April 2024 Patch Tuesday Updates Fix SmartScreen Security Bypass Vulnerability
Key Takeaways:
- Microsoft addressed 149 security vulnerabilities in Windows, Microsoft Office, and other components, with seven of them being rated as “Critical” and 90 rated as “Important” in severity.
- Microsoft fixed a security feature bypass vulnerability in Windows SmartScreen and remote code execution flaws in Microsoft Defender for IoT and Windows DNS Server.
- The “Moment 5” update is now available for all Windows 11 users with accessibility features, intelligent snap suggestions, and voice access improvements.
Microsoft released yesterday the April Patch Tuesday updates for Windows 11 and Windows 10. This month, the company addressed 149 security vulnerabilities in Windows, Microsoft Office, and other components, with one already being exploited.
On the quality and experience updates front, Microsoft released the KB5036893 update that enables the “Moment 5” features for all Windows 11 users. These include new accessibility features, intelligent snap suggestions, voice access improvements, and more.
149 vulnerabilities fixed in the April Patch Tuesday updates
Microsoft has released new security patches to fix 149 security flaws. Among these, seven have been deemed ‘Critical’ and 90 are rated as ‘Important’ in severity. The Zero Day Initiative also pointed out that none of the bugs disclosed over Teams during Pwn2Own Vancouver are being addressed with the April Patch Tuesday updates.
Here’s a list of the most important patches you should know about this month:
- CVE-2024-29988: This is a security feature bypass vulnerability in Windows SmartScreen with a CVSS score of 8.8. Microsoft says this security flaw hasn’t been actively exploited or publicly disclosed.
- CVE-2024-20678: This is a high-severity vulnerability that allows an unauthenticated attacker to send a specially crafted Remote Procedure Call to an RPC host. It received a CVSS score of 8.8.
- CVE-2024-21323: This is a privilege escalation flaw that could be exploited by sending a .tar file to a Defender for IoT sensor.
- CVE-2024-29053: This remote code execution vulnerability in Microsoft Defender for IoT could be triggered by an unauthenticated hacker with access to the file upload feature.
- CVE-2024-20670: This spoofing vulnerability in Outlook for Windows lets attackers steal NTLM hashes and authenticate as the victim.
- CVE-2024-26221: This max severity flaw could enable cybercriminals to execute code remotely on the target Windows DNS Server.
Here’s the full list of patches Microsoft released this month:
| Product | Impact | Max Severity | Article | Download | Details |
| Windows Server 2012 R2 (Server Core installation) | Information Disclosure | Important | 5036960 | Monthly Rollup | CVE-2022-0001 |
| Windows Server 2012 R2 | Information Disclosure | Important | 5036960 | Monthly Rollup | CVE-2022-0001 |
| Windows Server 2012 (Server Core installation) | Information Disclosure | Important | 5036969 | Monthly Rollup | CVE-2022-0001 |
| Windows Server 2012 | Information Disclosure | Important | 5036969 | Monthly Rollup | CVE-2022-0001 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | Information Disclosure | Important | 5036967 | Monthly Rollup | CVE-2022-0001 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | Information Disclosure | Important | 5036922 | Security Only | CVE-2022-0001 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | Information Disclosure | Important | 5036967 | Monthly Rollup | CVE-2022-0001 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | Information Disclosure | Important | 5036922 | Security Only | CVE-2022-0001 |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | Information Disclosure | Important | 5036932 | Monthly Rollup | CVE-2022-0001 |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | Information Disclosure | Important | 5036950 | Security Only | CVE-2022-0001 |
| Windows Server 2008 for x64-based Systems Service Pack 2 | Information Disclosure | Important | 5036932 | Monthly Rollup | CVE-2022-0001 |
| Windows Server 2008 for x64-based Systems Service Pack 2 | Information Disclosure | Important | 5036950 | Security Only | CVE-2022-0001 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | Information Disclosure | Important | 5036932 | Monthly Rollup | CVE-2022-0001 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | Information Disclosure | Important | 5036950 | Security Only | CVE-2022-0001 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | Information Disclosure | Important | 5036932 | Monthly Rollup | CVE-2022-0001 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | Information Disclosure | Important | 5036950 | Security Only | CVE-2022-0001 |
