Patch Palooza: Microsoft’s Massive Fix for 157 Flaws – Timing is Everything!

In a digital world where “perfect timing” is usually about catching the latest meme wave, Microsoft says it’s required to exploit their DNS Server Service vulnerabilities. Meanwhile, Microsoft Edge is living on the edge with seven new Chromium vulnerabilities, three of which are critical—but, hey, at least they’re not “critical-ical,” right?

Hot Take:

Okay folks, it’s time to buckle up and roll out the red carpet because Microsoft is throwing a patch party and everyone’s invited! We’ve got a whopping 157 vulnerabilities on the guest list, with a spicy side of Chromium issues just to keep Edge on its toes. But don’t pop the champagne just yet—only three of these electronic party crashers are critical. And as for CVE-2024-26234, that one’s the life of the party, already exploited and disclosed like a true rebel. So, grab your update tools and let’s get patching before any more uninvited vulnerabilities decide to crash this digital shindig!

Key Points:

  • CVE-2024-26234 is that notorious guest who showed up early—already disclosed and exploited before the party started.
  • Microsoft Defender for IoT isn’t feeling so tough now with CVE-2024-21322, CVE-2024-21323, and CVE-2024-29053 letting remote code executioners slip past the bouncers.
  • Microsoft OLE Driver for SQL Server is bringing about 40 “important” rated vulnerabilities to the dance floor, proving that quantity has a quality all its own.
  • Seven DNS Server Service vulnerabilities are doing the “perfect timing” tango, requiring some serious choreography to hit that remote code execution rhythm.
  • Chromium vulnerabilities are gatecrashing the Microsoft Edge party, bringing a little open-source spice to the proprietary mix.
Title: Windows Kerberos Elevation of Privilege Vulnerability
Cve id: CVE-2024-26248
Cve state: PUBLISHED
Cve assigner short name: microsoft
Cve date updated: 04/19/2024
Cve description: Windows Kerberos Elevation of Privilege Vulnerability

Title: Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
Cve id: CVE-2024-28930
Cve state: PUBLISHED
Cve assigner short name: microsoft
Cve date updated: 04/19/2024
Cve description: Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability

Title: Microsoft Edge (Chromium-based) Webview2 Spoofing Vulnerability
Cve id: CVE-2024-29049
Cve state: PUBLISHED
Cve assigner short name: microsoft
Cve date updated: 04/19/2024
Cve description: Microsoft Edge (Chromium-based) Webview2 Spoofing Vulnerability

Title: Secure Boot Security Feature Bypass Vulnerability
Cve id: CVE-2024-20689
Cve state: PUBLISHED
Cve assigner short name: microsoft
Cve date updated: 04/19/2024
Cve description: Secure Boot Security Feature Bypass Vulnerability

Title: Windows Hyper-V Denial of Service Vulnerability
Cve id: CVE-2024-29064
Cve state: PUBLISHED
Cve assigner short name: microsoft
Cve date updated: 04/19/2024
Cve description: Windows Hyper-V Denial of Service Vulnerability

Title: Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
Cve id: CVE-2024-28934
Cve state: PUBLISHED
Cve assigner short name: microsoft
Cve date updated: 04/19/2024
Cve description: Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability

Title: Secure Boot Security Feature Bypass Vulnerability
Cve id: CVE-2024-20688
Cve state: PUBLISHED
Cve assigner short name: microsoft
Cve date updated: 04/19/2024
Cve description: Secure Boot Security Feature Bypass Vulnerability

Title: Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
Cve id: CVE-2024-26205
Cve state: PUBLISHED
Cve assigner short name: microsoft
Cve date updated: 04/19/2024
Cve description: Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability

Title: Azure Identity Library for .NET Information Disclosure Vulnerability
Cve id: CVE-2024-29992
Cve state: PUBLISHED
Cve assigner short name: microsoft
Cve date updated: 04/19/2024
Cve description: Azure Identity Library for .NET Information Disclosure Vulnerability

Title: Secure Boot Security Feature Bypass Vulnerability
Cve id: CVE-2024-26250
Cve state: PUBLISHED
Cve assigner short name: microsoft
Cve date updated: 04/19/2024
Cve description: Secure Boot Security Feature Bypass Vulnerability

Title: Windows DNS Server Remote Code Execution Vulnerability
Cve id: CVE-2024-26223
Cve state: PUBLISHED
Cve assigner short name: microsoft
Cve date updated: 04/19/2024
Cve description: Windows DNS Server Remote Code Execution Vulnerability

Title: Windows Cryptographic Services Remote Code Execution Vulnerability
Cve id: CVE-2024-29050
Cve state: PUBLISHED
Cve assigner short name: microsoft
Cve date updated: 04/19/2024
Cve description: Windows Cryptographic Services Remote Code Execution Vulnerability

Title: Microsoft Defender for IoT Elevation of Privilege Vulnerability
Cve id: CVE-2024-29055
Cve state: PUBLISHED
Cve assigner short name: microsoft
Cve date updated: 04/19/2024
Cve description: Microsoft Defender for IoT Elevation of Privilege Vulnerability

Title: DHCP Server Service Denial of Service Vulnerability
Cve id: CVE-2024-26215
Cve state: PUBLISHED
Cve assigner short name: microsoft
Cve date updated: 04/19/2024
Cve description: DHCP Server Service Denial of Service Vulnerability

