Wtorkowa aktualizacja Microsoftu z kwietnia 2024 r., która zawiera aktualizacje zabezpieczeń dotyczące 150 luk i sześćdziesięciu siedmiu błędów związanych ze zdalnym wykonaniem kodu.
W ramach dzisiejszej łatki wtorkowej naprawiono tylko trzy krytyczne luki, ale istnieje ponad sześćdziesiąt siedem błędów związanych ze zdalnym wykonaniem kodu. Ponad połowa usterek RCE występuje w sterownikach Microsoft SQL i prawdopodobnie mają one wspólną wadę.
Wtorkowa łatka naprawiła dwie luki typu zero-day aktywnie wykorzystywane w atakach złośliwego oprogramowania.
Microsoft początkowo nie oznaczył dni zerowych jako aktywnie wykorzystywanych, ale firmy Sophos i Trend Micro udostępniły informacje na temat tego, w jaki sposób były aktywnie wykorzystywane w atakach.
CVE-2024-26234 — Luka w zabezpieczeniach sterownika proxy umożliwiająca fałszowanie
Firma Sophos poinformowała, iż ten CVE jest przypisany do złośliwego sterownika podpisanego ważnym certyfikatem Microsoft Hardware Publisher.
Sterownik został wykorzystany do wdrożenia backdoora ujawnionego wcześniej przez firmę Stairwell.
CVE-2024-29988 — Luka w zabezpieczeniach funkcji SmartScreen Prompt polegająca na obejściu funkcji zabezpieczeń
CVE-2024-29988 to łatka obchodząca lukę CVE-2024-21412 (również łatka omijająca CVE-2023-36025), która umożliwia załącznikom omijanie monitów ekranu Microsoft Defender Smartscreen podczas otwierania pliku.
Zostało to wykorzystane przez motywowaną finansowo grupę hakerską Water Hydra do atakowania forów handlu forex i kanałów telegramu handlujących akcjami w atakach typu spearphishing, w których wykorzystano trojana zdalnego dostępu DarkMe (RAT).
Tag | CVE ID | CVE | Krytyczność |
.NET and Visual Studio | CVE-2024-21409 | .NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability | Ważna |
Azure | CVE-2024-29993 | Azure CycleCloud Elevation of Privilege Vulnerability | Ważna |
Azure AI Search | CVE-2024-29063 | Azure AI Search Information Disclosure Vulnerability | Ważna |
Azure Arc | CVE-2024-28917 | Azure Arc-enabled Kubernetes Extension Cluster-Scope Elevation of Privilege Vulnerability | Ważna |
Azure Compute Gallery | CVE-2024-21424 | Azure Compute Gallery Elevation of Privilege Vulnerability | Ważna |
Azure Migrate | CVE-2024-26193 | Azure Migrate Remote Code Execution Vulnerability | Ważna |
Azure Monitor | CVE-2024-29989 | Azure Monitor Agent Elevation of Privilege Vulnerability | Ważna |
Azure Private 5G Core | CVE-2024-20685 | Azure Private 5G Core Denial of Service Vulnerability | Umiarkowana |
Azure SDK | CVE-2024-29992 | Azure Identity Library for .NET Information Disclosure Vulnerability | Umiarkowana |
Intel | CVE-2024-2201 | Intel: CVE-2024-2201 Branch History Injection | Ważna |
Internet Shortcut Files | CVE-2024-29988 | SmartScreen Prompt Security Feature Bypass Vulnerability | Ważna |
Mariner | CVE-2019-3816 | Unknown | Nieokreślona |
Mariner | CVE-2019-3833 | Unknown | Nieokreślona |
Microsoft Azure Kubernetes Service | CVE-2024-29990 | Microsoft Azure Kubernetes Service Confidential Container Elevation of Privilege Vulnerability | Ważna |
Microsoft Brokering File System | CVE-2024-28905 | Microsoft Brokering File System Elevation of Privilege Vulnerability | Ważna |
Microsoft Brokering File System | CVE-2024-28907 | Microsoft Brokering File System Elevation of Privilege Vulnerability | Ważna |
Microsoft Brokering File System | CVE-2024-26213 | Microsoft Brokering File System Elevation of Privilege Vulnerability | Ważna |
Microsoft Brokering File System | CVE-2024-28904 | Microsoft Brokering File System Elevation of Privilege Vulnerability | Ważna |
Microsoft Defender for IoT | CVE-2024-29055 | Microsoft Defender for IoT Elevation of Privilege Vulnerability | Ważna |
