Microsoft Security Response Center (MSRC) suspiciously updated four security advisories from this week:

• CVE-2024-26234 (Proxy Driver Spoofing Vulnerability, 6.7 medium, previously updated to confirm that it was an exploited zero-day): added acknowledgements
• CVE-2024-29053 (Microsoft Defender for IoT Remote Code Execution Vulnerability, 8.8 high): Added FAQ
• CVE-2024-29054 (Microsoft Defender for IoT Elevation of Privilege Vulnerability, 7.2 high): Added FAQ
• CVE-2024-29055 (Microsoft Defender for IoT Elevation of Privilege Vulnerability, 7.2 high): Added FAQ

Enough information in CVE-2024-29053's FAQ is provided to potentially develop an exploit without relying on a patch diffing. 29054 and 29055 are identical FAQs.

#CVE_2024_26234 #CVE_2024_29053 #CVE_2024_29054 #CVE_2024_29055 #vulnerability #Microsoft #MSRC #PatchTuesday

@jullrich of SANS ISC is on top of the new information from Sophos, and correctly identifies CVE-2024-26234 as an exploited zero-day in the Patch Tuesday summary. 🔗 https://isc.sans.edu/diary/rss/30822

#PatchTuesday #CVE_2024_26234 #zeroday #eitw #activeexploitation #vulnerability

Sophos X-Ops reported a backdoored "LaiXi Android Screen Mirroring" installer that they discovered in December 2023 was signed with a valid Microsoft Hardware Publisher Certificate. The campaign (unidentified threat actor) has been in development since at least January 2023. The incident was reported to Microsoft is tracked as CVE-2024-26234, and is the lone exploited zero-day for April 2024's Patch Tuesday! IOC provided. 🔗 https://news.sophos.com/en-us/2024/04/09/smoke-and-screen-mirrors-a-strange-signed-backdoor/

#threatintel #IOC #backdoor #LaiXi #backdoor #CVE_2024_26234 #eitw #activeexploitation

Happy Patch Tuesday from Microsoft: 155 vulnerabilities.
EDIT: 1 vulnerability was updated to say Exploited and Publicly Disclosed: CVE-2024-26234 (6.7 medium) THIS IS AN EXPLOITED ZERO-DAY! See Sophos article for information on a malicious executable signed by a valid Microsoft Hardware Publisher Certificate: https://news.sophos.com/en-us/2024/04/09/smoke-and-screen-mirrors-a-strange-signed-backdoor/

Updated CVE to correct exploit status. This is an informational update only.

cc: @campuscodi @briankrebs @todb @serghei

#PatchTuesday #Microsoft #MSRC #Vulnerability #CVE_2024_26234 #eitw #activeexploitation