Title: Windows DWM Core Library Information Disclosure Vulnerability
Cve id: CVE-2024-26172
Cve state: PUBLISHED
Cve assigner short name: microsoft
Cve date updated: 04/19/2024
Cve description: Windows DWM Core Library Information Disclosure Vulnerability

Title: Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
Cve id: CVE-2024-28944
Cve state: PUBLISHED
Cve assigner short name: microsoft
Cve date updated: 04/19/2024
Cve description: Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability

Title: Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
Cve id: CVE-2024-28927
Cve state: PUBLISHED
Cve assigner short name: microsoft
Cve date updated: 04/19/2024
Cve description: Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability

Title: Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
Cve id: CVE-2024-28933
Cve state: PUBLISHED
Cve assigner short name: microsoft
Cve date updated: 04/19/2024
Cve description: Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability

Title: Windows Telephony Server Elevation of Privilege Vulnerability
Cve id: CVE-2024-26239
Cve state: PUBLISHED
Cve assigner short name: microsoft
Cve date updated: 04/19/2024
Cve description: Windows Telephony Server Elevation of Privilege Vulnerability

Title: Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
Cve id: CVE-2024-29043
Cve state: PUBLISHED
Cve assigner short name: microsoft
Cve date updated: 04/19/2024
Cve description: Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability

Title: Windows Telephony Server Elevation of Privilege Vulnerability
Cve id: CVE-2024-26242
Cve state: PUBLISHED
Cve assigner short name: microsoft
Cve date updated: 04/19/2024
Cve description: Windows Telephony Server Elevation of Privilege Vulnerability

Title: Azure Monitor Agent Elevation of Privilege Vulnerability
Cve id: CVE-2024-29989
Cve state: PUBLISHED
Cve assigner short name: microsoft
Cve date updated: 04/19/2024
Cve description: Azure Monitor Agent Elevation of Privilege Vulnerability

Title: Secure Boot Security Feature Bypass Vulnerability
Cve id: CVE-2024-28897
Cve state: PUBLISHED
Cve assigner short name: microsoft
Cve date updated: 04/19/2024
Cve description: Secure Boot Security Feature Bypass Vulnerability

Title: Windows Remote Access Connection Manager Information Disclosure Vulnerability
Cve id: CVE-2024-28901
Cve state: PUBLISHED
Cve assigner short name: microsoft
Cve date updated: 04/19/2024
Cve description: Windows Remote Access Connection Manager Information Disclosure Vulnerability

Title: Microsoft Brokering File System Elevation of Privilege Vulnerability
Cve id: CVE-2024-28907
Cve state: PUBLISHED
Cve assigner short name: microsoft
Cve date updated: 04/19/2024
Cve description: Microsoft Brokering File System Elevation of Privilege Vulnerability

Title: Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
Cve id: CVE-2024-29047
Cve state: PUBLISHED
Cve assigner short name: microsoft
Cve date updated: 04/19/2024
Cve description: Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability

Title: Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
Cve id: CVE-2024-29048
Cve state: PUBLISHED
Cve assigner short name: microsoft
Cve date updated: 04/19/2024
Cve description: Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability

Title: Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
Cve id: CVE-2024-28911
Cve state: PUBLISHED
Cve assigner short name: microsoft
Cve date updated: 04/19/2024
Cve description: Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability

Title: Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
Cve id: CVE-2024-28914
Cve state: PUBLISHED
Cve assigner short name: microsoft
Cve date updated: 04/19/2024
Cve description: Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability

Title: Secure Boot Security Feature Bypass Vulnerability
Cve id: CVE-2024-28896
Cve state: PUBLISHED
Cve assigner short name: microsoft
Cve date updated: 04/19/2024
Cve description: Secure Boot Security Feature Bypass Vulnerability

Title: Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
Cve id: CVE-2024-28908
Cve state: PUBLISHED
Cve assigner short name: microsoft
Cve date updated: 04/19/2024
Cve description: Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability

Title: Windows Remote Access Connection Manager Information Disclosure Vulnerability
Cve id: CVE-2024-28900
Cve state: PUBLISHED
Cve assigner short name: microsoft
Cve date updated: 04/19/2024
Cve description: Windows Remote Access Connection Manager Information Disclosure Vulnerability

Title: Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
Cve id: CVE-2024-28932
Cve state: PUBLISHED
Cve assigner short name: microsoft
Cve date updated: 04/19/2024
Cve description: Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability

Title: Microsoft Excel Remote Code Execution Vulnerability
Cve id: CVE-2024-26257
Cve state: PUBLISHED
Cve assigner short name: microsoft
Cve date updated: 04/19/2024
Cve description: Microsoft Excel Remote Code Execution Vulnerability

Title: Windows Kerberos Denial of Service Vulnerability
Cve id: CVE-2024-26183
Cve state: PUBLISHED
Cve assigner short name: microsoft
Cve date updated: 04/19/2024
Cve description: Windows Kerberos Denial of Service Vulnerability

Title: Microsoft Brokering File System Elevation of Privilege Vulnerability
Cve id: CVE-2024-28904
Cve state: PUBLISHED
Cve assigner short name: microsoft
Cve date updated: 04/19/2024
Cve description: Microsoft Brokering File System Elevation of Privilege Vulnerability

Title: Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
Cve id: CVE-2024-28938
Cve state: PUBLISHED
Cve assigner short name: microsoft
Cve date updated: 04/19/2024
Cve description: Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability

Title: Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
Cve id: CVE-2024-28941
Cve state: PUBLISHED
Cve assigner short name: microsoft
Cve date updated: 04/19/2024
Cve description: Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability

