The April 2024 Security Updates Review

- Adobe released 9 security patches addressing 24 CVEs across various software products, with none actively exploited at the time of release. - Microsoft released 147 updates, including 155 CVEs, marking the largest Patch Tuesday release in history. - Only 3 of the Microsoft CVEs are rated Critical, 142 are Important, and 2 are Moderate in severity. - None of the released CVEs were listed as publicly known or under active attack, except for CVE-2024-29988, which is being actively exploited in the wild. - The exploited vulnerability bypasses the SmartScreen Prompt security feature, allowing malware execution. - Another notable update is CVE-2024-20678, an RPC bug that could lead to arbitrary code execution with authenticated access. - CVE-2024-20670 exploits Outlook to disclose NTLM hashes, potentially leading to spoofing. - Seven DNS RCE bugs were patched, highlighting the critical nature of securing DNS servers. - Post-release, CVE-2024-26234 was confirmed as also under active attack, raising the need for prompt mitigation. - Microsoft categorizes the updates with a deployment priority rating of 3, indicating moderate urgency.