Microsoft Defender for IoT | CVE-2024-29053 | Microsoft Defender for IoT Remote Code Execution Vulnerability | Krytyczna |
Microsoft Defender for IoT | CVE-2024-29054 | Microsoft Defender for IoT Elevation of Privilege Vulnerability | Ważna |
Microsoft Defender for IoT | CVE-2024-21324 | Microsoft Defender for IoT Elevation of Privilege Vulnerability | Ważna |
Microsoft Defender for IoT | CVE-2024-21323 | Microsoft Defender for IoT Remote Code Execution Vulnerability | Krytyczna |
Microsoft Defender for IoT | CVE-2024-21322 | Microsoft Defender for IoT Remote Code Execution Vulnerability | Krytyczna |
Microsoft Edge (Chromium-based) | CVE-2024-3156 | Chromium: CVE-2024-3156 Inappropriate implementation in V8 | Nieokreślona |
Microsoft Edge (Chromium-based) | CVE-2024-29049 | Microsoft Edge (Chromium-based) Webview2 Spoofing Vulnerability | Umiarkowana |
Microsoft Edge (Chromium-based) | CVE-2024-29981 | Microsoft Edge (Chromium-based) Spoofing Vulnerability | Niska |
Microsoft Edge (Chromium-based) | CVE-2024-3159 | Chromium: CVE-2024-3159 Out of bounds memory access in V8 | Nieokreślona |
Microsoft Edge (Chromium-based) | CVE-2024-3158 | Chromium: CVE-2024-3158 Use after free in Bookmarks | Nieokreślona |
Microsoft Install Service | CVE-2024-26158 | Microsoft Install Service Elevation of Privilege Vulnerability | Ważna |
Microsoft Office Excel | CVE-2024-26257 | Microsoft Excel Remote Code Execution Vulnerability | Ważna |
Microsoft Office Outlook | CVE-2024-20670 | Outlook for Windows Spoofing Vulnerability | Ważna |
Microsoft Office SharePoint | CVE-2024-26251 | Microsoft SharePoint Server Spoofing Vulnerability | Ważna |
Microsoft WDAC ODBC Driver | CVE-2024-26214 | Microsoft WDAC SQL Server ODBC Driver Remote Code Execution Vulnerability | Ważna |
Microsoft WDAC OLE DB provider for SQL | CVE-2024-26244 | Microsoft WDAC OLE DB Provider for SQL Server Remote Code Execution Vulnerability | Ważna |
Microsoft WDAC OLE DB provider for SQL | CVE-2024-26210 | Microsoft WDAC OLE DB Provider for SQL Server Remote Code Execution Vulnerability | Ważna |
Role: DNS Server | CVE-2024-26233 | Windows DNS Server Remote Code Execution Vulnerability | Ważna |
Role: DNS Server | CVE-2024-26231 | Windows DNS Server Remote Code Execution Vulnerability | Ważna |
Role: DNS Server | CVE-2024-26227 | Windows DNS Server Remote Code Execution Vulnerability | Ważna |
Role: DNS Server | CVE-2024-26223 | Windows DNS Server Remote Code Execution Vulnerability | Ważna |
Role: DNS Server | CVE-2024-26221 | Windows DNS Server Remote Code Execution Vulnerability | Ważna |
Role: DNS Server | CVE-2024-26224 | Windows DNS Server Remote Code Execution Vulnerability | Ważna |
Role: DNS Server | CVE-2024-26222 | Windows DNS Server Remote Code Execution Vulnerability | Ważna |
Role: Windows Hyper-V | CVE-2024-29064 | Windows Hyper-V Denial of Service Vulnerability | Ważna |
SQL Server | CVE-2024-28937 | Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability | Ważna |
SQL Server | CVE-2024-28938 | Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability | Ważna |
SQL Server | CVE-2024-29044 | Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability | Ważna |
SQL Server | CVE-2024-28935 | Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability | Ważna |
SQL Server | CVE-2024-28940 | Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability | Ważna |
SQL Server | CVE-2024-28943 | Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability | Ważna |
SQL Server | CVE-2024-28941 | Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability | Ważna |
SQL Server | CVE-2024-28910 | Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability | Ważna |
SQL Server | CVE-2024-28944 | Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability | Ważna |
SQL Server | CVE-2024-28908 | Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability | Ważna |
