⚡ TL;DR | Go Straight to the April 2024 Patch Tuesday Audit Report
Patch Tuesday is once again upon us. As always, our team has put together the monthly Patch Tuesday Report to help you manage your update progress. The audit report gives you a quick and clear overview of your Windows machines and their patching status. The April 2024 edition of Patch Tuesday brings us 151 new fixes, with 3 rated as critical. We’ve listed the most important changes below.
Microsoft Defender for IoT Vulnerabilities
All critical vulnerabilities this month are part of Microsoft Defender for IoT. CVE-2024-21322, CVE-2024-21323 and CVE-2024-29053 while three additional less critical vulnerabilities were also fixed (CVE-2024-21324, CVE-2024-29055, CVE-2024-29054).
Obviously you have to be using this product in order to be affected. More specifically, you’ll need to be using the legacy on-premises management console.
All three critical vulnerabilities have slightly different requirements ranging from requiring the attacker to be an administrator to any authenticated attacker could trigger the vulnerability.
SmartScreen Prompt Security Feature Bypass Vulnerability
The second high profile fix is a security bypass vulnerability for SmartScreen. Microsoft Defender SmartScreen helps protect you from online threats like malware and phishing by checking websites and downloaded files against a database of unsafe ones. To exploit this security feature bypass vulnerability, an attacker would need to convince a user to launch malicious files using a launcher application that requests that no UI be shown.
CVE-2024-29988 has a CVSS score of 8.8 and Microsoft lists it as one of the vulnerabilities that is more likely to be exploited.
Multiple Elevation of Privilege Vulnerabilities
The large majority of vulnerabilities marked by Microsoft as „more likely“ to be exploited this month are elevation of privilege vulnerabilities that all can lead to the attacker gaining SYSTEM privileges. Their CVSS base scores are all 7.8 and Microsoft has not provided any additional information at this time.
- CVE-2024-26158 (Microsoft Install Service Elevation of Privilege Vulnerability)
- CVE-2024-26218 (Windows Kernel Elevation of Privilege Vulnerability)
- CVE-2024-26241 (Win32k Elevation of Privilege Vulnerability)
- CVE-2024-26211 (Windows RAC Manager Elevation of Privilege Vulnerability)
- CVE-2024-26230 (Windows Telephony Server Elevation of Privilege Vulnerability)
- CVE-2024-26239 (Windows Telephony Server Elevation of Privilege Vulnerability)
Run the Patch Tuesday April 2024 Audit
To help manage your update progress, we’ve created the Patch Tuesday Audit that checks if the assets in your network are on the latest patch updates. The report has been color-coded to see which machines are up-to-date and which ones still need to be updated. As always, system administrators are urged to update their environment as soon as possible to ensure all endpoints are secured.
The Lansweeper Patch Tuesday report is automatically added to your Lansweeper Site. Lansweeper Sites is included in all our licenses without any additional cost and allows you to federate all your installations into one single view so all you need to do is look at one report, automatically added every patch Tuesday!
Patch Tuesday April 2024 CVE Codes & Titles
| CVE Number | CVE Title |
| CVE-2023-24932 | Secure Boot Security Feature Bypass Vulnerability |
| CVE-2024-20669 | Secure Boot Security Feature Bypass Vulnerability |
| CVE-2024-20688 | Secure Boot Security Feature Bypass Vulnerability |
| CVE-2024-20689 | Secure Boot Security Feature Bypass Vulnerability |
| CVE-2024-21409 | .NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability |
| CVE-2024-21424 | Azure Compute Gallery Elevation of Privilege Vulnerability |
| CVE-2024-26250 | Secure Boot Security Feature Bypass Vulnerability |
| CVE-2024-26252 | Windows rndismp6.sys Remote Code Execution Vulnerability |
| CVE-2024-26253 | Windows rndismp6.sys Remote Code Execution Vulnerability |
| CVE-2024-26254 | Microsoft Virtual Machine Bus (VMBus) Denial of Service Vulnerability |
| CVE-2024-26255 | Windows Remote Access Connection Manager Information Disclosure Vulnerability |
| CVE-2024-26172 | Windows DWM Core Library Information Disclosure Vulnerability |
| CVE-2024-26179 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability |
| CVE-2024-26200 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability |
| CVE-2024-26205 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability |
| CVE-2024-26232 | Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability |
| CVE-2024-28920 | Secure Boot Security Feature Bypass Vulnerability |
| CVE-2024-28922 | Secure Boot Security Feature Bypass Vulnerability |
| CVE-2024-28919 | Secure Boot Security Feature Bypass Vulnerability |
| CVE-2024-28896 | Secure Boot Security Feature Bypass Vulnerability |
| CVE-2024-28923 | Secure Boot Security Feature Bypass Vulnerability |
| CVE-2024-28898 | Secure Boot Security Feature Bypass Vulnerability |
| CVE-2024-28901 | Windows Remote Access Connection Manager Information Disclosure Vulnerability |
