Patch Tuesday de Abril

Presentado por Kamel Karabelli y Carlos Frances
Patch Tuesday Webinar
Jueves 11 Abril 2024

Copyright © 2024 Ivanti. All rights reserved. 2
Copyright © 2024 Ivanti. All rights reserved.
Agenda
§ April 2024 Patch Tuesday Overview
§ In the News
§ Bulletins and Releases
§ Between Patch Tuesdays
§ Q & A

April Patch Tuesday 2024
Microsoft resolved 150 new CVEs for April Patch
Tuesday! This may sound like a downpour, but only
three are rated Critical and only one is a Zero-day
(CVE-2024-26234). The zero-day makes the OS update
your highest priority this month, but a couple of things to
watch for is the SQL Server update of 38 CVEs and the
9 Azure CVEs. These are the areas that will likely take a
little more research, testing, and planning to rollout.
Adobe also released 9 updates, but all were rated as
Priority 3. Google Chrome is expected later in the
evening to round out the Patch Tuesday lineup.
For more details check out this month's Patch Tuesday
blog.

In the News

In the News
§ XZ Backdoor: What versions are vulnerable?
§ https://www.techrepublic.com/article/xz-backdoor-linux/
§ Prominent breaches driving cybersecurity regulations
§ https://federalnewsnetwork.com/commentary/2024/04/leveraging-lessons-from-the-okta-breach-to-enhance-
federal-cybersecurity/
§ https://www.federalregister.gov/documents/2021/05/17/2021-10460/improving-the-nations-cybersecurity
§ New Hardening Changes in April
§ https://support.microsoft.com/en-us/topic/kb5036534-latest-windows-hardening-guidance-and-key-
dates-eb1bd411-f68c-4d74-a4e1-456721a6551b
§ Secure Boot Bypass step-by-step instructions in KB 5025885 to enable mitigations after update
§ Oracle’s Critical Patch Updates (CPU) are released next week

New and Notable Linux Vulnerabilities: 1
CVE-2024-3094
§ CVSS 3: 10.0
§ A backdoor was found in the xz package, versions
5.6.0 and 5.6.1, which provides compression
functionality for different components of the system
including the Kernel
§ Through a series of elaborate dependencies and
code injection, xz would deploy the backdoor into the
secure shell daemon process (sshd), enabling a yet-
to-be-identified attacker to remotely access and
execute code on any affected system.
Impact:
The most high-tech code implant and supply chain
attack to date: this operation took place over a period
of 2 years, in which attacker gained trust of the xz
project maintainer, infiltrated the project, and could
tamper with the code in such a way that would, had it
not been caught, lead to the installation of the backdoor
on all Debian (incl Ubuntu) and Red Hat-based
distributions and deployed systems.
Highlighted by TuxCare

CVE-2024-25617
§ CVSS 3: 8.6
§ Squid, a web proxy cache, was found to be
susceptible to a Denial-of-Service attack through the
use of HTTP chunked messages.
§ Exploiting this flaw lets a remote attacker block
squid's operation, rendering connections impossible
for legitimate users.
§ Since squid is often deployed as a "gateway"
between intranet systems and the outside Internet, it
could effectively block Internet access to all internal
systems and/or users.
Affects versions starting with 3.5.27 up to 6.8, where it
was fixed.
Mitigation
There is no known mitigation or workaround other
than upgrading affected squid versions to at least
6.8.

CVE-2024-1086
§ CVSS 3: 7.8
§ Flaw in the Netfilter subsystem of the Linux Kernel
enables local privilege escalation.
§ Possible to trick Netfilter into mistaking NF_DROP
for an NF_ACCEPT (meaning a drop decision could
be misunderstood for an accept decision on a
specially crafted packet filtering rule), which would
lead to a double-free vulnerability in the code,
triggering a user-controlled crash.
§ Initially disclosed in January, but patching by
distributions was not done promptly.
Affects Kernel versions from 3.15 to 6.8-rc1, and
distributions like RHEL, Debian, Ubuntu, and
derivatives. Update to the latest version.
Background
The information on how to exploit this situation to
obtain root privileges has already been published
online and is easily accessible.