Title: DHCP Server Service Remote Code Execution Vulnerability
Cve id: CVE-2024-26195
Cve state: PUBLISHED
Cve assigner short name: microsoft
Cve date updated: 04/19/2024
Cve description: DHCP Server Service Remote Code Execution Vulnerability

Title: Windows DNS Server Remote Code Execution Vulnerability
Cve id: CVE-2024-26222
Cve state: PUBLISHED
Cve assigner short name: microsoft
Cve date updated: 04/19/2024
Cve description: Windows DNS Server Remote Code Execution Vulnerability

Title: Windows DNS Server Remote Code Execution Vulnerability
Cve id: CVE-2024-26227
Cve state: PUBLISHED
Cve assigner short name: microsoft
Cve date updated: 04/19/2024
Cve description: Windows DNS Server Remote Code Execution Vulnerability

Title: Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
Cve id: CVE-2024-28931
Cve state: PUBLISHED
Cve assigner short name: microsoft
Cve date updated: 04/19/2024
Cve description: Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability

Title: Secure Boot Security Feature Bypass Vulnerability
Cve id: CVE-2024-28898
Cve state: PUBLISHED
Cve assigner short name: microsoft
Cve date updated: 04/19/2024
Cve description: Secure Boot Security Feature Bypass Vulnerability

Title: Secure Boot Security Feature Bypass Vulnerability
Cve id: CVE-2024-28923
Cve state: PUBLISHED
Cve assigner short name: microsoft
Cve date updated: 04/19/2024
Cve description: Secure Boot Security Feature Bypass Vulnerability

Cve id: CVE-2024-3159
Cve state: PUBLISHED
Cve assigner short name: Chrome
Cve date updated: 04/06/2024
Cve description: Out of bounds memory access in V8 in Google Chrome prior to 123.0.6312.105 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High)

Title: Microsoft Local Security Authority Subsystem Service Information Disclosure Vulnerability
Cve id: CVE-2024-26209
Cve state: PUBLISHED
Cve assigner short name: microsoft
Cve date updated: 04/19/2024
Cve description: Microsoft Local Security Authority Subsystem Service Information Disclosure Vulnerability

Title: Microsoft Defender for IoT Elevation of Privilege Vulnerability
Cve id: CVE-2024-21324
Cve state: PUBLISHED
Cve assigner short name: microsoft
Cve date updated: 04/19/2024
Cve description: Microsoft Defender for IoT Elevation of Privilege Vulnerability

Title: Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
Cve id: CVE-2024-28906
Cve state: PUBLISHED
Cve assigner short name: microsoft
Cve date updated: 04/19/2024
Cve description: Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability

Title: Microsoft WDAC OLE DB Provider for SQL Server Remote Code Execution Vulnerability
Cve id: CVE-2024-26210
Cve state: PUBLISHED
Cve assigner short name: microsoft
Cve date updated: 04/19/2024
Cve description: Microsoft WDAC OLE DB Provider for SQL Server Remote Code Execution Vulnerability

Title: Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
Cve id: CVE-2024-28936
Cve state: PUBLISHED
Cve assigner short name: microsoft
Cve date updated: 04/19/2024
Cve description: Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability

Cve id: CVE-2019-3816
Cve state: PUBLISHED
Cve assigner short name: redhat
Cve date updated: 10/07/2022
Cve description: Openwsman, versions up to and including 2.6.9, are vulnerable to arbitrary file disclosure because the working directory of openwsmand daemon was set to root directory. A remote, unauthenticated attacker can exploit this vulnerability by sending a specially crafted HTTP request to openwsman server.

Title: Windows SMB Elevation of Privilege Vulnerability
Cve id: CVE-2024-26245
Cve state: PUBLISHED
Cve assigner short name: microsoft
Cve date updated: 04/19/2024
Cve description: Windows SMB Elevation of Privilege Vulnerability

Title: Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
Cve id: CVE-2024-28929
Cve state: PUBLISHED
Cve assigner short name: microsoft
Cve date updated: 04/19/2024
Cve description: Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability

Title: Windows Remote Access Connection Manager Elevation of Privilege Vulnerability
Cve id: CVE-2024-26211
Cve state: PUBLISHED
Cve assigner short name: microsoft
Cve date updated: 04/19/2024
Cve description: Windows Remote Access Connection Manager Elevation of Privilege Vulnerability

Title: Windows Remote Access Connection Manager Information Disclosure Vulnerability
Cve id: CVE-2024-28902
Cve state: PUBLISHED
Cve assigner short name: microsoft
Cve date updated: 04/19/2024
Cve description: Windows Remote Access Connection Manager Information Disclosure Vulnerability

Title: Windows Cryptographic Services Security Feature Bypass Vulnerability
Cve id: CVE-2024-26228
Cve state: PUBLISHED
Cve assigner short name: microsoft
Cve date updated: 04/19/2024
Cve description: Windows Cryptographic Services Security Feature Bypass Vulnerability

Title: Win32k Elevation of Privilege Vulnerability
Cve id: CVE-2024-26241
Cve state: PUBLISHED
Cve assigner short name: microsoft
Cve date updated: 04/19/2024
Cve description: Win32k Elevation of Privilege Vulnerability

Title: DHCP Server Service Denial of Service Vulnerability
Cve id: CVE-2024-26212
Cve state: PUBLISHED
Cve assigner short name: microsoft
Cve date updated: 04/19/2024
Cve description: DHCP Server Service Denial of Service Vulnerability

