April’s Patch Tuesday was a record-breaker for Microsoft, with the software giant releasing patches for 147 vulnerabilities — more than researchers can recall ever seeing previously in a single month.  This month’s list initially appeared to contain no zero-day vulnerabilities, but researchers were quick to correct this — pointing out to Microsoft that two of the bugs they fixed had been actively exploited.

One of the zero-day vulnerabilities patched this month was a SmartScreen Prompt security feature bypass flaw, tracked as CVE-2024-29988. SmartScreen is a popup feature that warns users about running unknown files.

The other vulnerability already exploited in the wild was a proxy driver spoofing vulnerability (CVE-2024-26234) discovered by Sophos X-Ops.

Recommendations: 

  • Apply appropriate patches or appropriate mitigations provided by Microsoft to vulnerable systems immediately after appropriate testing.
  • Apply the Principle of Least Privilege to all systems and services, and run all software as a non-privileged user (one without administrative rights) to diminish the effects of a successful attack.
  • Remind all users not to visit untrusted websites or follow links/open files provided by unknown or untrusted sources.
  • Use capabilities to prevent suspicious behavior patterns from occurring on endpoint systems. This could include suspicious process, file, API call, etc. behavior.

If you have questions or need assistance, contact a member of the BMT team.