Known Disclosed and Exploited Vulnerabilities
§ CVE-2024-26234 Proxy Driver Spoofing Vulnerability
§ CVSS 3.1 Scores: 6.7 / 5.8
§ Severity: Important
§ Impact: All Windows operating systems from Server 2008 through Windows 11
§ No description is provided for this CVE.
§ NOTE: This CVE was updated to show its exploited and disclosed status mid-day yesterday after the
initial set of Patch Tuesday updates had been released. The severity rating did not change from
Important due to the low CVSS scores.

Microsoft Patch Tuesday Updates of Interest
Advisory 990001 Latest Servicing Stack
Updates (SSU)
§ https://msrc.microsoft.com/update-
guide/en-US/vulnerability/ADV990001
§ 2012 ESU OS and Windows 10
Azure and Development Tool Updates
§ .NET 6, 7, & 8
§ Azure Arc Cluster (multiple components)
§ Azure AI Search
§ Azure Compute Gallery
§ Azure Kubernetes Service Confidential
Containers
§ Azure Migrate
§ Other Azure Products
§ Visual Studio 2019 & 2022 (multiple
versions)
Source: Microsoft

Windows 10
and 11 Lifecycle
Awareness
Windows 10 Enterprise and Education
Version Release Date End of Support Date
22H2 10/18/2022 10/14/2025
21H2 11/16/2021 6/11/2024
Windows 10 Home and Pro
22H2 10/18/2022 10/14/2025
Windows 11 Home and Pro
23H2 10/31/2023 11/11/2025
22H2 9/20/2022 10/8/2024
Windows 11 Enterprise and Education
23H2 10/31/2023 11/10/2026
22H2 9/20/2022 10/14/2025
21H2 10/4/2021 10/8/2024
Source: Microsoft
https://docs.microsoft.com/en-us/lifecycle/faq/windows

Server Long-term Servicing Channel Support
Server LTSC Support
Version Editions Release Date Mainstream Support Ends Extended Support Ends
Windows Server 2022 Datacenter and Standard 08/18/2021 10/13/2026 10/14/2031
Windows Server 2019
(Version 1809)
Datacenter, Essentials, and Standard 11/13/2018 01/09/2024 01/09/2029
Windows Server 2016
(Version 1607)
Datacenter, Essentials, and Standard 10/15/2016 01/11/2022 01/11/2027
https://learn.microsoft.com/en-us/windows-server/get-started/windows-server-release-info
§ Focused on server long-term stability
§ Major version releases every 2-3 years
§ 5 years mainstream and 5 years extended support
§ Server core or server with desktop experience available
Source: Microsoft

Patch Content Announcements
Announcements Posted on Community Forum Pages
§ https://forums.ivanti.com/s/group/CollaborationGroup/00Ba0000009oKICEA2
§ Subscribe to receive email for the desired product(s)
Content Info: Endpoint Security
Content Info: Endpoint Manager
Content Info: macOS Updates
Content Info: Linux Updates
Content Info: Patch for Configuration Manager
Content Info: ISEC and Neurons Patch
Content Info: Neurons Patch for InTune

Bulletins and Releases

MS24-04-W11: Windows 11 Update
§ Maximum Severity: Important
§ Affected Products: Microsoft Windows 11 Version 21H2, 22H2, 23H2 and Edge Chromium
§ Description: This bulletin references KB 5036894 (21H2) and KB 5036893 (22H2/23H2).
§ Impact: Remote Code Execution, Security Feature Bypass, Denial of Service, Spoofing,
Elevation of Privilege, and Information Disclosure
§ Fixes 69 Vulnerabilities: CVE-2024-26234 is known exploited and publicly disclosed. See the
Security Update Guide for the complete list of CVEs.
§ Restart Required: Requires restart
§ Known Issues: None reported
1
2