Title: Secure Boot Security Feature Bypass Vulnerability
Cve id: CVE-2024-28919
Cve state: PUBLISHED
Cve assigner short name: microsoft
Cve date updated: 04/19/2024
Cve description: Secure Boot Security Feature Bypass Vulnerability

Title: Microsoft Defender for IoT Elevation of Privilege Vulnerability
Cve id: CVE-2024-29054
Cve state: PUBLISHED
Cve assigner short name: microsoft
Cve date updated: 04/19/2024
Cve description: Microsoft Defender for IoT Elevation of Privilege Vulnerability

Title: Microsoft Defender for IoT Remote Code Execution Vulnerability
Cve id: CVE-2024-21322
Cve state: PUBLISHED
Cve assigner short name: microsoft
Cve date updated: 04/19/2024
Cve description: Microsoft Defender for IoT Remote Code Execution Vulnerability

Title: Microsoft Brokering File System Elevation of Privilege Vulnerability
Cve id: CVE-2024-28905
Cve state: PUBLISHED
Cve assigner short name: microsoft
Cve date updated: 04/19/2024
Cve description: Microsoft Brokering File System Elevation of Privilege Vulnerability

Title: Microsoft Install Service Elevation of Privilege Vulnerability
Cve id: CVE-2024-26158
Cve state: PUBLISHED
Cve assigner short name: microsoft
Cve date updated: 04/19/2024
Cve description: Microsoft Install Service Elevation of Privilege Vulnerability

Title: Windows Authentication Elevation of Privilege Vulnerability
Cve id: CVE-2024-21447
Cve state: PUBLISHED
Cve assigner short name: microsoft
Cve date updated: 04/19/2024
Cve description: Windows Authentication Elevation of Privilege Vulnerability

Title: Microsoft WDAC OLE DB Provider for SQL Server Remote Code Execution Vulnerability
Cve id: CVE-2024-26244
Cve state: PUBLISHED
Cve assigner short name: microsoft
Cve date updated: 04/19/2024
Cve description: Microsoft WDAC OLE DB Provider for SQL Server Remote Code Execution Vulnerability

Cve id: CVE-2024-23593
Cve state: PUBLISHED
Cve assigner short name: lenovo
Cve date updated: 04/15/2024
Cve description: A vulnerability was reported in a system recovery bootloader that was part of the Lenovo preloaded Windows 7 and 8 operating systems from 2012 to 2014 that could allow a privileged attacker with local access to modify the boot manager and escalate privileges.

Title: Azure Migrate Remote Code Execution Vulnerability
Cve id: CVE-2024-26193
Cve state: PUBLISHED
Cve assigner short name: microsoft
Cve date updated: 04/19/2024
Cve description: Azure Migrate Remote Code Execution Vulnerability

Title: Secure Boot Security Feature Bypass Vulnerability
Cve id: CVE-2024-26180
Cve state: PUBLISHED
Cve assigner short name: microsoft
Cve date updated: 04/19/2024
Cve description: Secure Boot Security Feature Bypass Vulnerability

Title: Proxy Driver Spoofing Vulnerability
Cve id: CVE-2024-26234
Cve state: PUBLISHED
Cve assigner short name: microsoft
Cve date updated: 04/09/2024
Cve description: Proxy Driver Spoofing Vulnerability

Title: Secure Boot Security Feature Bypass Vulnerability
Cve id: CVE-2024-26194
Cve state: PUBLISHED
Cve assigner short name: microsoft
Cve date updated: 04/19/2024
Cve description: Secure Boot Security Feature Bypass Vulnerability

Title: libarchive Remote Code Execution Vulnerability
Cve id: CVE-2024-26256
Cve state: PUBLISHED
Cve assigner short name: microsoft
Cve date updated: 04/19/2024
Cve description: libarchive Remote Code Execution Vulnerability

Title: Remote Procedure Call Runtime Remote Code Execution Vulnerability
Cve id: CVE-2024-20678
Cve state: PUBLISHED
Cve assigner short name: microsoft
Cve date updated: 04/19/2024
Cve description: Remote Procedure Call Runtime Remote Code Execution Vulnerability

Title: Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
Cve id: CVE-2024-28940
Cve state: PUBLISHED
Cve assigner short name: microsoft
Cve date updated: 04/19/2024
Cve description: Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability

Title: Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
Cve id: CVE-2024-29044
Cve state: PUBLISHED
Cve assigner short name: microsoft
Cve date updated: 04/19/2024
Cve description: Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability

Title: Windows Update Stack Elevation of Privilege Vulnerability
Cve id: CVE-2024-26235
Cve state: PUBLISHED
Cve assigner short name: microsoft
Cve date updated: 04/19/2024
Cve description: Windows Update Stack Elevation of Privilege Vulnerability

Cve id: CVE-2024-3158
Cve state: PUBLISHED
Cve assigner short name: Chrome
Cve date updated: 04/06/2024
Cve description: Use after free in Bookmarks in Google Chrome prior to 123.0.6312.105 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Title: Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
Cve id: CVE-2024-28926
Cve state: PUBLISHED
Cve assigner short name: microsoft
Cve date updated: 04/19/2024
Cve description: Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability

Title: Secure Boot Security Feature Bypass Vulnerability
Cve id: CVE-2024-28922
Cve state: PUBLISHED
Cve assigner short name: microsoft
Cve date updated: 04/19/2024
Cve description: Secure Boot Security Feature Bypass Vulnerability

Title: Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
Cve id: CVE-2024-28915
Cve state: PUBLISHED
Cve assigner short name: microsoft
Cve date updated: 04/19/2024
Cve description: Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability

