisory was issued.

It is unclear why a CVE was released today for this driver, unless it was because a valid Microsoft Hardware Publisher Certificate signed it.

CVE-2024-29988 is a patch bypass for the CVE-2024-21412 flaw (also a patch bypass for CVE-2023-36025), which allows attachments to bypass Microsoft Defender Smartscreen prompts when the file is opened.

See Also
What Is Patch Tuesday and Why Does It Matter for Cybersecurity

"Technique #1: Open in App Method

The first technique uses the code enabling the “open in app” feature in SharePoint to access and download files while only leaving an access event in the file’s audit log. This method can be executed manually or automated through a PowerShell script, allowing for the rapid exfiltration of many files.

Technique #2: SkyDriveSync User-Agent

The second technique uses the User-Agent for Microsoft SkyDriveSync to download files or even entire sites while mislabeling events as file syncs instead of downloads."

Varonis

Microsoft has not assigned CVEs to the two flaws and they have been added to the patching backlog, with no timeline as to when they will be fixed.

Other vendors who released security updates or vulnerability advisories in April 2024include:

Below is the complete list of resolved vulnerabilities in the April 2024 Patch Tuesday updates.

To access the full description of each vulnerability and the systemsit affects, you can view the full report here.

TagCVE IDCVE TitleSeverity
.NET and Visual StudioCVE-2024-21409.NET, .NET Framework, and Visual Studio Remote Code Execution VulnerabilityImportant
AzureCVE-2024-29993Azure CycleCloud Elevation of Privilege VulnerabilityImportant
Azure AI SearchCVE-2024-29063Azure AI Search Information Disclosure VulnerabilityImportant
Azure ArcCVE-2024-28917Azure Arc-enabled Kubernetes Extension Cluster-Scope Elevation of Privilege VulnerabilityImportant
Azure Compute GalleryCVE-2024-21424Azure Compute Gallery Elevation of Privilege VulnerabilityImportant
Azure MigrateCVE-2024-26193Azure Migrate Remote Code Execution VulnerabilityImportant
Azure MonitorCVE-2024-29989Azure Monitor Agent Elevation of Privilege VulnerabilityImportant
Azure Private 5G CoreCVE-2024-20685Azure Private 5G Core Denial of Service VulnerabilityModerate
Azure SDKCVE-2024-29992Azure Identity Library for .NET Information Disclosure VulnerabilityModerate
IntelCVE-2024-2201Intel: CVE-2024-2201 Branch History InjectionImportant
Internet Shortcut FilesCVE-2024-29988SmartScreen Prompt Security Feature Bypass VulnerabilityImportant
MarinerCVE-2019-3816UnknownUnknown
MarinerCVE-2019-3833UnknownUnknown
Microsoft Azure Kubernetes ServiceCVE-2024-29990Microsoft Azure Kubernetes Service Confidential Container Elevation of Privilege VulnerabilityImportant
Microsoft Brokering File SystemCVE-2024-28905Microsoft Brokering File System Elevation of Privilege VulnerabilityImportant
Microsoft Brokering File SystemCVE-2024-28907Microsoft Brokering File System Elevation of Privilege VulnerabilityImportant
Microsoft Brokering File SystemCVE-2024-26213Microsoft Brokering File System Elevation of Privilege VulnerabilityImportant
Microsoft Brokering File SystemCVE-2024-28904Microsoft Brokering File System Elevation of Privilege VulnerabilityImportant
Microsoft Defender for IoTCVE-2024-29055Microsoft Defender for IoT Elevation of Privilege VulnerabilityImportant
Microsoft Defender for IoTCVE-2024-29053Microsoft Defender for IoT Remote Code Execution VulnerabilityCritical
Microsoft Defender for IoTCVE-2024-29054Microsoft Defender for IoT Elevation of Privilege VulnerabilityImportant
Microsoft Defender for IoTCVE-2024-21324Microsoft Defender for IoT Elevation of Privilege VulnerabilityImportant
Microsoft Defender for IoTCVE-2024-21323Microsoft Defender for IoT Remote Code Execution VulnerabilityCritical
Microsoft Defender for IoTCVE-2024-21322Microsoft Defender for IoT Remote Code Execution VulnerabilityCritical