MS24-04-W10: Windows 10 Update
§ Affected Products: Microsoft Windows 10 Versions 1607, 1809, 21H2, 22H2, Server 2016,
Server 2019, Server 2022, Server 2022 Datacenter: Azure Edition, Server 2022 23H2 Edition,
and Edge Chromium
§ Description: This bulletin references 6 KB articles. See KBs for the list of changes.
§ Impact: Remote Code Execution, Security Feature Bypass, Denial of Service, Spoofing,
Elevation of Privilege, and Information Disclosure
§ Fixes 91 Vulnerabilities: CVE-2024-26234 is known exploited and publicly disclosed. See the
Security Update Guide for the complete list of CVEs.
§ Known Issues: See next slide
1
2

April Known Issues for Windows 10
§ KB 5036892 – Windows 10 Enterprise and Education, version 21H2 Windows 10 IoT Enterprise,
version 21H2 Windows 10 Enterprise Multi-Session, version 21H2 Windows 10, version 22H2,
all editions
§ [Copilot Not Supported] Copilot in Windows (in preview) is not currently supported when
your taskbar is located vertically on the right or left of your screen. Workaround: To
access Copilot in Windows, make sure your taskbar is positioned horizontally on the top or
bottom of your screen.
§ [Icon Display] Windows devices using more than one (1) monitor might experience issues
with desktop icons moving unexpectedly between monitors or other icon alignment issues
when attempting to use Copilot in Windows (in preview).
§ Microsoft is working on a resolution for both issues.

MS24-04-SQL: Security Updates for SQL Server
§ Affected Products: Microsoft SQL Server 2019 CU25 and 2022 CU12, Server 2019 and 2022
GDR are also available
§ Description: This security update fixes a series of Microsoft OLE DB Driver vulnerabilities which
could allow remote code execution. This bulletin is based on 4 KB articles.
§ Impact: Remote Code Execution
§ Fixes 38 Vulnerabilities: No CVEs are known exploited or publicly disclosed. See the Security
Update Guide for the complete list of CVEs.
2

§ Affected Products: Microsoft 365 Apps and Office LTSC for Mac 2021
§ Description: This month’s update resolved various bugs and performance
issues in Office applications. Information on the security updates is available at
https://docs.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates.
§ Fixes 1 Vulnerability: CVE-2024-26257 is not known to be exploited or publicly disclosed
§ Restart Required: Requires application restart
MS24-04-O365: Security Updates Microsoft 365 Apps
1
2

MS24-04-SPT: Security Updates for Sharepoint Server
§ Affected Products: Microsoft SharePoint Server Subscription Edition, SharePoint Enterprise
Server 2016, and SharePoint Server 2019
§ Description: This month’s update resolves a vulnerability that would allow someone to
impersonate another user. This bulletin is based on 3 KB articles.
§ Impact: Spoofing
§ Fixes 1 Vulnerability: CVE-2024-26251 is not known to be exploited or publicly disclosed
§ Restart Required: Requires application restart
2

MS24-04-MRNET: Monthly Rollup for Microsoft .NET
§ Affected Products: Microsoft Windows .Net Framework 3.5 through 4.8.1
§ Description: This update fixes a vulnerability in the .NET framework whereby an attacker or
victim needs to execute code from the local machine to exploit the vulnerability. This bulletin
references 14 KB articles.
§ Fixes 1 Vulnerability: CVE-2024-21409
§ Restart Required: Does not require a system restart after you apply it unless files that are being
updated are locked or are being used.
1
2

MS24-04-SONET: Monthly Rollup for Microsoft .NET
§ Affected Products: Microsoft Windows .Net Framework 3.5 through 4.8.1
§ Description: This update fixes a vulnerability in the .NET framework whereby an attacker or
victim needs to execute code from the local machine to exploit the vulnerability. This bulletin
references 14 KB articles.
§ Restart Required: Does not require a system restart after you apply it unless files that are being
updated are locked or are being used.
1
2

