Microsoft's Patch Tuesday for April 2024 covers 155 vulnerabilities, with 3 critical ones and 145 classified as important severity. An emergency patch was released for Proxy Driver Spoofing Vulnerability impacting Windows desktop and server OS, including end-of-life versions like Windows Server 2008.
Qualys highlighted that critical vulnerabilities in Microsoft Defender for IoT, addressed in the update, require admin access for exploitation. Path traversal vulnerability exploits demand authenticated access to upload malicious files to sensitive server locations.
Microsoft updated a Patch Tuesday advisory for CVE-2024-26234 after rapid7 noted in-the-wild exploitation and public disclosure. Qualys mentioned specific admin-level requirements for successful exploitation of RCE vulnerabilities in the Defender for IoT tool.
[
add
]
[
|
|
...
]