| Windows Server 2016 (Server Core installation) | Information Disclosure | Important | 5036899 | Security Update | CVE-2022-0001 |
| Windows Server 2016 | Information Disclosure | Important | 5036899 | Security Update | CVE-2022-0001 |
| Windows 10 Version 1607 for x64-based Systems | Information Disclosure | Important | 5036899 | Security Update | CVE-2022-0001 |
| Windows 10 Version 1607 for 32-bit Systems | Information Disclosure | Important | 5036899 | Security Update | CVE-2022-0001 |
| Windows 10 for x64-based Systems | Information Disclosure | Important | 5036925 | Security Update | CVE-2022-0001 |
| Windows 10 for 32-bit Systems | Information Disclosure | Important | 5036925 | Security Update | CVE-2022-0001 |
| Windows Server 2022, 23H2 Edition (Server Core installation) | Information Disclosure | Important | 5036910 | Security Update | CVE-2022-0001 |
| Windows 11 Version 23H2 for x64-based Systems | Information Disclosure | Important | 5036893 | Security Update | CVE-2022-0001 |
| Windows 11 Version 23H2 for ARM64-based Systems | Information Disclosure | Important | 5036893 | Security Update | CVE-2022-0001 |
| Windows 10 Version 22H2 for 32-bit Systems | Information Disclosure | Important | 5036892 | Security Update | CVE-2022-0001 |
| Windows 10 Version 22H2 for ARM64-based Systems | Information Disclosure | Important | 5036892 | Security Update | CVE-2022-0001 |
| Windows 10 Version 22H2 for x64-based Systems | Information Disclosure | Important | 5036892 | Security Update | CVE-2022-0001 |
| Windows 11 Version 22H2 for x64-based Systems | Information Disclosure | Important | 5036893 | Security Update | CVE-2022-0001 |
| Windows 11 Version 22H2 for ARM64-based Systems | Information Disclosure | Important | 5036893 | Security Update | CVE-2022-0001 |
| Windows 10 Version 21H2 for x64-based Systems | Information Disclosure | Important | 5036892 | Security Update | CVE-2022-0001 |
| Windows 10 Version 21H2 for ARM64-based Systems | Information Disclosure | Important | 5036892 | Security Update | CVE-2022-0001 |
| Windows 10 Version 21H2 for 32-bit Systems | Information Disclosure | Important | 5036892 | Security Update | CVE-2022-0001 |
| Windows 11 version 21H2 for ARM64-based Systems | Information Disclosure | Important | 5036894 | Security Update | CVE-2022-0001 |
| Windows 11 version 21H2 for x64-based Systems | Information Disclosure | Important | 5036894 | Security Update | CVE-2022-0001 |
| Windows Server 2022 (Server Core installation) | Information Disclosure | Important | 5036909 | Security Update | CVE-2022-0001 |
| Windows Server 2022 | Information Disclosure | Important | 5036909 | Security Update | CVE-2022-0001 |
| Windows Server 2019 (Server Core installation) | Information Disclosure | Important | 5036896 | Security Update | CVE-2022-0001 |
| Windows Server 2019 | Information Disclosure | Important | 5036896 | Security Update | CVE-2022-0001 |
| Windows 10 Version 1809 for ARM64-based Systems | Information Disclosure | Important | 5036896 | Security Update | CVE-2022-0001 |
| Windows 10 Version 1809 for x64-based Systems | Information Disclosure | Important | 5036896 | Security Update | CVE-2022-0001 |
| Windows 10 Version 1809 for 32-bit Systems | Information Disclosure | Important | 5036896 | Security Update | CVE-2022-0001 |
| Azure Migrate | Remote Code Execution | Important | More Information | Security Update | CVE-2024-26193 |
| Azure Compute Gallery | Elevation of Privilege | Important | More Information | Security Update | CVE-2024-21424 |
| Microsoft SQL Server 2022 for x64-based Systems (CU 12) | Remote Code Execution | Important | 5036343 | Security Update | CVE-2024-29044 |
| Azure Arc Cluster microsoft.azure.hybridnetwork Extension | Elevation of Privilege | Important | Release Notes | Security Update | CVE-2024-28917 |
| Azure Arc Cluster microsoft.openservicemesh Extension | Elevation of Privilege | Important | Release Notes | Security Update | CVE-2024-28917 |
| Microsoft Visual Studio 2022 version 17.8 | Remote Code Execution | Important | Release Notes | Security Update | CVE-2024-21409 |
| Microsoft Visual Studio 2019 version 16.11 (includes 16.0 – 16.10) | Remote Code Execution | Important | Release Notes | Security Update | CVE-2024-28933 |
| Microsoft Visual Studio 2022 version 17.9 | Remote Code Execution | Important | Release Notes | Security Update | CVE-2024-28935 |
| Microsoft Visual Studio 2022 version 17.6 | Remote Code Execution | Important | Release Notes | Security Update | CVE-2024-28930 |