Between Patch Tuesdays

Windows Release Summary
§ Security Updates (with CVEs): AutoCAD 2022 (1), AutoCAD 2023 (1) AutoCAD 2024 (1), Google
Chrome (3), Firefox (2), Firefox ESR (2), Snagit (2), Splunk Universal Forwarder (3), Thunderbird (1),
Wireshark (2)
§ Security Updates (w/o CVEs): Adobe Acrobat DC and Acrobat Reader DC (3), Apache Tomcat (3),
Cisco Webex Meetings Desktop App (1), ClickShare App Machine-Wide Installer (1), Dropbox (2),
Evernote (3), Firefox (1), GoodSync (3), Google Earth Pro (1), Grammarly for Windows (3), IrfanView
(1), LogMeIn (1), Malwarebytes (2), Node.JS (Current) (1), Node.JS (LTS Lower) (2), Node.JS (LTS
Upper) (2), Notepad++ (1), Opera (4), PDF24 Creator (1), Plex Media Server (1), Python (1),
Screenpresso (1), Skype (3), Slack Machine-Wide Installer (2), Tableau Desktop (8), Tableau Prep
Builder (1),Tableau Reader (1), TeamViewer (5), VMware Tools (1), Zoom Outlook Plugin (1), Zoom
Rooms Client (1), Zoom VDI (1)
§ Non-Security Updates: 8x8 Work Desktop (1), Camtasia (1), Cisco Webex Teams (1),CutePDF Writer
(1), Google Drive File Stream (1), GeoGebra Classic (1), NextCloud Desktop Client (2), RingCentral
App (Machine-Wide Installer) (1)

Windows Third Party CVE Information
§ AutoCAD 2022.1.4
§ ADAC22-240328, QACAD202214
§ Fixes 44 Vulnerabilities: CVE-2022-22576, CVE-2022-27774, CVE-2022-27775, CVE-2022-27776,
CVE-2022-27780, CVE-2022-27781, CVE-2022-27782, CVE-2022-32205, CVE-2022-32206, CVE-
2022-32207, CVE-2022-32208, CVE-2022-32221, CVE-2022-35252, CVE-2022-37434, CVE-2022-
40674, CVE-2022-42915, CVE-2022-42916, CVE-2022-46908, CVE-2023-29073, CVE-2023-29074,
CVE-2023-29075, CVE-2023-29076, CVE-2023-41139, CVE-2023-41140, CVE-2024-0446, CVE-2024-
23136, CVE-2024-23137, CVE-2024-23138
§ AutoCAD 2023.1.5
§ ADAC23-240328, QACAD202315
23133, CVE-2024-23134, CVE-2024-23135, CVE-2024-23136, CVE-2024-23137

Windows Third Party CVE Information (cont)
§ AutoCAD 2024.1.3
§ ADAC23-240328, QACAD202413
CVE-2024-23123, CVE-2024-23124, CVE-2024-23125, CVE-2024-23126, CVE-2024-23127,
CVE-2024-23138
§ Google Chrome 123.0.6312.59
§ CHROME-240319, QGC1230631259
§ Fixes 7 Vulnerabilities: CVE-2024-2625, CVE-2024-2626, CVE-2024-2627, CVE-2024-2628, CVE-
2024-2629, CVE-2024-2630, CVE-2024-2631
§ CHROME-240326, QGC1230631286
§ Fixes 4 Vulnerabilities: CVE-2024-2883, CVE-2024-2885, CVE-2024-2886, CVE-2024-2887

§ CHROME-240402, QGC12306312106
§ Fixes 3 Vulnerabilities: CVE-2024-3156, CVE-2024-3158, CVE-2024-3159
§ Firefox 124.0
§ FF-240319, QFF1240
2613, CVE-2024-2614. CVE-2024-2615
§ Firefox 124.0.1
§ FF-240322, QFF12401
§ Fixes 2 Vulnerabilities: CVE-2024-29943, CVE-2024-29944

§ Firefox ESR 115.9.0
§ FFE-240319, QFFE11590
CVE-2024-2608, CVE-2024-2610. CVE-2024-2611, CVE-2024-2612, CVE-2024-2614, CVE-2024-
2616
§ FFE-240322, QFFE11591
§ Thunderbird 115.9.0
§ TB-240319, QTB11590
2616