Title: Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
Cve id: CVE-2024-28945
Cve state: PUBLISHED
Cve assigner short name: microsoft
Cve date updated: 04/19/2024
Cve description: Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability

Title: Secure Boot Security Feature Bypass Vulnerability
Cve id: CVE-2024-26171
Cve state: PUBLISHED
Cve assigner short name: microsoft
Cve date updated: 04/19/2024
Cve description: Secure Boot Security Feature Bypass Vulnerability

Title: Windows Defender Credential Guard Elevation of Privilege Vulnerability
Cve id: CVE-2024-26237
Cve state: PUBLISHED
Cve assigner short name: microsoft
Cve date updated: 04/19/2024
Cve description: Windows Defender Credential Guard Elevation of Privilege Vulnerability

Title: BitLocker Security Feature Bypass Vulnerability
Cve id: CVE-2024-20665
Cve state: PUBLISHED
Cve assigner short name: microsoft
Cve date updated: 04/19/2024
Cve description: BitLocker Security Feature Bypass Vulnerability

Title: Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
Cve id: CVE-2024-29046
Cve state: PUBLISHED
Cve assigner short name: microsoft
Cve date updated: 04/19/2024
Cve description: Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability

Title: .NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability
Cve id: CVE-2024-21409
Cve state: PUBLISHED
Cve assigner short name: microsoft
Cve date updated: 04/19/2024
Cve description: .NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability

Title: HTTP.sys Denial of Service Vulnerability
Cve id: CVE-2024-26219
Cve state: PUBLISHED
Cve assigner short name: microsoft
Cve date updated: 04/19/2024
Cve description: HTTP.sys Denial of Service Vulnerability

Title: Windows File Server Resource Management Service Elevation of Privilege Vulnerability
Cve id: CVE-2024-26216
Cve state: PUBLISHED
Cve assigner short name: microsoft
Cve date updated: 04/19/2024
Cve description: Windows File Server Resource Management Service Elevation of Privilege Vulnerability

Title: Microsoft SharePoint Server Spoofing Vulnerability
Cve id: CVE-2024-26251
Cve state: PUBLISHED
Cve assigner short name: microsoft
Cve date updated: 04/19/2024
Cve description: Microsoft SharePoint Server Spoofing Vulnerability

Cve id: CVE-2024-23594
Cve state: PUBLISHED
Cve assigner short name: lenovo
Cve date updated: 04/15/2024
Cve description: A buffer overflow vulnerability was reported in a system recovery bootloader that was part of the Lenovo preloaded Windows 7 and 8 operating systems from 2012 to 2014 that could allow a privileged attacker with local access to execute arbitrary code.

Title: Azure Arc-enabled Kubernetes Extension Cluster-Scope Elevation of Privilege Vulnerability
Cve id: CVE-2024-28917
Cve state: PUBLISHED
Cve assigner short name: microsoft
Cve date updated: 04/19/2024
Cve description: Azure Arc-enabled Kubernetes Extension Cluster-Scope Elevation of Privilege Vulnerability

Title: Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
Cve id: CVE-2024-28939
Cve state: PUBLISHED
Cve assigner short name: microsoft
Cve date updated: 04/19/2024
Cve description: Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability

Title: Microsoft Edge (Chromium-based) Spoofing Vulnerability
Cve id: CVE-2024-29981
Cve state: PUBLISHED
Cve assigner short name: microsoft
Cve date updated: 04/19/2024
Cve description: Microsoft Edge (Chromium-based) Spoofing Vulnerability

Title: Secure Boot Security Feature Bypass Vulnerability
Cve id: CVE-2024-29061
Cve state: PUBLISHED
Cve assigner short name: microsoft
Cve date updated: 04/19/2024
Cve description: Secure Boot Security Feature Bypass Vulnerability

Title: Microsoft Defender for IoT Remote Code Execution Vulnerability
Cve id: CVE-2024-29053
Cve state: PUBLISHED
Cve assigner short name: microsoft
Cve date updated: 04/19/2024
Cve description: Microsoft Defender for IoT Remote Code Execution Vulnerability

Title: Azure AI Search Information Disclosure Vulnerability
Cve id: CVE-2024-29063
Cve state: PUBLISHED
Cve assigner short name: microsoft
Cve date updated: 04/19/2024
Cve description: Azure AI Search Information Disclosure Vulnerability

Title: Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability
Cve id: CVE-2024-26208
Cve state: PUBLISHED
Cve assigner short name: microsoft
Cve date updated: 04/19/2024
Cve description: Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability

Title: Microsoft Brokering File System Elevation of Privilege Vulnerability
Cve id: CVE-2024-26213
Cve state: PUBLISHED
Cve assigner short name: microsoft
Cve date updated: 04/19/2024
Cve description: Microsoft Brokering File System Elevation of Privilege Vulnerability

Title: Secure Boot Security Feature Bypass Vulnerability
Cve id: CVE-2024-26189
Cve state: PUBLISHED
Cve assigner short name: microsoft
Cve date updated: 04/19/2024
Cve description: Secure Boot Security Feature Bypass Vulnerability

Title: Windows Kernel Elevation of Privilege Vulnerability
Cve id: CVE-2024-26218
Cve state: PUBLISHED
Cve assigner short name: microsoft
Cve date updated: 04/19/2024
Cve description: Windows Kernel Elevation of Privilege Vulnerability

