https://community.isc2.org/t5/Threats/Microsoft-Fixes-149-Flaws-in-Huge-April-Patch-Release-Zero-Days/m-p/69434#M1174 <P>Hi All</P><P>&nbsp;</P><DIV class=""><DIV class=""><DIV class=""><DIV class=""><DIV class=""><DIV class=""><DIV class=""><P>Microsoft has released security updates for the month of April 2024 to remediate a record <A href="https://msrc.microsoft.com/update-guide/releaseNote/2024-Apr" target="_blank" rel="noopener">149 flaws</A>, two of which have come under active exploitation in the wild.</P><P>&nbsp;</P><P>Of the 149 flaws, three are rated Critical, 142 are rated Important, three are rated Moderate, and one is rated Low in severity. The update is aside from <A href="https://learn.microsoft.com/en-us/deployedge/microsoft-edge-relnotes-security" target="_blank" rel="noopener">21 vulnerabilities</A> that the company addressed in its Chromium-based Edge browser following the release of the <A href="https://thehackernews.com/2024/03/microsofts-march-updates-fix-61.html" target="_blank" rel="noopener">March 2024 Patch Tuesday fixes</A>.</P><P>The two shortcomings that have come under active exploitation are below -</P><UL><LI><A href="https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26234" target="_blank" rel="noopener"><STRONG>CVE-2024-26234</STRONG></A> (CVSS score: 6.7) - Proxy Driver Spoofing Vulnerability</LI><LI><A href="https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29988" target="_blank" rel="noopener"><STRONG>CVE-2024-29988</STRONG></A> (CVSS score: 8.8) - SmartScreen Prompt Security Feature Bypass Vulnerability</LI></UL><P><A href="https://thehackernews.com/2024/04/microsoft-fixes-149-flaws-in-huge-april.html" target="_blank" rel="noopener">https://thehackernews.com/2024/04/microsoft-fixes-149-flaws-in-huge-april.html</A></P><P>&nbsp;</P><P>Regards</P><P>&nbsp;</P><P>Caute_Cautim</P><P>&nbsp;</P></DIV></DIV></DIV></DIV></DIV></DIV></DIV> Fri, 12 Apr 2024 05:34:51 GMT Caute_cautim 2024-04-12T05:34:51Z https://community.isc2.org/t5/Threats/Microsoft-Fixes-149-Flaws-in-Huge-April-Patch-Release-Zero-Days/m-p/69434#M1174 <P>Hi All</P><P>&nbsp;</P><DIV class=""><DIV class=""><DIV class=""><DIV class=""><DIV class=""><DIV class=""><DIV class=""><P>Microsoft has released security updates for the month of April 2024 to remediate a record <A href="https://msrc.microsoft.com/update-guide/releaseNote/2024-Apr" target="_blank" rel="noopener">149 flaws</A>, two of which have come under active exploitation in the wild.</P><P>&nbsp;</P><P>Of the 149 flaws, three are rated Critical, 142 are rated Important, three are rated Moderate, and one is rated Low in severity. The update is aside from <A href="https://learn.microsoft.com/en-us/deployedge/microsoft-edge-relnotes-security" target="_blank" rel="noopener">21 vulnerabilities</A> that the company addressed in its Chromium-based Edge browser following the release of the <A href="https://thehackernews.com/2024/03/microsofts-march-updates-fix-61.html" target="_blank" rel="noopener">March 2024 Patch Tuesday fixes</A>.</P><P>The two shortcomings that have come under active exploitation are below -</P><UL><LI><A href="https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26234" target="_blank" rel="noopener"><STRONG>CVE-2024-26234</STRONG></A> (CVSS score: 6.7) - Proxy Driver Spoofing Vulnerability</LI><LI><A href="https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29988" target="_blank" rel="noopener"><STRONG>CVE-2024-29988</STRONG></A> (CVSS score: 8.8) - SmartScreen Prompt Security Feature Bypass Vulnerability</LI></UL><P><A href="https://thehackernews.com/2024/04/microsoft-fixes-149-flaws-in-huge-april.html" target="_blank" rel="noopener">https://thehackernews.com/2024/04/microsoft-fixes-149-flaws-in-huge-april.html</A></P><P>&nbsp;</P><P>Regards</P><P>&nbsp;</P><P>Caute_Cautim</P><P>&nbsp;</P></DIV></DIV></DIV></DIV></DIV></DIV></DIV> Fri, 12 Apr 2024 05:34:51 GMT https://community.isc2.org/t5/Threats/Microsoft-Fixes-149-Flaws-in-Huge-April-Patch-Release-Zero-Days/m-p/69434#M1174 Caute_cautim 2024-04-12T05:34:51Z