On this April 2024 Patch Tuesday, Microsoft has fixed a record 147 CVE-numbered vulnerabilities, including CVE-2024-29988, a vulnerability that Microsoft hasn’t marked as exploited, but Peter Girnus, senior threat researcher with Trend Micro’s Zero Day Initiative (ZDI), has found being leveraged by attackers in the wild. “Threat actors are sending exploits in a zipped file to evade EDR/NDR detection and then using this bug (and others) to bypass MotW,” notes Dustin Childs, head of threat … More

The post Microsoft patches actively exploited security feature bypass vulnerability (CVE-2024-29988) appeared first on Help Net Security.