Patchday April 2024: Microsoft releases almost 150 patches and bug fixes

After a relatively quiet period so far this year, the April 2024 Patchday is hitting the ground running. 147 CVEs (Common Vulnerabilities and Exposures) are on Microsoft's list this month. As every month, Patchday April 2024 is also on the second Tuesday of the month and we provide a brief overview of the most important patches.

Largest collection of patches on Patchday April 2024

147 patches and bug fixes is a proud number. In fact, it is probably the largest collection of patches from Microsoft. At the very least, it's Microsoft's biggest patch day since 2017. We can only guess where this large number of CVEs comes from this month. The last few months have been relatively quiet and perhaps some bugs have accumulated that are now being tackled together.

It is also striking that, despite the number of patches, only three critical CVEs have been closed or eliminated. That can be seen as a positive. With so many bugs, this is only a small proportion and the risk is apparently low despite the many gaps.

None of the CVEs are publicly known and so far none of the vulnerabilities have been used for attacks by hackers. Although Zero Day Initiative reports that at least one of the bugs was already known in advance, Microsoft lists it as unknown. Presumably this simply means that the bug in question has not been exploited.

In any case, you should of course update your Microsoft programs as quickly as possible to ensure that you are always secure.

Three critical CVEs on Patchday April 2024

The critical CVEs mentioned, which Microsoft fixed with the April 2024 patchday, all relate to Microsoft Defender. In all three cases, this is a code execution vulnerability. Simply explained, these vulnerabilities would allow attackers to inject foreign code into the system and cause damage or intercept data.

Of the 147 patches on the April 2024 patchday, many are classified as important and achieve a score of 8.8 in the Common Vulnerability Scoring System (CVSS). The CVSS rates bugs on a scale of 1 to 10 in terms of their danger to the system or as an entry point for hackers. An 8.8 is not to be underestimated and was distributed several times on Patchday April 2024.

These include numerous remote code execution vulnerabilities in Microsoft ODBC drivers and an elevation of privilege vulnerability in Microsoft Azure CycleCloud, which could allow hackers to gain access with certain administrator rights.

Further patches on Patchday April 2024 affect Outlook, Excel and Edge.

Safely on the move in the Microsoft cosmos with skill it

We offer some helpful courses to help you stay safe and secure in Microsoft's programs, applications and clouds.

You will learn the basics for secure handling of Microsoft applications in our training Microsoft Security, Compliance, and Identity Fundamentalsfor which you only need to take one day.

If you want to delve deeper into the topic of security, we recommend our three-day training Microsoft Information Protection Administrator or our four-day course Microsoft Cybersecurity Architect.

In these courses, you will learn how to create secure environments in Microsoft's applications and clouds and extend them to the entire company.