Microsoft fixes 150 flaws in April 2024 Patch Tuesday Security Updates. Two zero-day’s were fixed in this month’s security updates.

UPDATE: Additional Information regarding zero day vulnerabilitie has been added as Microsoft did not initially address them as exploited.

On the second Tuesday of each month, Microsoft releases advisories and patches to fix flaws, vulnerabilities, and zero-day exploits in what has come to be known as Patch Tuesday. Below is the rundown of this month’s Patch Tuesday.

Microsoft patches 150 vulnerabilities, 2 zero-day exploits this month

Today, according to Microsoft’s April 2024 Security Update [Release notes][releasenotes], the software company released fixes for 149 flaws in its Microsoft Windows and Microsoft Windows Server operating systems, and other Microsoft products. Let’s break down this month’s fixes. Zero-Day’s

According to [Bleeping Computer][bleepingcomputer], “Microsoft initially failed to mark the zero days as actively exploited, but Sophos and Trend Micro shared information on how they were actively exploited in attacks”: • CVE-2024-26234 - Proxy Driver Spoofing Vulnerability • CVE-2024-29988 - SmartScreen Prompt Security Feature Bypass Vulnerability

Vulnerability Breakdown

Below is the breakdown of the type of vulnerabilities in this month’s release and how many of each type:

Critical Vulnerabilities

Microsoft listed three vulnerabilities as critical in this month’s release, all three of which affecting the Microsoft Defender for IoT product.