---
licence_title: Creative Commons Attribution 4.0 International (CC-BY 4.0)
licence_link: https://creativecommons.org/licenses/by/4.0/
licence_restrictions: https://cert.europa.eu/legal-notice
licence_author: CERT-EU, The Cybersecurity Service for the European Union institutions, bodies, offices and agencies
title: 'Multiple Vulnerabilities in Microsoft Products'
number: '2024-034'
version: '1.0'
original_date: 'April 9, 2024'
date: 'April 10, 2024'
---
_History:_
* _10/04/2024 --- v1.0 -- Initial publication_
# Summary
On April 9, 2024, Microsoft addressed 150 vulnerabilities in its April 2024 Patch Tuesday update [1], including 67 remote code execution (RCE) vulnerabilities and 2 zero-days exploited in malware attacks [2].
It is recommended applying updates as soon as possible on affected products.
# Technical Details
The first zero-day vulnerability, tracked as **CVE-2024-26234**, is described as a proxy driver spoofing vulnerability and was issued to track a malicious driver signed using a valid Microsoft Hardware Publisher Certificate [2]. Microsoft has added the relevant certificates to its revocation list as part of the usual Patch Tuesday cycle.
The second vulnerability, tracked as **CVE-2024-29988,** is described as a SmartScreen prompt security feature bypass vulnerability caused by a protection mechanism failure weakness [2]. This vulnerability is related to `CVE-2024-21412`, which was discovered by ZDI threat researchers and first addressed in February. The first patch did not completely resolve the vulnerability. This update addresses the second part of the exploit chain.
# Affected Products
Affected products include, but are not limited to, Microsoft Windows, Azure, Office, Windows Defender, SQL Server, DNS Server [3].
# Recommendations
It is recommended applying updates as soon as possible on affected assets.
# References
[1]
[2]
[3]