Microsoft Edge (Chromium-based)CVE-2024-3156Chromium: CVE-2024-3156 Inappropriate implementation in V8Unknown
Microsoft Edge (Chromium-based)CVE-2024-29049Microsoft Edge (Chromium-based) Webview2 Spoofing VulnerabilityModerate
Microsoft Edge (Chromium-based)CVE-2024-29981Microsoft Edge (Chromium-based) Spoofing VulnerabilityLow
Microsoft Edge (Chromium-based)CVE-2024-3159Chromium: CVE-2024-3159 Out of bounds memory access in V8Unknown
Microsoft Edge (Chromium-based)CVE-2024-3158Chromium: CVE-2024-3158 Use after free in BookmarksUnknown
Microsoft Install ServiceCVE-2024-26158Microsoft Install Service Elevation of Privilege VulnerabilityImportant
Microsoft Office ExcelCVE-2024-26257Microsoft Excel Remote Code Execution VulnerabilityImportant
Microsoft Office OutlookCVE-2024-20670Outlook for Windows Spoofing VulnerabilityImportant
Microsoft Office SharePointCVE-2024-26251Microsoft SharePoint Server Spoofing VulnerabilityImportant
Microsoft WDAC ODBC DriverCVE-2024-26214Microsoft WDAC SQL Server ODBC Driver Remote Code Execution VulnerabilityImportant
Microsoft WDAC OLE DB provider for SQLCVE-2024-26244Microsoft WDAC OLE DB Provider for SQL Server Remote Code Execution VulnerabilityImportant
Microsoft WDAC OLE DB provider for SQLCVE-2024-26210Microsoft WDAC OLE DB Provider for SQL Server Remote Code Execution VulnerabilityImportant
Role: DNS ServerCVE-2024-26233Windows DNS Server Remote Code Execution VulnerabilityImportant
Role: DNS ServerCVE-2024-26231Windows DNS Server Remote Code Execution VulnerabilityImportant
Role: DNS ServerCVE-2024-26227Windows DNS Server Remote Code Execution VulnerabilityImportant
Role: DNS ServerCVE-2024-26223Windows DNS Server Remote Code Execution VulnerabilityImportant
Role: DNS ServerCVE-2024-26221Windows DNS Server Remote Code Execution VulnerabilityImportant
Role: DNS ServerCVE-2024-26224Windows DNS Server Remote Code Execution VulnerabilityImportant
Role: DNS ServerCVE-2024-26222Windows DNS Server Remote Code Execution VulnerabilityImportant
Role: Windows Hyper-VCVE-2024-29064Windows Hyper-V Denial of Service VulnerabilityImportant
SQL ServerCVE-2024-28937Microsoft ODBC Driver for SQL Server Remote Code Execution VulnerabilityImportant
SQL ServerCVE-2024-28938Microsoft ODBC Driver for SQL Server Remote Code Execution VulnerabilityImportant
SQL ServerCVE-2024-29044Microsoft OLE DB Driver for SQL Server Remote Code Execution VulnerabilityImportant
SQL ServerCVE-2024-28935Microsoft ODBC Driver for SQL Server Remote Code Execution VulnerabilityImportant
SQL ServerCVE-2024-28940Microsoft OLE DB Driver for SQL Server Remote Code Execution VulnerabilityImportant
SQL ServerCVE-2024-28943Microsoft ODBC Driver for SQL Server Remote Code Execution VulnerabilityImportant
SQL ServerCVE-2024-28941Microsoft ODBC Driver for SQL Server Remote Code Execution VulnerabilityImportant
SQL ServerCVE-2024-28910Microsoft OLE DB Driver for SQL Server Remote Code Execution VulnerabilityImportant
SQL ServerCVE-2024-28944Microsoft OLE DB Driver for SQL Server Remote Code Execution VulnerabilityImportant
SQL ServerCVE-2024-28908Microsoft OLE DB Driver for SQL Server Remote Code Execution VulnerabilityImportant
SQL ServerCVE-2024-28909Microsoft OLE DB Driver for SQL Server Remote Code Execution VulnerabilityImportant
SQL ServerCVE-2024-29985Microsoft OLE DB Driver for SQL Server Remote Code Execution VulnerabilityImportant
SQL ServerCVE-2024-28906Microsoft OLE DB Driver for SQL Server Remote Code Execution VulnerabilityImportant
SQL ServerCVE-2024-28926Microsoft OLE DB Driver for SQL Server Remote Code Execution VulnerabilityImportant
SQL ServerCVE-2024-28933Microsoft ODBC Driver for SQL Server Remote Code Execution VulnerabilityImportant
SQL ServerCVE-2024-28934Microsoft ODBC Driver for SQL Server Remote Code Execution VulnerabilityImportant
SQL ServerCVE-2024-28927Microsoft OLE DB Driver for SQL Server Remote Code Execution VulnerabilityImportant