SQL Server | CVE-2024-28909 | Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability | Ważna |
SQL Server | CVE-2024-29985 | Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability | Ważna |
SQL Server | CVE-2024-28906 | Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability | Ważna |
SQL Server | CVE-2024-28926 | Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability | Ważna |
SQL Server | CVE-2024-28933 | Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability | Ważna |
SQL Server | CVE-2024-28934 | Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability | Ważna |
SQL Server | CVE-2024-28927 | Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability | Ważna |
SQL Server | CVE-2024-28930 | Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability | Ważna |
SQL Server | CVE-2024-29046 | Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability | Ważna |
SQL Server | CVE-2024-28932 | Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability | Ważna |
SQL Server | CVE-2024-29047 | Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability | Ważna |
SQL Server | CVE-2024-28931 | Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability | Ważna |
SQL Server | CVE-2024-29984 | Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability | Ważna |
SQL Server | CVE-2024-28929 | Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability | Ważna |
SQL Server | CVE-2024-28939 | Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability | Ważna |
SQL Server | CVE-2024-28942 | Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability | Ważna |
SQL Server | CVE-2024-29043 | Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability | Ważna |
SQL Server | CVE-2024-28936 | Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability | Ważna |
SQL Server | CVE-2024-29045 | Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability | Ważna |
SQL Server | CVE-2024-28915 | Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability | Ważna |
SQL Server | CVE-2024-28913 | Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability | Ważna |
SQL Server | CVE-2024-28945 | Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability | Ważna |
SQL Server | CVE-2024-29048 | Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability | Ważna |
SQL Server | CVE-2024-28912 | Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability | Ważna |
SQL Server | CVE-2024-28914 | Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability | Ważna |
SQL Server | CVE-2024-29983 | Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability | Ważna |
SQL Server | CVE-2024-28911 | Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability | Ważna |
SQL Server | CVE-2024-29982 | Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability | Ważna |
Windows Authentication Methods | CVE-2024-29056 | Windows Authentication Elevation of Privilege Vulnerability | Ważna |
Windows Authentication Methods | CVE-2024-21447 | Windows Authentication Elevation of Privilege Vulnerability | Ważna |
Windows BitLocker | CVE-2024-20665 | BitLocker Security Feature Bypass Vulnerability | Ważna |
Windows Compressed Folder | CVE-2024-26256 | libarchive Remote Code Execution Vulnerability | Ważna |
Windows Cryptographic Services | CVE-2024-26228 | Windows Cryptographic Services Security Feature Bypass Vulnerability | Ważna |
Windows Cryptographic Services | CVE-2024-29050 | Windows Cryptographic Services Remote Code Execution Vulnerability | Ważna |
Windows Defender Credential Guard | CVE-2024-26237 | Windows Defender Credential Guard Elevation of Privilege Vulnerability | Ważna |
Windows DHCP Server | CVE-2024-26212 | DHCP Server Service Denial of Service Vulnerability | Ważna |