| CVE-2024-28902 | Windows Remote Access Connection Manager Information Disclosure Vulnerability |
| CVE-2024-28905 | Microsoft Brokering File System Elevation of Privilege Vulnerability |
| CVE-2024-28906 | Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability |
| CVE-2024-28908 | Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability |
| CVE-2024-28909 | Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability |
| CVE-2024-28910 | Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability |
| CVE-2024-28911 | Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability |
| CVE-2024-28912 | Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability |
| CVE-2024-28913 | Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability |
| CVE-2024-28914 | Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability |
| CVE-2024-28915 | Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability |
| CVE-2024-28929 | Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability |
| CVE-2024-28931 | Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability |
| CVE-2024-28932 | Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability |
| CVE-2024-28936 | Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability |
| CVE-2024-28939 | Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability |
| CVE-2024-28942 | Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability |
| CVE-2024-28945 | Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability |
| CVE-2024-29043 | Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability |
| CVE-2024-29045 | Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability |
| CVE-2024-29047 | Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability |
| CVE-2024-29050 | Windows Cryptographic Services Remote Code Execution Vulnerability |
| CVE-2024-29063 | Azure AI Search Information Disclosure Vulnerability |
| CVE-2024-29064 | Windows Hyper-V Denial of Service Vulnerability |
| CVE-2024-29066 | Windows Distributed File System (DFS) Remote Code Execution Vulnerability |
| CVE-2024-20685 | Azure Private 5G Core Denial of Service Vulnerability |
| CVE-2024-23594 | Lenovo: CVE-2024-23594 Stack Buffer Overflow in LenovoBT.efi |
| CVE-2024-29990 | Microsoft Azure Kubernetes Service Confidential Container Elevation of Privilege Vulnerability |
| CVE-2024-2201 | Intel: CVE-2024-2201 Branch History Injection |
| CVE-2024-20678 | Remote Procedure Call Runtime Remote Code Execution Vulnerability |
| CVE-2024-20665 | BitLocker Security Feature Bypass Vulnerability |
| CVE-2024-20693 | Windows Kernel Elevation of Privilege Vulnerability |
| CVE-2024-21322 | Microsoft Defender for IoT Remote Code Execution Vulnerability |
| CVE-2024-21323 | Microsoft Defender for IoT Remote Code Execution Vulnerability |
| CVE-2024-21324 | Microsoft Defender for IoT Elevation of Privilege Vulnerability |
| CVE-2024-21447 | Windows Authentication Elevation of Privilege Vulnerability |
| CVE-2024-26193 | Azure Migrate Remote Code Execution Vulnerability |
| CVE-2024-26168 | Secure Boot Security Feature Bypass Vulnerability |
| CVE-2024-26171 | Secure Boot Security Feature Bypass Vulnerability |
| CVE-2024-26175 | Secure Boot Security Feature Bypass Vulnerability |
| CVE-2024-26180 | Secure Boot Security Feature Bypass Vulnerability |
| CVE-2024-26183 | Windows Kerberos Denial of Service Vulnerability |
| CVE-2024-26189 | Secure Boot Security Feature Bypass Vulnerability |
| CVE-2024-26194 | Secure Boot Security Feature Bypass Vulnerability |
| CVE-2024-26195 | DHCP Server Service Remote Code Execution Vulnerability |
| CVE-2024-26202 | DHCP Server Service Remote Code Execution Vulnerability |
| CVE-2024-26219 | HTTP.sys Denial of Service Vulnerability |
| CVE-2024-26220 | Windows Mobile Hotspot Information Disclosure Vulnerability |
| CVE-2024-26221 | Windows DNS Server Remote Code Execution Vulnerability |
| CVE-2024-26222 | Windows DNS Server Remote Code Execution Vulnerability |
| CVE-2024-26223 | Windows DNS Server Remote Code Execution Vulnerability |
| CVE-2024-26224 | Windows DNS Server Remote Code Execution Vulnerability |
| CVE-2024-26227 | Windows DNS Server Remote Code Execution Vulnerability |
| CVE-2024-26231 | Windows DNS Server Remote Code Execution Vulnerability |
| CVE-2024-26233 | Windows DNS Server Remote Code Execution Vulnerability |
| CVE-2024-26243 | Windows USB Print Driver Elevation of Privilege Vulnerability |
| CVE-2024-26248 | Windows Kerberos Elevation of Privilege Vulnerability |
| CVE-2024-26210 | Microsoft WDAC OLE DB Provider for SQL Server Remote Code Execution Vulnerability |
| CVE-2024-26229 | Windows CSC Service Elevation of Privilege Vulnerability |
| CVE-2024-26235 | Windows Update Stack Elevation of Privilege Vulnerability |
| CVE-2024-26236 | Windows Update Stack Elevation of Privilege Vulnerability |
| CVE-2024-26237 | Windows Defender Credential Guard Elevation of Privilege Vulnerability |
| CVE-2024-26242 | Windows Telephony Server Elevation of Privilege Vulnerability |
| CVE-2024-26244 | Microsoft WDAC OLE DB Provider for SQL Server Remote Code Execution Vulnerability |
| CVE-2024-26245 | Windows SMB Elevation of Privilege Vulnerability |
