In one of the largest Patch Tuesdays in years, Microsoft disclosed 150 vulnerabilities across its software and product portfolio this week, including more than 60 that could lead to remote code execution.
Though April’s monthly security update from Microsoft is the largest since at least the start of 2023, only three of the issues disclosed are considered “critical,” all of which are remote code execution vulnerabilities in Microsoft Defender for IoT.
Most of the remainder of the security issues are considered “important,” and only two are “moderate” severity.
The three critical vulnerabilities — CVE-2024-21322, CVE-2024-21323 and CVE-2024-29053 — are all remote code execution vulnerabilities in Microsoft Defender for IoT. Though little information is provided on how these issues could be exploited, Microsoft did state that exploitation of these vulnerabilities is “less likely.”
There are also three vulnerabilities for which Microsoft said it had detected exploitation of the vulnerability in the wild:
CVE-2024-26241: Elevation of privilege vulnerability in Win32k CVE-2024-28903: Security feature bypass vulnerability in Windows Secure Boot CVE-2024-28921: Security feature bypass vulnerability in Windows Secure BootMore than half of the code execution vulnerabilities exist in Microsoft SQL drivers. An attacker could exploit these vul ..
Support the originator by clicking the read the rest link below.