Title: Secure Boot Security Feature Bypass Vulnerability
Cve id: CVE-2024-26168
Cve state: PUBLISHED
Cve assigner short name: microsoft
Cve date updated: 04/19/2024
Cve description: Secure Boot Security Feature Bypass Vulnerability

Title: Secure Boot Security Feature Bypass Vulnerability
Cve id: CVE-2024-28921
Cve state: PUBLISHED
Cve assigner short name: microsoft
Cve date updated: 04/19/2024
Cve description: Secure Boot Security Feature Bypass Vulnerability

Title: Microsoft Defender for IoT Remote Code Execution Vulnerability
Cve id: CVE-2024-21323
Cve state: PUBLISHED
Cve assigner short name: microsoft
Cve date updated: 04/19/2024
Cve description: Microsoft Defender for IoT Remote Code Execution Vulnerability

Title: Microsoft Virtual Machine Bus (VMBus) Denial of Service Vulnerability
Cve id: CVE-2024-26254
Cve state: PUBLISHED
Cve assigner short name: microsoft
Cve date updated: 04/19/2024
Cve description: Microsoft Virtual Machine Bus (VMBus) Denial of Service Vulnerability

Title: Microsoft WDAC SQL Server ODBC Driver Remote Code Execution Vulnerability
Cve id: CVE-2024-26214
Cve state: PUBLISHED
Cve assigner short name: microsoft
Cve date updated: 04/19/2024
Cve description: Microsoft WDAC SQL Server ODBC Driver Remote Code Execution Vulnerability

Title: Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
Cve id: CVE-2024-28912
Cve state: PUBLISHED
Cve assigner short name: microsoft
Cve date updated: 04/19/2024
Cve description: Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability

Title: Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
Cve id: CVE-2024-28909
Cve state: PUBLISHED
Cve assigner short name: microsoft
Cve date updated: 04/19/2024
Cve description: Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability

Title: Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
Cve id: CVE-2024-26179
Cve state: PUBLISHED
Cve assigner short name: microsoft
Cve date updated: 04/19/2024
Cve description: Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability

Title: Windows Telephony Server Elevation of Privilege Vulnerability
Cve id: CVE-2024-26230
Cve state: PUBLISHED
Cve assigner short name: microsoft
Cve date updated: 04/19/2024
Cve description: Windows Telephony Server Elevation of Privilege Vulnerability

Title: Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
Cve id: CVE-2024-28937
Cve state: PUBLISHED
Cve assigner short name: microsoft
Cve date updated: 04/19/2024
Cve description: Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability

Title: Windows Remote Access Connection Manager Information Disclosure Vulnerability
Cve id: CVE-2024-26217
Cve state: PUBLISHED
Cve assigner short name: microsoft
Cve date updated: 04/19/2024
Cve description: Windows Remote Access Connection Manager Information Disclosure Vulnerability

Title: Windows Mobile Hotspot Information Disclosure Vulnerability
Cve id: CVE-2024-26220
Cve state: PUBLISHED
Cve assigner short name: microsoft
Cve date updated: 04/19/2024
Cve description: Windows Mobile Hotspot Information Disclosure Vulnerability

Title: Windows rndismp6.sys Remote Code Execution Vulnerability
Cve id: CVE-2024-26252
Cve state: PUBLISHED
Cve assigner short name: microsoft
Cve date updated: 04/19/2024
Cve description: Windows rndismp6.sys Remote Code Execution Vulnerability

Title: Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
Cve id: CVE-2024-29045
Cve state: PUBLISHED
Cve assigner short name: microsoft
Cve date updated: 04/19/2024
Cve description: Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability

Title: Azure Private 5G Core Denial of Service Vulnerability
Cve id: CVE-2024-20685
Cve state: PUBLISHED
Cve assigner short name: microsoft
Cve date updated: 04/19/2024
Cve description: Azure Private 5G Core Denial of Service Vulnerability

Title: Outlook for Windows Spoofing Vulnerability
Cve id: CVE-2024-20670
Cve state: PUBLISHED
Cve assigner short name: microsoft
Cve date updated: 04/19/2024
Cve description: Outlook for Windows Spoofing Vulnerability

Title: Secure Boot Security Feature Bypass Vulnerability
Cve id: CVE-2024-29062
Cve state: PUBLISHED
Cve assigner short name: microsoft
Cve date updated: 04/19/2024
Cve description: Secure Boot Security Feature Bypass Vulnerability

Title: Windows Storage Elevation of Privilege Vulnerability
Cve id: CVE-2024-29052
Cve state: PUBLISHED
Cve assigner short name: microsoft
Cve date updated: 04/19/2024
Cve description: Windows Storage Elevation of Privilege Vulnerability

Title: Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
Cve id: CVE-2024-28935
Cve state: PUBLISHED
Cve assigner short name: microsoft
Cve date updated: 04/19/2024
Cve description: Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability

Title: Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
Cve id: CVE-2024-28910
Cve state: PUBLISHED
Cve assigner short name: microsoft
Cve date updated: 04/19/2024
Cve description: Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability

Title: Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
Cve id: CVE-2024-29982
Cve state: PUBLISHED
Cve assigner short name: microsoft
Cve date updated: 04/19/2024
Cve description: Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability

Title: Windows Distributed File System (DFS) Information Disclosure Vulnerability
Cve id: CVE-2024-26226
Cve state: PUBLISHED
Cve assigner short name: microsoft
Cve date updated: 04/19/2024
Cve description: Windows Distributed File System (DFS) Information Disclosure Vulnerability