SQL ServerCVE-2024-28930Microsoft ODBC Driver for SQL Server Remote Code Execution VulnerabilityImportant
SQL ServerCVE-2024-29046Microsoft OLE DB Driver for SQL Server Remote Code Execution VulnerabilityImportant
SQL ServerCVE-2024-28932Microsoft ODBC Driver for SQL Server Remote Code Execution VulnerabilityImportant
SQL ServerCVE-2024-29047Microsoft OLE DB Driver for SQL Server Remote Code Execution VulnerabilityImportant
SQL ServerCVE-2024-28931Microsoft ODBC Driver for SQL Server Remote Code Execution VulnerabilityImportant
SQL ServerCVE-2024-29984Microsoft OLE DB Driver for SQL Server Remote Code Execution VulnerabilityImportant
SQL ServerCVE-2024-28929Microsoft ODBC Driver for SQL Server Remote Code Execution VulnerabilityImportant
SQL ServerCVE-2024-28939Microsoft OLE DB Driver for SQL Server Remote Code Execution VulnerabilityImportant
SQL ServerCVE-2024-28942Microsoft OLE DB Driver for SQL Server Remote Code Execution VulnerabilityImportant
SQL ServerCVE-2024-29043Microsoft ODBC Driver for SQL Server Remote Code Execution VulnerabilityImportant
SQL ServerCVE-2024-28936Microsoft ODBC Driver for SQL Server Remote Code Execution VulnerabilityImportant
SQL ServerCVE-2024-29045Microsoft OLE DB Driver for SQL Server Remote Code Execution VulnerabilityImportant
SQL ServerCVE-2024-28915Microsoft OLE DB Driver for SQL Server Remote Code Execution VulnerabilityImportant
SQL ServerCVE-2024-28913Microsoft OLE DB Driver for SQL Server Remote Code Execution VulnerabilityImportant
SQL ServerCVE-2024-28945Microsoft OLE DB Driver for SQL Server Remote Code Execution VulnerabilityImportant
SQL ServerCVE-2024-29048Microsoft OLE DB Driver for SQL Server Remote Code Execution VulnerabilityImportant
SQL ServerCVE-2024-28912Microsoft OLE DB Driver for SQL Server Remote Code Execution VulnerabilityImportant
SQL ServerCVE-2024-28914Microsoft OLE DB Driver for SQL Server Remote Code Execution VulnerabilityImportant
SQL ServerCVE-2024-29983Microsoft OLE DB Driver for SQL Server Remote Code Execution VulnerabilityImportant
SQL ServerCVE-2024-28911Microsoft OLE DB Driver for SQL Server Remote Code Execution VulnerabilityImportant
SQL ServerCVE-2024-29982Microsoft OLE DB Driver for SQL Server Remote Code Execution VulnerabilityImportant
Windows Authentication MethodsCVE-2024-29056Windows Authentication Elevation of Privilege VulnerabilityImportant
Windows Authentication MethodsCVE-2024-21447Windows Authentication Elevation of Privilege VulnerabilityImportant
Windows BitLockerCVE-2024-20665BitLocker Security Feature Bypass VulnerabilityImportant
Windows Compressed FolderCVE-2024-26256libarchive Remote Code Execution VulnerabilityImportant
Windows Cryptographic ServicesCVE-2024-26228Windows Cryptographic Services Security Feature Bypass VulnerabilityImportant
Windows Cryptographic ServicesCVE-2024-29050Windows Cryptographic Services Remote Code Execution VulnerabilityImportant
Windows Defender Credential GuardCVE-2024-26237Windows Defender Credential Guard Elevation of Privilege VulnerabilityImportant
Windows DHCP ServerCVE-2024-26212DHCP Server Service Denial of Service VulnerabilityImportant
Windows DHCP ServerCVE-2024-26215DHCP Server Service Denial of Service VulnerabilityImportant
Windows DHCP ServerCVE-2024-26195DHCP Server Service Remote Code Execution VulnerabilityImportant
Windows DHCP ServerCVE-2024-26202DHCP Server Service Remote Code Execution VulnerabilityImportant
Windows Distributed File System (DFS)CVE-2024-29066Windows Distributed File System (DFS) Remote Code Execution VulnerabilityImportant
Windows Distributed File System (DFS)CVE-2024-26226Windows Distributed File System (DFS) Information Disclosure VulnerabilityImportant
Windows DWM Core LibraryCVE-2024-26172Windows DWM Core Library Information Disclosure VulnerabilityImportant
Windows File Server Resource Management ServiceCVE-2024-26216Windows File Server Resource Management Service Elevation of Privilege VulnerabilityImportant
