Microsoft Monthly Security Update (April 2024)

Microsoft has released monthly security update for their products:

Vulnerable Product	Risk Level	Impacts	Notes
Browser	Low Risk	Spoofing
Windows	High Risk	Security Restriction Bypass Remote Code Execution Denial of Service Information Disclosure Elevation of Privilege Spoofing	CVE-2024-26234  is being exploited in the wild. The vulnerability allows a malicious driver signed using a valid Microsoft Hardware Publisher Certificate.   CVE-2024-29988  is being exploited in the wild. The attacker could send the targeted user a specially crafted file that tricks users into executing malicious files to exploit the remote code execution vulnerability.
Extended Security Updates (ESU)	Medium Risk	Security Restriction Bypass Remote Code Execution Elevation of Privilege Information Disclosure Denial of Service Spoofing
Developer Tools	Medium Risk	Remote Code Execution
Azure	Medium Risk	Elevation of Privilege Information Disclosure Denial of Service Remote Code Execution
SQL Server	Medium Risk	Remote Code Execution
System Center	Medium Risk	Remote Code Execution Elevation of Privilege
Microsoft Office	Medium Risk	Spoofing Remote Code Execution

Number of 'Extremely High Risk' product(s): 0

Number of 'High Risk' product(s): 1

Number of 'Medium Risk' product(s): 6

Number of 'Low Risk' product(s): 1

Evaluation of overall 'Risk Level': High Risk

[Updated on 2024-05-02] 

Updated Notes of Windows, CVE-2024-29988 is being exploited in the wild. The attacker could send the targeted user a specially crafted file that trick users into executing malicious files to exploit the remote code execution vulnerability.