Windows DHCP Server | CVE-2024-26215 | DHCP Server Service Denial of Service Vulnerability | Ważna |
Windows DHCP Server | CVE-2024-26195 | DHCP Server Service Remote Code Execution Vulnerability | Ważna |
Windows DHCP Server | CVE-2024-26202 | DHCP Server Service Remote Code Execution Vulnerability | Ważna |
Windows Distributed File System (DFS) | CVE-2024-29066 | Windows Distributed File System (DFS) Remote Code Execution Vulnerability | Ważna |
Windows Distributed File System (DFS) | CVE-2024-26226 | Windows Distributed File System (DFS) Information Disclosure Vulnerability | Ważna |
Windows DWM Core Library | CVE-2024-26172 | Windows DWM Core Library Information Disclosure Vulnerability | Ważna |
Windows File Server Resource Management Service | CVE-2024-26216 | Windows File Server Resource Management Service Elevation of Privilege Vulnerability | Ważna |
Windows HTTP.sys | CVE-2024-26219 | HTTP.sys Denial of Service Vulnerability | Ważna |
Windows Internet Connection Sharing (ICS) | CVE-2024-26253 | Windows rndismp6.sys Remote Code Execution Vulnerability | Ważna |
Windows Internet Connection Sharing (ICS) | CVE-2024-26252 | Windows rndismp6.sys Remote Code Execution Vulnerability | Ważna |
Windows Kerberos | CVE-2024-26183 | Windows Kerberos Denial of Service Vulnerability | Ważna |
Windows Kerberos | CVE-2024-26248 | Windows Kerberos Elevation of Privilege Vulnerability | Ważna |
Windows Kernel | CVE-2024-20693 | Windows Kernel Elevation of Privilege Vulnerability | Ważna |
Windows Kernel | CVE-2024-26245 | Windows SMB Elevation of Privilege Vulnerability | Ważna |
Windows Kernel | CVE-2024-26229 | Windows CSC Service Elevation of Privilege Vulnerability | Ważna |
Windows Kernel | CVE-2024-26218 | Windows Kernel Elevation of Privilege Vulnerability | Ważna |
Windows Local Security Authority Subsystem Service (LSASS) | CVE-2024-26209 | Microsoft Local Security Authority Subsystem Service Information Disclosure Vulnerability | Ważna |
Windows Message Queuing | CVE-2024-26232 | Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability | Ważna |
Windows Message Queuing | CVE-2024-26208 | Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability | Ważna |
Windows Mobile Hotspot | CVE-2024-26220 | Windows Mobile Hotspot Information Disclosure Vulnerability | Ważna |
Windows Proxy Driver | CVE-2024-26234 | Proxy Driver Spoofing Vulnerability | Ważna |
Windows Remote Access Connection Manager | CVE-2024-28902 | Windows Remote Access Connection Manager Information Disclosure Vulnerability | Ważna |
Windows Remote Access Connection Manager | CVE-2024-28900 | Windows Remote Access Connection Manager Information Disclosure Vulnerability | Ważna |
Windows Remote Access Connection Manager | CVE-2024-28901 | Windows Remote Access Connection Manager Information Disclosure Vulnerability | Ważna |
Windows Remote Access Connection Manager | CVE-2024-26255 | Windows Remote Access Connection Manager Information Disclosure Vulnerability | Ważna |
Windows Remote Access Connection Manager | CVE-2024-26230 | Windows Telephony Server Elevation of Privilege Vulnerability | Ważna |
Windows Remote Access Connection Manager | CVE-2024-26239 | Windows Telephony Server Elevation of Privilege Vulnerability | Ważna |
Windows Remote Access Connection Manager | CVE-2024-26207 | Windows Remote Access Connection Manager Information Disclosure Vulnerability | Ważna |
Windows Remote Access Connection Manager | CVE-2024-26217 | Windows Remote Access Connection Manager Information Disclosure Vulnerability | Ważna |
Windows Remote Access Connection Manager | CVE-2024-26211 | Windows Remote Access Connection Manager Elevation of Privilege Vulnerability | Ważna |
Windows Remote Procedure Call | CVE-2024-20678 | Remote Procedure Call Runtime Remote Code Execution Vulnerability | Ważna |