| CVE-2024-26207 | Windows Remote Access Connection Manager Information Disclosure Vulnerability |
| CVE-2024-26208 | Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability |
| CVE-2024-26213 | Microsoft Brokering File System Elevation of Privilege Vulnerability |
| CVE-2024-26214 | Microsoft WDAC SQL Server ODBC Driver Remote Code Execution Vulnerability |
| CVE-2024-26215 | DHCP Server Service Denial of Service Vulnerability |
| CVE-2024-26216 | Windows File Server Resource Management Service Elevation of Privilege Vulnerability |
| CVE-2024-26217 | Windows Remote Access Connection Manager Information Disclosure Vulnerability |
| CVE-2024-26226 | Windows Distributed File System (DFS) Information Disclosure Vulnerability |
| CVE-2024-26228 | Windows Cryptographic Services Security Feature Bypass Vulnerability |
| CVE-2024-26240 | Secure Boot Security Feature Bypass Vulnerability |
| CVE-2024-26251 | Microsoft SharePoint Server Spoofing Vulnerability |
| CVE-2024-26257 | Microsoft Excel Remote Code Execution Vulnerability |
| CVE-2024-28924 | Secure Boot Security Feature Bypass Vulnerability |
| CVE-2024-28925 | Secure Boot Security Feature Bypass Vulnerability |
| CVE-2024-28897 | Secure Boot Security Feature Bypass Vulnerability |
| CVE-2024-28900 | Windows Remote Access Connection Manager Information Disclosure Vulnerability |
| CVE-2024-28904 | Microsoft Brokering File System Elevation of Privilege Vulnerability |
| CVE-2024-28907 | Microsoft Brokering File System Elevation of Privilege Vulnerability |
| CVE-2024-28926 | Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability |
| CVE-2024-28927 | Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability |
| CVE-2024-28930 | Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability |
| CVE-2024-28933 | Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability |
| CVE-2024-28934 | Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability |
| CVE-2024-28935 | Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability |
| CVE-2024-28937 | Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability |
| CVE-2024-28938 | Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability |
| CVE-2024-28940 | Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability |
| CVE-2024-28941 | Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability |
| CVE-2024-28943 | Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability |
| CVE-2024-28944 | Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability |
| CVE-2024-29044 | Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability |
| CVE-2024-29046 | Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability |
| CVE-2024-29048 | Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability |
| CVE-2024-29052 | Windows Storage Elevation of Privilege Vulnerability |
| CVE-2024-29053 | Microsoft Defender for IoT Remote Code Execution Vulnerability |
| CVE-2024-29055 | Microsoft Defender for IoT Elevation of Privilege Vulnerability |
| CVE-2024-29054 | Microsoft Defender for IoT Elevation of Privilege Vulnerability |
| CVE-2024-29061 | Secure Boot Security Feature Bypass Vulnerability |
| CVE-2024-29062 | Secure Boot Security Feature Bypass Vulnerability |
| CVE-2024-20670 | Outlook for Windows Spoofing Vulnerability |
| CVE-2024-29982 | Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability |
| CVE-2024-29983 | Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability |
| CVE-2024-29984 | Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability |
| CVE-2024-29985 | Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability |
| CVE-2024-23593 | Lenovo: CVE-2024-23593 Zero Out Boot Manager and drop to UEFI Shell |
| CVE-2024-29989 | Azure Monitor Agent Elevation of Privilege Vulnerability |
| CVE-2024-29992 | Azure Identity Library for .NET Information Disclosure Vulnerability |
| CVE-2024-29993 | Azure CycleCloud Elevation of Privilege Vulnerability |
| CVE-2024-26256 | libarchive Remote Code Execution Vulnerability |
| CVE-2024-26158 | Microsoft Install Service Elevation of Privilege Vulnerability |
| CVE-2024-28921 | Secure Boot Security Feature Bypass Vulnerability |
| CVE-2024-28903 | Secure Boot Security Feature Bypass Vulnerability |
| CVE-2024-29988 | SmartScreen Prompt Security Feature Bypass Vulnerability |
| CVE-2024-26209 | Microsoft Local Security Authority Subsystem Service Information Disclosure Vulnerability |
| CVE-2024-26218 | Windows Kernel Elevation of Privilege Vulnerability |
| CVE-2024-26241 | Win32k Elevation of Privilege Vulnerability |
| CVE-2024-26234 | Proxy Driver Spoofing Vulnerability |
| CVE-2024-26211 | Windows Remote Access Connection Manager Elevation of Privilege Vulnerability |
| CVE-2024-26212 | DHCP Server Service Denial of Service Vulnerability |
| CVE-2024-26230 | Windows Telephony Server Elevation of Privilege Vulnerability |
| CVE-2024-26239 | Windows Telephony Server Elevation of Privilege Vulnerability |
| CVE-2024-29056 | Windows Authentication Elevation of Privilege Vulnerability |
| CVE-2024-28917 | Azure Arc-enabled Kubernetes Extension Cluster-Scope Elevation of Privilege Vulnerability |