Title: Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
Cve id: CVE-2024-29985
Cve state: PUBLISHED
Cve assigner short name: microsoft
Cve date updated: 04/19/2024
Cve description: Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability

Title: Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
Cve id: CVE-2024-26200
Cve state: PUBLISHED
Cve assigner short name: microsoft
Cve date updated: 04/19/2024
Cve description: Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability

Title: Secure Boot Security Feature Bypass Vulnerability
Cve id: CVE-2024-20669
Cve state: PUBLISHED
Cve assigner short name: microsoft
Cve date updated: 04/19/2024
Cve description: Secure Boot Security Feature Bypass Vulnerability

Title: SmartScreen Prompt Security Feature Bypass Vulnerability
Cve id: CVE-2024-29988
Cve state: PUBLISHED
Cve assigner short name: microsoft
Cve date updated: 04/09/2024
Cve description: SmartScreen Prompt Security Feature Bypass Vulnerability

Title: Windows Distributed File System (DFS) Remote Code Execution Vulnerability
Cve id: CVE-2024-29066
Cve state: PUBLISHED
Cve assigner short name: microsoft
Cve date updated: 04/19/2024
Cve description: Windows Distributed File System (DFS) Remote Code Execution Vulnerability

Title: Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
Cve id: CVE-2024-29983
Cve state: PUBLISHED
Cve assigner short name: microsoft
Cve date updated: 04/19/2024
Cve description: Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability

Title: Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
Cve id: CVE-2024-28913
Cve state: PUBLISHED
Cve assigner short name: microsoft
Cve date updated: 04/19/2024
Cve description: Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability

Title: Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
Cve id: CVE-2024-29984
Cve state: PUBLISHED
Cve assigner short name: microsoft
Cve date updated: 04/19/2024
Cve description: Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability

Title: Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability
Cve id: CVE-2024-26232
Cve state: PUBLISHED
Cve assigner short name: microsoft
Cve date updated: 04/19/2024
Cve description: Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability

Title: Windows DNS Server Remote Code Execution Vulnerability
Cve id: CVE-2024-26221
Cve state: PUBLISHED
Cve assigner short name: microsoft
Cve date updated: 04/19/2024
Cve description: Windows DNS Server Remote Code Execution Vulnerability

Title: Windows Update Stack Elevation of Privilege Vulnerability
Cve id: CVE-2024-26236
Cve state: PUBLISHED
Cve assigner short name: microsoft
Cve date updated: 04/19/2024
Cve description: Windows Update Stack Elevation of Privilege Vulnerability

Title: Windows Remote Access Connection Manager Information Disclosure Vulnerability
Cve id: CVE-2024-26255
Cve state: PUBLISHED
Cve assigner short name: microsoft
Cve date updated: 04/19/2024
Cve description: Windows Remote Access Connection Manager Information Disclosure Vulnerability

Title: Azure Compute Gallery Elevation of Privilege Vulnerability
Cve id: CVE-2024-21424
Cve state: PUBLISHED
Cve assigner short name: microsoft
Cve date updated: 04/19/2024
Cve description: Azure Compute Gallery Elevation of Privilege Vulnerability

Title: Windows rndismp6.sys Remote Code Execution Vulnerability
Cve id: CVE-2024-26253
Cve state: PUBLISHED
Cve assigner short name: microsoft
Cve date updated: 04/19/2024
Cve description: Windows rndismp6.sys Remote Code Execution Vulnerability

Title: Windows DNS Server Remote Code Execution Vulnerability
Cve id: CVE-2024-26233
Cve state: PUBLISHED
Cve assigner short name: microsoft
Cve date updated: 04/19/2024
Cve description: Windows DNS Server Remote Code Execution Vulnerability

Title: Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
Cve id: CVE-2024-28942
Cve state: PUBLISHED
Cve assigner short name: microsoft
Cve date updated: 04/19/2024
Cve description: Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability

Title: Windows Remote Access Connection Manager Information Disclosure Vulnerability
Cve id: CVE-2024-26207
Cve state: PUBLISHED
Cve assigner short name: microsoft
Cve date updated: 04/19/2024
Cve description: Windows Remote Access Connection Manager Information Disclosure Vulnerability

Title: Azure CycleCloud Elevation of Privilege Vulnerability
Cve id: CVE-2024-29993
Cve state: PUBLISHED
Cve assigner short name: microsoft
Cve date updated: 04/19/2024
Cve description: Azure CycleCloud Elevation of Privilege Vulnerability

Title: Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
Cve id: CVE-2024-28943
Cve state: PUBLISHED
Cve assigner short name: microsoft
Cve date updated: 04/19/2024
Cve description: Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability

Title: Windows Authentication Elevation of Privilege Vulnerability
Cve id: CVE-2024-29056
Cve state: PUBLISHED
Cve assigner short name: microsoft
Cve date updated: 04/19/2024
Cve description: Windows Authentication Elevation of Privilege Vulnerability

Title: Secure Boot Security Feature Bypass Vulnerability
Cve id: CVE-2024-26175
Cve state: PUBLISHED
Cve assigner short name: microsoft
Cve date updated: 04/19/2024
Cve description: Secure Boot Security Feature Bypass Vulnerability

Title: Windows DNS Server Remote Code Execution Vulnerability
Cve id: CVE-2024-26231
Cve state: PUBLISHED
Cve assigner short name: microsoft
Cve date updated: 04/19/2024
Cve description: Windows DNS Server Remote Code Execution Vulnerability