Windows HTTP.sysCVE-2024-26219HTTP.sys Denial of Service VulnerabilityImportant
Windows Internet Connection Sharing (ICS)CVE-2024-26253Windows rndismp6.sys Remote Code Execution VulnerabilityImportant
Windows Internet Connection Sharing (ICS)CVE-2024-26252Windows rndismp6.sys Remote Code Execution VulnerabilityImportant
Windows KerberosCVE-2024-26183Windows Kerberos Denial of Service VulnerabilityImportant
Windows KerberosCVE-2024-26248Windows Kerberos Elevation of Privilege VulnerabilityImportant
Windows KernelCVE-2024-20693Windows Kernel Elevation of Privilege VulnerabilityImportant
Windows KernelCVE-2024-26245Windows SMB Elevation of Privilege VulnerabilityImportant
Windows KernelCVE-2024-26229Windows CSC Service Elevation of Privilege VulnerabilityImportant
Windows KernelCVE-2024-26218Windows Kernel Elevation of Privilege VulnerabilityImportant
Windows Local Security Authority Subsystem Service (LSASS)CVE-2024-26209Microsoft Local Security Authority Subsystem Service Information Disclosure VulnerabilityImportant
Windows Message QueuingCVE-2024-26232Microsoft Message Queuing (MSMQ) Remote Code Execution VulnerabilityImportant
Windows Message QueuingCVE-2024-26208Microsoft Message Queuing (MSMQ) Remote Code Execution VulnerabilityImportant
Windows Mobile HotspotCVE-2024-26220Windows Mobile Hotspot Information Disclosure VulnerabilityImportant
Windows Proxy DriverCVE-2024-26234Proxy Driver Spoofing VulnerabilityImportant
Windows Remote Access Connection ManagerCVE-2024-28902Windows Remote Access Connection Manager Information Disclosure VulnerabilityImportant
Windows Remote Access Connection ManagerCVE-2024-28900Windows Remote Access Connection Manager Information Disclosure VulnerabilityImportant
Windows Remote Access Connection ManagerCVE-2024-28901Windows Remote Access Connection Manager Information Disclosure VulnerabilityImportant
Windows Remote Access Connection ManagerCVE-2024-26255Windows Remote Access Connection Manager Information Disclosure VulnerabilityImportant
Windows Remote Access Connection ManagerCVE-2024-26230Windows Telephony Server Elevation of Privilege VulnerabilityImportant
Windows Remote Access Connection ManagerCVE-2024-26239Windows Telephony Server Elevation of Privilege VulnerabilityImportant
Windows Remote Access Connection ManagerCVE-2024-26207Windows Remote Access Connection Manager Information Disclosure VulnerabilityImportant
Windows Remote Access Connection ManagerCVE-2024-26217Windows Remote Access Connection Manager Information Disclosure VulnerabilityImportant
Windows Remote Access Connection ManagerCVE-2024-26211Windows Remote Access Connection Manager Elevation of Privilege VulnerabilityImportant
Windows Remote Procedure CallCVE-2024-20678Remote Procedure Call Runtime Remote Code Execution VulnerabilityImportant
Windows Routing and Remote Access Service (RRAS)CVE-2024-26200Windows Routing and Remote Access Service (RRAS) Remote Code Execution VulnerabilityImportant
Windows Routing and Remote Access Service (RRAS)CVE-2024-26179Windows Routing and Remote Access Service (RRAS) Remote Code Execution VulnerabilityImportant
Windows Routing and Remote Access Service (RRAS)CVE-2024-26205Windows Routing and Remote Access Service (RRAS) Remote Code Execution VulnerabilityImportant
Windows Secure BootCVE-2024-29061Secure Boot Security Feature Bypass VulnerabilityImportant
Windows Secure BootCVE-2024-28921Secure Boot Security Feature Bypass VulnerabilityImportant
Windows Secure BootCVE-2024-20689Secure Boot Security Feature Bypass VulnerabilityImportant
Windows Secure BootCVE-2024-26250Secure Boot Security Feature Bypass VulnerabilityImportant
Windows Secure BootCVE-2024-28922Secure Boot Security Feature Bypass VulnerabilityImportant
Windows Secure BootCVE-2024-29062Secure Boot Security Feature Bypass VulnerabilityImportant
Windows Secure BootCVE-2024-20669Secure Boot Security Feature Bypass VulnerabilityImportant
