“Microsoft patched 147 CVEs in April, the largest number of CVEs patched in a month since we began tracking this data in 2017. The last time there were over 100 CVEs patched was October 2023, when Microsoft addressed 103 CVEs. However, the previous high for total CVEs patched in a month was in July 2023, when Microsoft addressed 130 CVEs.
“It’s been an unusually quiet year in terms of zero-days. This time last year, there were seven zero-day vulnerabilities exploited in the wild. In 2024, we’ve only had two zero-days exploited and both were from February. It’s difficult to pinpoint why we’ve seen this decrease, whether it’s just a lack of visibility or if it signifies a trend with attackers utilizing known vulnerabilities as part of their attacks on organizations.
“Microsoft fixed a SmartScreen Prompt security feature bypass vulnerability this month with CVE-2024-29988, which is credited to some of the same researchers that disclosed a similar flaw in February (CVE-2024-21412) that was exploited as a zero-day. Social engineering through direct means (email and direct messages) that requires some type of user interaction is a typical route for exploitation for this type of flaw. CVE-2024-21412 was used as part of a DarkGate campaign that leveraged fake software installers impersonating Apple’s iTunes, Notion, NVIDIA and more. Microsoft Defender SmartScreen is supposed to provide additional protections for end users against phishing and malicious websites. However, as the name implies, these flaws bypass these security features, which leads to end users being infected with malware.
Satnam Narang, Senior Staff Research Engineer, Tenable said, “This month’s release addresses 24 vulnerabilities in Windows Secure Boot, the majority of which are considered “Exploitation Less Likely” according to Microsoft. However, the last time Microsoft patched a flaw in Windows Secure Boot (CVE-2023-24932) in May 2023 had a notable impact as it was exploited in the wild and linked to the BlackLotus UEFI bootkit, which was sold on dark web forums for $5,000. BlackLotus can bypass functionality called secure boot, which is designed to block malware from being able to load when booting up. While none of these Secure Boot vulnerabilities addressed this month were exploited in the wild, they serve as a reminder that flaws in Secure Boot persist, and we could see more malicious activity related to Secure Boot in the future.”