§ Splunk Universal Forwarder 9.0.9
§ SPLUNKF90-240329, QSPLUNKF909

Windows Third Party CVE Information
§ SnagIt 2022.1.5
§ SNAG22-240321, QSNAG202215
§ SnagIt 2023.2.3
§ SNAG23-240320, QSNAG202323
§ Wireshark 4.0.14
§ WIRES40-240327, QWIRES4014EXE & QWIRES4014MSI
§ Wireshark 4.2.4
§ WIRES42-240327, QWIRES424EXE & QWIRES424MSI

Apple Release Summary
§ Security Updates (with CVEs): Apple macOS Sonoma (1), Apple macOS Ventura (1), Apple
Safari (2), Google Chrome (3), Firefox (2), Firefox ESR (2), Microsoft Edge (3), Thunderbird (1)
§ Security Updates (w/o CVEs): Brave (1)
§ Non-Security Updates: Alfred (1), Adobe Acrobat DC and Acrobat Reader DC (2), Brave (2),
draw.io (1), Dropbox (2), Evernote (4), Firefox (1), Figma (2), Google Drive (1), Grammarly (8),
Hazel (1), IntelliJ IDEA (2), LibreOffice (1), OneDrive for Mac (1), Microsoft Office 2019 Outlook
(3), PyCharm Professional (2), Slack (1), SeaMonkey (1), Snagit (3), Spotify (2), Microsoft
Teams (1), Visual Studio Code (1)

Apple Updates with CVE Information
§ macOS Ventura 13.6.6
§ HT214095
§ macOS Sonoma 14.4.1
§ HT214096
§ Safari 17.4 for Ventura and Monterey
§ HT214094

Apple Third Party CVE Information
§ CHROMEMAC-240320
2631
§ CHROMEMAC-240326
§ CHROMEMAC-240404
§ Fixes 3 Vulnerabilities: CVE-2024-3156, CVE-2024-3158, CVE-2024-3159

Apple Third Party CVE Information (cont)
§ Firefox 124.0
§ FF-240319
2613, CVE-2024-2614. CVE-2024-2615
§ Firefox 124.0.1
§ FF-240322
§ FFE-240319
CVE-2024-2608, CVE-2024-2610. CVE-2024-2611, CVE-2024-2612, CVE-2024-2614, CVE-2024-
2616

§ FFE-240322
§ Thunderbird 115.9.0
§ TB-240319
2616

§ Microsoft Edge 123.0.2420.53
§ MEDGEMAC-240322
§ Fixes 10 Vulnerabilities: CVE-2023-29057, CVE-2024-26247, CVE-2024-2625, CVE-2024-
CVE-2024-29057
§ MEDGEMAC-240328
§ MEDGEMAC-240404
§ Fixes 5 Vulnerabilities: CVE-2024-29049, CVE-2024-29981, CVE-2024-3156, CVE-2024-
3158, CVE-2024-3159

Q & A

Thank you

By receiving this presentation (whether in tangible or digital form or through visual or auditory means), recipient
acknowledges and agrees that: (a) recipient will not copy, reproduce, transmit, divulge, or distribute the presentation or
its contents, in whole or in part, to any third party without the express written consent of Ivanti; (b) recipient will treat and
protect the presentation and its contents as "Confidential Information" under its Nondisclosure Agreement (NDA) with
Ivanti; (c) if recipient has not entered into an NDA with Ivanti, they unconditionally agree that by receiving this
presentation they will treat and protect this presentation and its contents in accordance with the foregoing restrictions
and in any event with no less care than afforded to its own confidential information; and (d) recipient’s failure to comply
with the foregoing obligations of confidentiality could result in substantial harm to Ivanti and may be cause for legal
action. If recipient does not agree to the above, they may not participate in receipt of the presentation.
Disclaimer
The information presented in this presentation is for information purposes only and is not a
commitment, promise, or legal obligation to deliver any material, code, or functionality and
should not be relied upon in making a purchasing decision.
39
Confidentiality Notice

Patch Tuesday de Abril

More Related Content

Similar to Patch Tuesday de Abril (20)

More from Ivanti (20)

Recently uploaded (20)

Patch Tuesday de Abril