Windows Secure BootCVE-2024-28898Secure Boot Security Feature Bypass VulnerabilityImportant
Windows Secure BootCVE-2024-20688Secure Boot Security Feature Bypass VulnerabilityImportant
Windows Secure BootCVE-2024-23593Lenovo: CVE-2024-23593 Zero Out Boot Manager and drop to UEFI ShellImportant
Windows Secure BootCVE-2024-28896Secure Boot Security Feature Bypass VulnerabilityImportant
Windows Secure BootCVE-2024-28919Secure Boot Security Feature Bypass VulnerabilityImportant
Windows Secure BootCVE-2024-23594Lenovo: CVE-2024-23594 Stack Buffer Overflow in LenovoBT.efiImportant
Windows Secure BootCVE-2024-28923Secure Boot Security Feature Bypass VulnerabilityImportant
Windows Secure BootCVE-2024-28903Secure Boot Security Feature Bypass VulnerabilityImportant
Windows Secure BootCVE-2024-26189Secure Boot Security Feature Bypass VulnerabilityImportant
Windows Secure BootCVE-2024-26240Secure Boot Security Feature Bypass VulnerabilityImportant
Windows Secure BootCVE-2024-28924Secure Boot Security Feature Bypass VulnerabilityImportant
Windows Secure BootCVE-2024-28897Secure Boot Security Feature Bypass VulnerabilityImportant
Windows Secure BootCVE-2024-28925Secure Boot Security Feature Bypass VulnerabilityImportant
Windows Secure BootCVE-2024-26175Secure Boot Security Feature Bypass VulnerabilityImportant
Windows Secure BootCVE-2024-28920Secure Boot Security Feature Bypass VulnerabilityImportant
Windows Secure BootCVE-2024-26194Secure Boot Security Feature Bypass VulnerabilityImportant
Windows Secure BootCVE-2024-26180Secure Boot Security Feature Bypass VulnerabilityImportant
Windows Secure BootCVE-2024-26171Secure Boot Security Feature Bypass VulnerabilityImportant
Windows Secure BootCVE-2024-26168Secure Boot Security Feature Bypass VulnerabilityImportant
Windows StorageCVE-2024-29052Windows Storage Elevation of Privilege VulnerabilityImportant
Windows Telephony ServerCVE-2024-26242Windows Telephony Server Elevation of Privilege VulnerabilityImportant
Windows Update StackCVE-2024-26236Windows Update Stack Elevation of Privilege VulnerabilityImportant
Windows Update StackCVE-2024-26235Windows Update Stack Elevation of Privilege VulnerabilityImportant
Windows USB Print DriverCVE-2024-26243Windows USB Print Driver Elevation of Privilege VulnerabilityImportant
Windows Virtual Machine BusCVE-2024-26254Microsoft Virtual Machine Bus (VMBus) Denial of Service VulnerabilityImportant
Windows Win32K - ICOMPCVE-2024-26241Win32k Elevation of Privilege VulnerabilityImportant
Microsoft April 2024 Patch Tuesday fixes 150 security flaws, 67 RCEs (2024)
Top Articles
Saginaw Spirit prevail 4-3 over London Knights to win first Memorial Cup
College: Western Michigan takes Day 1 lead at Saginaw Bay - Bassmaster
Craigslist Poplar Bluff Missouri
Used Cars For Sale in Merced, CA
The Post-Crescent from Appleton, Wisconsin
The Daily Inter Lake from Kalispell, Montana
Nada Motorcycle Values (Your Guide to Accurate Pricing)
How to Use J.D. Power to Determine Motorcycle Value – ChopperExchange
10 Games Like Tetris You Can Play Online for Free
Red Bull Mind Gamers New ‘Mind Challenge’ Site Launches With All New Tetris Game - Big Games Machine
Tips & Resources for Home Renters | Tricon Residential
John Wick: Chapter 4 movie review (2023) | Roger Ebert
Latest Posts
Saginaw Spirit win 2024 Memorial Cup
Walkthrough and Mission List - Red Dead Redemption 2 Guide - IGN
Article information

Author: Prof. Nancy Dach

Last Updated:

Views: 6295

Rating: 4.7 / 5 (77 voted)

Reviews: 84% of readers found this page helpful

Author information

Name: Prof. Nancy Dach

Birthday: 1993-08-23

Address: 569 Waelchi Ports, South Blainebury, LA 11589

Phone: +9958996486049

Job: Sales Manager

Hobby: Web surfing, Scuba diving, Mountaineering, Writing, Sailing, Dance, Blacksmithing

Introduction: My name is Prof. Nancy Dach, I am a lively, joyous, courageous, lovely, tender, charming, open person who loves writing and wants to share my knowledge and understanding with you.