Security & Threat Updates – April 2024:

Share This Article

Microsoft addressed 149 Common Vulnerabilities and Exposures (CVE’s) this month, two of which were marked as zero-day vulnerabilities.  The most critical Common Vulnerabilities and Exposures (CVE’s) are noted below:

Microsoft Vulnerabilities:

Windows Zero-Days:

• CVE-2024-26234 – Proxy Driver Spoofing Vulnerability
• CVE-2024-29988 – SmartScreen Prompt Security Feature Bypass Vulnerability

Other Critical CVE’s:

• CVE-2024-20678 – Remote Procedure Call Runtime Remote Code Execution Vulnerability
• CVE-2024-20670 – Outlook for Windows Spoofing Vulnerability
• CVE-2024-26221 – Windows DNS Server Remote Code Execution Vulnerability

3^rd Party Critical CVE’s:

Adobe:

• Adobe released 9 patches covering 24 CVE’s for Adobe Animate, Adobe After Effects, Bridge, Commerce, Experience Manager, Illustrator, InDesign, Media Encoder, and Photoshop.
  • Animate
  • After Effects
  • Bridge
  • Commerce
  • Experience Manager
  • Illustrator
  • InDesign
  • Media Encoder
  • Photoshop

Google Chrome:

• Versions 123.0.6312.122/.123 was released for Windows, versions 123.0.6312.122/.123/.124 for Apple and 123.0.6312.122 for Linux on April 10^th.
• Chrome Release: April 10th 2024

Palo Alto Networks:

• Palo Alto Networks has released a workaround guidance for CVE-2024-3400 affecting PAN-OS versions 10.2, 11.0, and 11.1.  Palo Alto Networks has reported active exploitation of this vulnerability in the wild.
• Palo Alto Netowks Release: CVE-2024-3400

About FortressSRM Cyber Hygiene Offering:

Software vulnerabilities are one of the top cyber-attack vectors and one in three breaches are the result of vulnerabilities that were known about and should have been already patched¹. 

Keeping operating systems and application software patched and secure is time consuming and tedious – an internal IT resource nightmare. Fortress SRM’s Guardian Managed Patching with Monitoring Service delivers automated, high-efficacy (97%+) updates to Microsoft and over 80 third-party software, ensuring efficient patch deployment to every device, whether on or off network. This includes the deployment of critical updates, security updates, feature updates, operating system upgrades, key Windows security setting and configurations. 

The Fortress SRM real-time reporting console includes current patch levels of devices and gives the Client total visibility into what patch related activities have been performed, while real-time patch monitoring provides deep insight into approved, unapproved, pending, and failed patching efforts.

Ready to start the Cyber Hygiene journey? Contact us at: Contact Us | Fortress Security Risk Management (fortresssrm.com)