April Patching Update: Busy Season for Vulnerabilities

Welcome to April’s edition of the OneNeck IT Solutions patching blog. With spring well underway, unfortunately, the trees and flowers are not the only things blossoming. Our team found itself navigating a busy month in cybersecurity, focusing on an extensive number of patches from Microsoft, including critical updates for two zero-day vulnerabilities and significant updates across various Linux distributions.

Microsoft’s April Patching Overview

Microsoft has addressed a staggering 150 vulnerabilities this month, categorized as follows:

• 31 Elevation of Privilege Vulnerabilities
• 29 Security Feature Bypass Vulnerabilities
• 67 Remote Code Execution Vulnerabilities
• 13 Information Disclosure Vulnerabilities
• 7 Denial of Service Vulnerabilities
• 3 Spoofing Vulnerabilities

This broad range underscores the vital importance of comprehensive patch management. Notably, two zero-day vulnerabilities were addressed:

• CVE-2024-26234: Proxy Driver Spoofing Vulnerability
• CVE-2024-29988: SmartScreen Prompt Security Feature Bypass Vulnerability

The Proxy Driver Spoofing Vulnerability could lead to significant data breaches by capturing sensitive information or injecting malicious data into sessions. At the same time, the SmartScreen Bypass could reduce the efficacy of one of Windows’ primary defenses against downloaded internet malware. Promptly addressing these vulnerabilities helps maintain the effectiveness of security barriers and prevents attackers from exploiting these sophisticated techniques.

Highlighted Patches

Critical vulnerabilities that require immediate attention include:

• CVE-2024-20678: Remote Procedure Call Runtime Remote Code Execution Vulnerability
• CVE-2024-20670: Outlook for Windows Spoofing Vulnerability
• CVE-2024-26221: Windows DNS Server Remote Code Execution Vulnerability

These vulnerabilities present a diverse range of threats—from remote code execution to spoofing—that could compromise the integrity and confidentiality of affected systems. The potential impact of these issues includes unauthorized data access, system control, and bypassing security mechanisms. Organizations must prioritize these updates to mitigate these risks effectively. Timely patch application protects individual systems and fortifies the overall network security, preventing potential cascading effects of breaches stemming from these vulnerabilities.

Linux Patching Insights 

This month’s Linux updates are crucial for maintaining the security and stability of your environment. Notable patches include:

• CVE-2024-2616: Critical security updates for Firefox, enhancing web security across multiple Oracle and Red Hat distributions.
• CVE-2024-26602: Important Kernel security and bug fix updates for Oracle and Red Hat Linux.
• CVE-2023-50868: Important updates for Dnsmasq, bolstering network management security.
• CVE-2024-21626: Docker security update crucial for container management.
• CVE-2023-45234: Security update for Edk2, enhancing system firmware security.
• CVE-2024-0646 and CVE-2023-46589: Kernel and Tomcat security updates are vital for system and web application security.
• CVE-2024-0775 and CVE-2023-45871: Updates for Oracle Linux’s Unbreakable Enterprise kernel, addressing critical vulnerabilities.

The range of patches this month underscores the importance of comprehensive security measures across various components of Linux systems. From web browsing and container management to core kernel operations and network services, each update plays a pivotal role in closing security gaps and enhancing the resilience of IT infrastructures. By proactively applying these updates, organizations can significantly reduce their exposure to cyber threats and ensure the continuity of their operational capabilities. These efforts are crucial to upholding stringent security standards and safeguarding sensitive data and system processes against emerging vulnerabilities.

Exchange Server

As a reminder, Microsoft will no longer be releasing Cumulative Updates for Exchange Server 2016. As a result, our team strongly recommends that all customers upgrade to Exchange Server 2019. If you have questions about how OneNeck can assist you with your upgrade decisions, do not hesitate to contact the Service Desk (800-272-3077).

Microsoft Office & SharePoint Updates

While our scheduled patching activities are comprehensive, they are designed to complement your internal update processes for a wide range of products, including Microsoft Office and SharePoint. We encourage our clients to regularly review and apply updates across all software to ensure the highest level of security. For insights on integrating these updates seamlessly into your security strategy or how OneNeck can support your efforts, do not hesitate to contact our Service Desk.

Closing Thoughts

April’s extensive patch release reminds us of the dynamic nature of cybersecurity threats and the ongoing need for vigilance. Renew your commitment to cybersecurity this spring by staying updated and proactive. For any support or questions, OneNeck is here to assist you.

Stay secure and patched, and let’s spring into action to keep our networks as vibrant and resilient as the season.

Each month, OneNeck engineers review newly released updates from vendors, like Microsoft, to understand any known issues, actions required and understand the priority of each. This is done immediately following Patch Tuesday releases, and we monitor for adjustments to patches throughout each month.

The information above is gathered monthly during this review and posted for awareness to our customers. This information is generally updated only once per month and is based on our engineers’ review of the information provided by the vendor at that time. As always, for the most up-to-date patching information, please see the vendor’s website or contact us.

Note: If OneNeck actively manages a device or software that is impacted by any of these vulnerabilities, when necessary, OneNeck will be in direct contact with you regarding remediation.

Additional Resources: