2 min

Microsoft has fixed a number of already exploited vulnerabilities in its monthly Patch Tuesday update. The most important is CVE-2024-26234, which allows malicious actors to monitor and intercept network traffic.

In the April 2024 security update with 190 enhancements, Microsoft states that the CVE-2024-26234 vulnerability is already being actively exploited. The attack is carried out via an innocent-looking .exe file, ostensibly from Thales, digitally signed with a valid Microsoft Hardware Publisher Certificate.

The file is actually a backdoor. It uses a built-in proxy server to monitor and intercept network traffic on the affected Windows machine.

Sophos researchers previously discovered this malicious file in a rogue software bundle. This package was intended to turn smartphones into online bots for liking posts, following individuals on social media and posting comments.

Microsoft has now patched this vulnerability and revoked the certificate.

Also read: Much faster Microsoft Store in Insider version of Windows 11

Other patched critical vulnerabilities

In addition to this active vulnerability, Microsoft also addressed a number of other critical and potentially actively exploited vulnerabilities in the latest Patch Tuesday update, Trend Micro and others discovered.

The patch also addresses a SmartSceen prompt security bypass, CVE-2024-29988. Exploiting this vulnerability requires victims to be tricked into running malicious files. Microsoft states that the vulnerability could have been actively exploited, but cannot confirm this.

For example, by licking a link, users could allow the SmartScreen security option in Windows to be bypassed. Thus, this security feature does not inform users that they may be visiting malicious Web sites.

Furthermore, Microsoft has fixed 70 more different remote execution (RCE) threats in its update. Among other things, the Microsoft Defender for IoT solution gets three major updates for countering RCE attacks.

Security updates other vendors

Not only Microsoft made a large number of security updates last Tuesday. Other vendors have also recently found cause to implement a large number of new security measures. Among others, these updates were implemented by Adobe, SAP, Fortinet, VMware, Cisco and Google.