| Microsoft Visual Studio 2022 version 17.4 | Remote Code Execution | Important | Release Notes | Security Update | CVE-2024-28930 |
| Microsoft OLE DB Driver 18 for SQL Server | Remote Code Execution | Important | 5037572 | Security Update | CVE-2024-28939 |
| Microsoft OLE DB Driver 19 for SQL Server | Remote Code Execution | Important | 5037573 | Security Update | CVE-2024-28939 |
| Microsoft SQL Server 2022 for x64-based Systems (GDR) | Remote Code Execution | Important | 5035432 | Security Update | CVE-2024-28939 |
| Microsoft SQL Server 2019 for x64-based Systems (GDR) | Remote Code Execution | Important | 5035434 | Security Update | CVE-2024-28939 |
| Microsoft ODBC Driver 18 for SQL Server on MacOS | Remote Code Execution | Important | Release Notes | Security Update | CVE-2024-28938 |
| Microsoft ODBC Driver 18 for SQL Server on Linux | Remote Code Execution | Important | Release Notes | Security Update | CVE-2024-28938 |
| Microsoft ODBC Driver 18 for SQL Server on Windows | Remote Code Execution | Important | 5037571 | Security Update | CVE-2024-28938 |
| Microsoft ODBC Driver 17 for SQL Server on MacOS | Remote Code Execution | Important | Release Notes | Security Update | CVE-2024-28938 |
| Microsoft ODBC Driver 17 for SQL Server on Linux | Remote Code Execution | Important | Release Notes | Security Update | CVE-2024-28938 |
| Microsoft ODBC Driver 17 for SQL Server on Windows | Remote Code Execution | Important | 5037570 | Security Update | CVE-2024-28932 |
| Microsoft .NET Framework 3.5 AND 4.7.2 | Remote Code Execution | Important | 5037034 | Security Update | CVE-2024-21409 |
| Microsoft .NET Framework 4.8 | Remote Code Execution | Important | 5037040 | Monthly Rollup | CVE-2024-21409 |
| Microsoft .NET Framework 4.8 | Remote Code Execution | Important | 5037039 | Monthly Rollup | CVE-2024-21409 |
| Azure AI Search | Information Disclosure | Important | Release Notes | Security Update | CVE-2024-29063 |
| Microsoft SQL Server 2019 for x64-based Systems (CU 25) | Remote Code Execution | Important | 5036335 | Security Update | CVE-2024-29044 |
| Microsoft .NET Framework 4.8 | Remote Code Execution | Important | 5037127 | Security Only | CVE-2024-21409 |
| Azure Kubernetes Service Confidential Containers | Elevation of Privilege | Important | Release Notes | Security Update | CVE-2024-29990 |
| Azure Monitor Agent | Elevation of Privilege | Important | Release Notes | Security Update | CVE-2024-29989 |
| Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 | Remote Code Execution | Important | 5037038 | Monthly Rollup | CVE-2024-21409 |
| Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 | Remote Code Execution | Important | 5037127 | Security Only | CVE-2024-21409 |
| Microsoft .NET Framework 3.5 AND 4.7.2 | Remote Code Execution | Important | 5036899 | Security Update | CVE-2024-21409 |
| Microsoft .NET Framework 3.5 AND 4.8.1 | Remote Code Execution | Important | 5037033 | Security Update | CVE-2024-21409 |
| Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 | Remote Code Execution | Important | 5037040 | Monthly Rollup | CVE-2024-21409 |
| Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 | Remote Code Execution | Important | 5037039 | Monthly Rollup | CVE-2024-21409 |
| Microsoft Defender for IoT | Elevation of Privilege | Important | Release Notes | Security Update | CVE-2024-21324 |
| Microsoft .NET Framework 3.5 AND 4.8 | Remote Code Execution | Important | 5036609 | Security Update | CVE-2024-21409 |
| Microsoft .NET Framework 3.5 AND 4.8 | Remote Code Execution | Important | 5037036 | Security Update | CVE-2024-21409 |
| Microsoft .NET Framework 3.5 AND 4.8 | Remote Code Execution | Important | 5037035 | Security Update | CVE-2024-21409 |
| Microsoft .NET Framework 3.5 AND 4.8 | Remote Code Execution | Important | 5037037 | Security Update | CVE-2024-21409 |
| Microsoft SharePoint Server 2016 | Spoofing | Important | 5002583 | Security Update | CVE-2024-26251 |
| Microsoft SharePoint Server Subscription Edition | Spoofing | Important | 5002581 | Security Update | CVE-2024-26251 |
| Microsoft SharePoint Server 2019 | Spoofing | Important | 5002580 | Security Update | CVE-2024-26251 |
| Azure Arc Cluster microsoft.azurekeyvaultsecretsprovider Extension | Elevation of Privilege | Important | Release Notes | Security Update | CVE-2024-28917 |
| Azure Arc Cluster microsoft.videoindexer Extension | Elevation of Privilege | Important | Release Notes | Security Update | CVE-2024-28917 |