Windows Routing and Remote Access Service (RRAS) | CVE-2024-26200 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | Ważna |
Windows Routing and Remote Access Service (RRAS) | CVE-2024-26179 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | Ważna |
Windows Routing and Remote Access Service (RRAS) | CVE-2024-26205 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | Ważna |
Windows Secure Boot | CVE-2024-29061 | Secure Boot Security Feature Bypass Vulnerability | Ważna |
Windows Secure Boot | CVE-2024-28921 | Secure Boot Security Feature Bypass Vulnerability | Ważna |
Windows Secure Boot | CVE-2024-20689 | Secure Boot Security Feature Bypass Vulnerability | Ważna |
Windows Secure Boot | CVE-2024-26250 | Secure Boot Security Feature Bypass Vulnerability | Ważna |
Windows Secure Boot | CVE-2024-28922 | Secure Boot Security Feature Bypass Vulnerability | Ważna |
Windows Secure Boot | CVE-2024-29062 | Secure Boot Security Feature Bypass Vulnerability | Ważna |
Windows Secure Boot | CVE-2024-20669 | Secure Boot Security Feature Bypass Vulnerability | Ważna |
Windows Secure Boot | CVE-2024-28898 | Secure Boot Security Feature Bypass Vulnerability | Ważna |
Windows Secure Boot | CVE-2024-20688 | Secure Boot Security Feature Bypass Vulnerability | Ważna |
Windows Secure Boot | CVE-2024-23593 | Lenovo: CVE-2024-23593 Zero Out Boot Manager and drop to UEFI Shell | Ważna |
Windows Secure Boot | CVE-2024-28896 | Secure Boot Security Feature Bypass Vulnerability | Ważna |
Windows Secure Boot | CVE-2024-28919 | Secure Boot Security Feature Bypass Vulnerability | Ważna |
Windows Secure Boot | CVE-2024-23594 | Lenovo: CVE-2024-23594 Stack Buffer Overflow in LenovoBT.efi | Ważna |
Windows Secure Boot | CVE-2024-28923 | Secure Boot Security Feature Bypass Vulnerability | Ważna |
Windows Secure Boot | CVE-2024-28903 | Secure Boot Security Feature Bypass Vulnerability | Ważna |
Windows Secure Boot | CVE-2024-26189 | Secure Boot Security Feature Bypass Vulnerability | Ważna |
Windows Secure Boot | CVE-2024-26240 | Secure Boot Security Feature Bypass Vulnerability | Ważna |
Windows Secure Boot | CVE-2024-28924 | Secure Boot Security Feature Bypass Vulnerability | Ważna |
Windows Secure Boot | CVE-2024-28897 | Secure Boot Security Feature Bypass Vulnerability | Ważna |
Windows Secure Boot | CVE-2024-28925 | Secure Boot Security Feature Bypass Vulnerability | Ważna |
Windows Secure Boot | CVE-2024-26175 | Secure Boot Security Feature Bypass Vulnerability | Ważna |
Windows Secure Boot | CVE-2024-28920 | Secure Boot Security Feature Bypass Vulnerability | Ważna |
Windows Secure Boot | CVE-2024-26194 | Secure Boot Security Feature Bypass Vulnerability | Ważna |
Windows Secure Boot | CVE-2024-26180 | Secure Boot Security Feature Bypass Vulnerability | Ważna |
Windows Secure Boot | CVE-2024-26171 | Secure Boot Security Feature Bypass Vulnerability | Ważna |
Windows Secure Boot | CVE-2024-26168 | Secure Boot Security Feature Bypass Vulnerability | Ważna |
Windows Storage | CVE-2024-29052 | Windows Storage Elevation of Privilege Vulnerability | Ważna |
Windows Telephony Server | CVE-2024-26242 | Windows Telephony Server Elevation of Privilege Vulnerability | Ważna |
Windows Update Stack | CVE-2024-26236 | Windows Update Stack Elevation of Privilege Vulnerability | Ważna |
Windows Update Stack | CVE-2024-26235 | Windows Update Stack Elevation of Privilege Vulnerability | Ważna |
Windows USB Print Driver | CVE-2024-26243 | Windows USB Print Driver Elevation of Privilege Vulnerability | Ważna |
Windows Virtual Machine Bus | CVE-2024-26254 | Microsoft Virtual Machine Bus (VMBus) Denial of Service Vulnerability | Ważna |
Windows Win32K – ICOMP | CVE-2024-26241 | Win32k Elevation of Privilege Vulnerability | Ważna |