Posted 4/9/2024, 10:06:06 PM
Microsoft Patches Actively Exploited Windows Zero-Days and 150 Bugs in April 2024 Update
- Microsoft fixed two actively exploited Windows zero-days, CVE-2024-26234 and CVE-2024-29988, during the April 2024 Patch Tuesday
- CVE-2024-26234 involved a malicious driver signed with a valid Microsoft certificate that was found being used to deploy malware
- CVE-2024-29988 bypassed Windows Defender SmartScreen prompts and was used to deploy malware without detection
- The Water Hydra hacking group exploited CVE-2024-29988 after using a related zero-day CVE-2024-21412 on New Year's Eve
- Microsoft fixed 150 vulnerabilities on April 2024's Patch Tuesday, 67 of which were remote code execution flaws