Otto  background

150 Vulnerabilities and a Zero-Day Demand Immediate Patching

Patch [FIX] Tuesday: April 2024

Connect With Us

Start now, and patch, configure, and control all your endpoints in just 15 minutes.

Welcome to Patch Tuesday, April 2024. This month's release comes with a notable increase in the number of Common Vulnerabilities and Exposures (CVEs) addressed, marking it as one of the most significant Patch Tuesdays in the past year and a half. In April, we’re met with 150 vulnerabilities and one Zero-Day.

But before we dive into this month’s vulnerabilities, take a look at this retrospective table to see how the April 2024 Patch Tuesday stacks up.

Be sure to give the Patch [Fix] Tuesday podcast a listen! Also available wherever you normally get your podcasts.

CVE 2024-26224 [Important]

Windows DNS Server Remote Code Execution Vulnerability

The Windows DNS Server Remote Code Execution Vulnerability (CVE 2024-26224) is one of seven vulnerabilities released in this month's Patch Tuesday that address Windows DNS Server remote code execution vulnerabilities. Each of these is rated with a CVE score of 7.2/10. 

Windows DNS Server Remote Code Execution Vulnerabilities: 

  • CVE-2024-26221

  • CVE-2024-26222

  • CVE-2024-26223

  • CVE-2024-26224

  • CVE-2024-26227

  • CVE-2024-26231

  • CVE-2024-26233

This exploit permits attackers with network access to the DNS server to execute arbitrary code or privileged commands. Such vulnerabilities raise concerns, especially for Windows Server environments, as they can pave the way for lateral movement attacks.

Lateral movement attacks, as exemplified by the threat posed in CVE 2024-26224, underscore the critical need for robust alerting and network monitoring protocols to safeguard against sophisticated intrusions. These malicious techniques involve threat actors gaining access to one segment of a network and maneuvering laterally to compromise additional systems or devices within the network infrastructure. 

By establishing comprehensive alerting and monitoring mechanisms and implementing vigilant network monitoring practices, organizations can proactively detect and thwart lateral movement attempts. Timely alerts generated by monitoring systems enable security teams to respond swiftly to potential threats, preventing further escalation and minimizing the impact of intrusions. 

To address the risks posed by CVE 2024-26224, immediate action is crucial. Applying the latest security updates from Microsoft is key to mitigating the possibility of exploitation. 

– Seth Hoyt, Senior Security Engineer

macOS Vulnerabilities

In the realm of macOS vulnerabilities, addressing memory safety issues seems to be the theme this month. Vulnerabilities, including CVE 2024-1580, are linked to image processing and allow for the potential for arbitrary code execution. The recent surge in media-related vulnerabilities targeting macOS shows a notable shift towards heightened emphasis and research into potential exploits. 

As more organizations incorporate Mac devices into their operational framework, the necessity to comprehend and mitigate vulnerabilities specific to macOS becomes increasingly important. This trend underscores the importance of delving into critical areas like media processing, memory safety, and network protocols to identify and rectify vulnerabilities effectively. 

As macOS continues to draw increased attention from malicious actors, the emphasis on leveraging memory-safe coding languages becomes imperative. By adopting languages that prioritize memory safety, developers can reduce the risk of vulnerabilities that could be exploited by attackers. 

– Tom Bowyer, Director IT Security, Automox

CVE 2024-3094 [Critical]

XZ/Liblzma Supply Chain Backdoor

With a CVE score of 10.0/10.0, CVE 2024-3094 certainly raised eyebrows earlier this month. CVE 2024-3094 uncovers a vulnerability within the XZ utilities, revealing the presence of a backdoor that compromises the integrity of the code. This backdoor, designed to manipulate the Makefile of liblzma, poses a threat to SSH servers, emphasizing the significance of thorough code review and vigilance in the open-source community.

The XZ vulnerability not only exposes the security risks associated with compromised packages like liblzma but also sheds light on a larger issue: open-source developer burnout as a significant attack vector.

Attackers social engineering the exhaustion and resource constraints of developers to gain trust, gain access, and introduce malicious code, as seen in the XZ vulnerability case, highlight the vulnerabilities embedded in the development process when burnout is left unaddressed. 

To address the implications of CVE 2024-3094, swift action is essential. Consider downgrading to versions of the XZ package unaffected by this vulnerability, such as those predating 5.6.0 and 5.6.1. By downgrading the XZ package, you can enhance defenses against potential backdoor exploits and safeguard your systems from unauthorized access.

Automox has taken proactive steps to help you address the XZ utils vulnerability by developing a specialized Worklet automation script aimed at mitigating the risks posed by CVE 2024-3094. 

This Worklet scans Linux endpoints for the affected xz/liblzma package, evaluates the system's vulnerability status, and initiates the necessary actions to downgrade the package to a secure version using the relevant package manager. The Worklet can also help you swiftly patch vulnerable systems, safeguard against arbitrary code execution, and reinforce the security of their infrastructure. 

While the XZ vulnerability was identified this time, next time, we may not be so lucky. It’s highly unlikely that this will be the last attack using this vector. Stay curious, stay safe, and stay vigilant. 

– Cody Dietz, Team Lead, Security Engineering

Patch Regularly, Patch Often

This Patch Tuesday presents an intricate web of security challenges that IT professionals must vigilantly address. From the elevated concerns of remote code execution threats as highlighted by CVE 2024-26224, the urgency for comprehensive security measures is palpable. Coupled with the evolving landscape of macOS vulnerabilities and the dire implications of a supply chain backdoor like CVE 2024-3094, the demand for proactive and educated responses becomes clear.

To the administrators, engineers, and security experts out there, this summary serves as a clarion call to action. Stay ahead of these threats by fostering a culture of security awareness, implementing safe coding practices, and above all, ensuring timely application of security patches. Keep vigilant, stay informed, and fortify your networks against the ceaseless tide of cyber threats.

Dive deeper into this topic

loading...