| Azure Arc Cluster microsoft.azstackhci.operator Extension | Elevation of Privilege | Important | Release Notes | Security Update | CVE-2024-28917 |
| Azure Arc Cluster microsoft.networkfabricserviceextension Extension | Elevation of Privilege | Important | Release Notes | Security Update | CVE-2024-28917 |
| Azure Arc Cluster microsoft.iotoperations.mq Extension | Elevation of Privilege | Important | Release Notes | Security Update | CVE-2024-28917 |
| Microsoft .NET Framework 3.5 AND 4.8.1 | Remote Code Execution | Important | 5037037 | Security Update | CVE-2024-21409 |
| Microsoft .NET Framework 4.6.2 | Remote Code Execution | Important | 5037041 | Monthly Rollup | CVE-2024-21409 |
| Microsoft .NET Framework 4.6.2 | Remote Code Execution | Important | 5037128 | Security Only | CVE-2024-21409 |
| Microsoft .NET Framework 3.5 AND 4.8.1 | Remote Code Execution | Important | 5037035 | Security Update | CVE-2024-21409 |
| Outlook for Windows | Spoofing | Important | Release Notes | Security Update | CVE-2024-20670 |
| Microsoft .NET Framework 3.5 AND 4.8 | Remote Code Execution | Important | 5037033 | Security Update | CVE-2024-21409 |
| Microsoft .NET Framework 3.5 AND 4.8 | Remote Code Execution | Important | 5037034 | Security Update | CVE-2024-21409 |
| Azure Private 5G Core | Denial of Service | Moderate | Release Notes | Security Update | CVE-2024-20685 |
| .NET 8.0 | Remote Code Execution | Important | 5037338 | Security Update | CVE-2024-21409 |
| .NET 7.0 | Remote Code Execution | Important | 5037337 | Security Update | CVE-2024-21409 |
| .NET 6.0 | Remote Code Execution | Important | 5037336 | Security Update | CVE-2024-21409 |
| Microsoft .NET Framework 3.5 AND 4.8.1 | Remote Code Execution | Important | 5037036 | Security Update | CVE-2024-21409 |
| Microsoft .NET Framework 3.5 AND 4.8.1 | Remote Code Execution | Important | 5036620 | Security Update | CVE-2024-21409 |
| Azure Identity Library for .NET | Information Disclosure | Moderate | Release Notes | Security Update | CVE-2024-29992 |
| Azure CycleCloud 8.6.0 | Elevation of Privilege | Important | Release Notes | Security Update | CVE-2024-29993 |
| Microsoft Office LTSC for Mac 2021 | Remote Code Execution | Important | CVE-2024-26257 | ||
| Microsoft 365 Apps for Enterprise for 64-bit Systems | Remote Code Execution | Important | Click to Run | Security Update | CVE-2024-26257 |
| Microsoft 365 Apps for Enterprise for 32-bit Systems | Remote Code Execution | Important | Click to Run | Security Update | CVE-2024-26257 |
Quality and experience updates
Microsoft has announced that the “Moment 5” update is now available for all users running Windows 11 versions 23H2 and 22H2. This release brings several new features and enhancements, including Snap layout suggestions. Windows 11 will now provide intelligent suggestions when users try to snap multiple app windows together. Moreover, the Voice Access feature now works across multiple displays and supports French, German, and Spanish.
Windows 365 Switch lets users disconnect from their Cloud PC directly from a local PC. Users will also see new “Cloud PC” and “Local PC” desktop indicators when switching between them. Additionally, Windows 365 Boot is getting a new dedicated mode that allows users to sign into their Cloud PCs on startup. The dedicated mode also provides a fast account switcher experience that lets users switch profiles and personalize the display picture on the lock screen. You can find the full list of the new “Moment 5” features in our previous article.
Microsoft has also released the KB5036892 update for Windows 10 versions 22H2 and 21H2. The latest update brings a new option to use Windows Spotlight as desktop wallpaper on Windows 10 devices. Microsoft has also added sports, traffic, and finance content on the lock screen.
Windows Update testing and best practices
Organizations looking to deploy this month’s patches should conduct thorough testing before deploying them widely on production systems. That said, applying the patches widely shouldn’t be delayed longer than necessary as hackers start to work out how to weaponize newly reported vulnerabilities.
A best practice is to make sure you have backed up systems before applying updates. Every month, users experience issues with Windows updates that lead to systems not booting, application and hardware compatibility issues, or even data loss in extreme cases.
There are backup tools built into Windows and Windows Server that you can use to restore systems in the event a patch causes a problem. The backup features in Windows can be used to restore an entire system, or files and folders on a granular basis.