Black Arrow Cyber Advisory 10 April 2024 – Microsoft Patch Tuesday, Adobe and SAP Updates

Executive Summary

In Microsoft’s April Patch Tuesday, updates were released to rectify 149 security issues across its product range. Notably, the update tackles two actively exploited zero-day vulnerabilities which are being exploited in to deploy malware. The exploited zero-day vulnerabilities allow for the bypassing of security feature prompts on SmartScreen and malicious drivers to deploy backdoors. Among these, 67 specifically addressed Remote Code Execution vulnerabilities. Among the updates provided by Microsoft were 3 critical vulnerabilities.

In addition to the Microsoft updates this week also saw Adobe and SAP provide updates for vulnerabilities in a variety of their products, with multiple rated as critical.

What’s the risk to me or my business?

Successful exploitation of these vulnerabilities allow for an attacker to distribute malware to a vulnerable system, gain remote code execution, cause a denial of service and impact the confidentiality, integrity and availability of information.

What can I do?

All vulnerabilities with an available patch should be updated as soon as possible.


Technical Summary

Microsoft

CVE-2024-26234: This vulnerability is caused by a malicious driver that has been signed with a valid Microsoft Hardware Publisher Certificate. The driver is used to deploy a backdoor.

CVE-2024-29988: This vulnerability, if actively exploited, allows a malicious attachment to bypass Microsoft Defenders SmartScreen prompts when a file is opened. This has been recorded as exploited by financially motivated Water Hydra hacking group.

Adobe

This month, Adobe released fixes for 24 vulnerabilities, of which 5 were rated critical, across Adobe After Effects, 2 critical vulnerabilities impacting Adobe Photoshop, Adobe Commerce and Adobe InDesign, a critical vulnerability impacting Adobe Experience Manager, Adobe Media Encoder, Adobe Bridge and Adobe Illustrator and 2 critical vulnerabilities impacting Adobe Animate. At current, Adobe is not aware of any of these vulnerabilities being actively exploited. The vulnerabilities include Out of Bounds Read, Improper Input Validation, Cross-site Scripting (Stored XSS), Information Exposure and Arbitrary code execution.

SAP

This month, SAP has released 12 patches, which include 10 new releases and 2 updates from previous releases. The vulnerabilities encompass a range of issues, including Security misconfiguration, Information disclosure, Directory traversal, Denial of Service and Missing authorisation checks.


further details on other specific updates within this patch Tuesday can be found here:

https://www.ghacks.net/2024/04/09/microsoft-releases-the-april-2024-security-updates-for-windows/

https://www.bleepingcomputer.com/news/microsoft/microsoft-fixes-two-windows-zero-days-exploited-in-malware-attacks/

Further details of the vulnerabilities addressed in Adobe After Effects can be found here: https://helpx.adobe.com/security/products/after_effects/apsb24-09.html

Further details of the vulnerabilities addressed in Adobe Photoshop can be found here:

https://helpx.adobe.com/security/products/photoshop/apsb24-16.html

Further details of the vulnerabilities addressed in Adobe Commerce can be found here: https://helpx.adobe.com/security/products/magento/apsb24-18.html

Further details of the vulnerabilities addressed in Adobe InDesign can be found here:

https://helpx.adobe.com/security/products/indesign/apsb24-20.html

Further details of the vulnerabilities addressed in Adobe Experience Manager can be found here:

https://helpx.adobe.com/security/products/experience-manager/apsb24-21.html

Further details of the vulnerabilities addressed in Adobe Media Encoder can be found here:

https://helpx.adobe.com/security/products/media-encoder/apsb24-23.html

Further details of the vulnerabilities addressed in Adobe Bridge can be found here:

https://helpx.adobe.com/security/products/bridge/apsb24-24.html

Further details of the vulnerabilities addressed in Adobe Illustrator can be found here:

https://helpx.adobe.com/security/products/illustrator/apsb24-25.html

Further details of the vulnerabilities addressed by SAP can be found here:

https://support.sap.com/en/my-support/knowledge-base/security-notes-news/april-2024.html

Need help understanding your gaps, or just want some advice? Get in touch with us.

#threatadvisory #threatintelligence #cybersecurity

Previous
Previous

Will Channel Islands Fund and Asset Managers Lose Clients Because Of New EU Cyber Security Regulations?

Next
Next

Free Webinar for London Fund and Asset Managers: Don’t Lose Clients Because Of New EU Cyber Security Regulations