As part of its commitment to transparency and security, Microsoft has released its April 2024 security updates addressing a total of 155 vulnerabilities across various products and services. Let’s delve into the key points:
1. Vulnerability Breakdown
Critical Vulnerabilities: Microsoft addressed three critical vulnerabilities in this month’s updates.
Important Severity: The majority of the vulnerabilities (145 out of 155) fall under the important severitycategory.
2. Notable Vulnerabilities
a. .NET Vulnerability (CVE-2024-21409)
Description: A use-after-free vulnerability exists in WPF (Windows Presentation Foundation). If exploited, it could lead to elevation of privilege when viewing untrusted documents.
Affected Versions: .NET 6.0, .NET 7.0, and .NET 8.0.
Action for Developers: Developers are advised to update their applications promptly to remove this vulnerability.
b. Visual Studio Compatibility
Ensure compatibility with Visual Studio by referring to the release notes for .NET 8.0, .NET 7.0, and .NET 6.0.
3. Zero-Day Vulnerabilities
Notably, Microsoft did not address any zero-day vulnerabilities known to be exploited in the wild in this month’s updates.
4. Deployment Recommendations
If you haven’t already, deploy the latest .NET updates to secure your applications.
Available versions: 8.0.4, 7.0.18, and 6.0.29 for Windows, macOS, and Linux (x86, x64, Arm32, and Arm64).
5. Windows Security Updates
Here’s a summary of critical vulnerabilities for supported Windows versions:
Windows 10 version 22H2: 68 vulnerabilities (0 critical, 68 important).
Windows 11 version 22H2: 69 vulnerabilities (0 critical, 69 important).
Windows 11 version 23H2: 69 vulnerabilities (0 critical, 69 important).
Microsoft’s commitment to security remains steadfast, and these updates reflect their ongoing efforts to protect users and systems. As always, stay vigilant, keep your systems up to date, and follow best practices to safeguard your digital environment.
This article was prepared by TetherView’s security team. We appreciate Microsoft’s dedication to transparency and encourage users to apply updates promptly.
For more details, you can refer to the official Microsoft blog post on the April 2024 Updates and the Patch Tuesday review.
Get more insights from the TetherView team and join in on the conversation:
Subscribe to our Newsletter
Register for a Workshop
Follow us on LinkedIn