Microsoft Patches Two Zero-Day Vulnerabilities in April Update

Microsoft addressed two actively exploited zero-day vulnerabilities alongside over 160 other flaws in its April Patch Tuesday update. The zero-days include CVE-2024-26234, a proxy driver spoofing vulnerability, and CVE-2024-29988, an elevation of privilege flaw in the SmartScreen security feature. The patches were released on April 9, 2024, targeting vulnerabilities across Windows, Office, and other Microsoft products. CVE-2024-29988 allows attackers to bypass SmartScreen protections, while CVE-2024-26234 could enable malicious actors to deploy signed but malicious drivers. No additional technical details on exploitation methods or affected versions were provided in the notice.