Title: DHCP Server Service Remote Code Execution Vulnerability
Cve id: CVE-2024-26202
Cve state: PUBLISHED
Cve assigner short name: microsoft
Cve date updated: 04/19/2024
Cve description: DHCP Server Service Remote Code Execution Vulnerability

Title: Windows DNS Server Remote Code Execution Vulnerability
Cve id: CVE-2024-26224
Cve state: PUBLISHED
Cve assigner short name: microsoft
Cve date updated: 04/19/2024
Cve description: Windows DNS Server Remote Code Execution Vulnerability

Title: Secure Boot Security Feature Bypass Vulnerability
Cve id: CVE-2024-28924
Cve state: PUBLISHED
Cve assigner short name: microsoft
Cve date updated: 04/19/2024
Cve description: Secure Boot Security Feature Bypass Vulnerability

Title: Microsoft Azure Kubernetes Service Confidential Container Elevation of Privilege Vulnerability
Cve id: CVE-2024-29990
Cve state: PUBLISHED
Cve assigner short name: microsoft
Cve date updated: 04/19/2024
Cve description: Microsoft Azure Kubernetes Service Confidential Container Elevation of Privilege Vulnerability

Title: Secure Boot Security Feature Bypass Vulnerability
Cve id: CVE-2024-28920
Cve state: PUBLISHED
Cve assigner short name: microsoft
Cve date updated: 04/19/2024
Cve description: Secure Boot Security Feature Bypass Vulnerability

Title: Windows USB Print Driver Elevation of Privilege Vulnerability
Cve id: CVE-2024-26243
Cve state: PUBLISHED
Cve assigner short name: microsoft
Cve date updated: 04/19/2024
Cve description: Windows USB Print Driver Elevation of Privilege Vulnerability

Title: Windows Kernel Elevation of Privilege Vulnerability
Cve id: CVE-2024-20693
Cve state: PUBLISHED
Cve assigner short name: microsoft
Cve date updated: 04/19/2024
Cve description: Windows Kernel Elevation of Privilege Vulnerability

Cve id: CVE-2024-3156
Cve state: PUBLISHED
Cve assigner short name: Chrome
Cve date updated: 04/06/2024
Cve description: Inappropriate implementation in V8 in Google Chrome prior to 123.0.6312.105 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)

Title: Secure Boot Security Feature Bypass Vulnerability
Cve id: CVE-2024-26240
Cve state: PUBLISHED
Cve assigner short name: microsoft
Cve date updated: 04/19/2024
Cve description: Secure Boot Security Feature Bypass Vulnerability

Title: Secure Boot Security Feature Bypass Vulnerability
Cve id: CVE-2024-28903
Cve state: PUBLISHED
Cve assigner short name: microsoft
Cve date updated: 04/19/2024
Cve description: Secure Boot Security Feature Bypass Vulnerability

Title: Secure Boot Security Feature Bypass Vulnerability
Cve id: CVE-2024-28925
Cve state: PUBLISHED
Cve assigner short name: microsoft
Cve date updated: 04/19/2024
Cve description: Secure Boot Security Feature Bypass Vulnerability

Cve id: CVE-2019-3833
Cve state: PUBLISHED
Cve assigner short name: redhat
Cve date updated: 04/16/2019
Cve description: Openwsman, versions up to and including 2.6.9, are vulnerable to infinite loop in process_connection() when parsing specially crafted HTTP requests. A remote, unauthenticated attacker can exploit this vulnerability by sending malicious HTTP request to cause denial of service to openwsman server.

Title: Windows CSC Service Elevation of Privilege Vulnerability
Cve id: CVE-2024-26229
Cve state: PUBLISHED
Cve assigner short name: microsoft
Cve date updated: 04/19/2024
Cve description: Windows CSC Service Elevation of Privilege Vulnerability

Need to know more?

When Exploits Have More Fun Than You

CVE-2024-26234 is like that friend who always gets the scoop before anyone else. This proxy driver spoofing vulnerability has been exploited in the wild, making headlines before Microsoft could send out the invites for their patch update extravaganza.

Defending the Defender

The Defender for IoT, Microsoft's bouncer for the Internet of Things, has been caught snoozing on the job. Three critical vulnerabilities (CVE-2024-21322, CVE-2024-21323, CVE-2024-29053) have been caught slipping in remote code execution moves under its nose. Time for a training montage!

OLE, Can You See the Patches?

Around 40 remote code execution vulnerabilities in Microsoft OLE Driver for SQL Server are strutting their stuff. They're only rated "important", but with that many vulnerabilities, it's like a conga line of potential security issues.

DNS Server Service's RCE Hoedown

There are seven important vulnerabilities in the DNS Server Service, but exploiting them requires "perfect timing." So, hackers will need to synchronize their watches and practice their high-precision hacking routines if they want to join this number.

Chromium's Edge-y Party Tricks

Chromium is the life of the open-source party, and it's brought a few tricks to Microsoft Edge's proprietary shindig with seven vulnerabilities. While none of these are critical, they're still the kind of guests who might eat all the dip if left unattended.

In conclusion, next time you're at a digital security soiree, keep an eye out for CVE-2024-26234—it's the one already dancing on the table. And remember, in the world of cybersecurity, the party never stops, and neither does the need for vigilance. Patch up, stay safe, and keep your software off the list of vulnerabilities doing the electric slide through your systems!

Tags: Critical Updates, DNS Server exploits, exploit disclosure, Microsoft Edge vulnerabilities, Remote Code Execution, SQL Server Security, vulnerability management