Skip to content
BLOG

Patch Tuesday April 2024

Brock Bingham candid headshot
Brock Bingham|April 9, 2024
Patch Tuesday (green)
Patch Tuesday (green)
Sections

My fellow sysadmins, strengthen your resolve — for today, we find ourselves at the forefront of another Patch Tuesday. While millions of users go about their day as if it were any other Tuesday, dreaming of cheap tacos and the inevitable heartburn that follows, we are tasked with the most righteous cause of patch management. It is up to us to ensure updates are distributed to devices far and wide, strengthening our defense against the relentless threat of cyberattacks.

Now, as we embark upon this most virtuous quest, let us identify and highlight what patches are in store for us this month.

  • Total exploits patched: 155

  • Critical patches: 3

  • Already known or exploited: 1

Some highlights (or lowlights)

CVE-2024-29990: This month, we’ve got more Azure Kubernetes shenanigans afoot. It’s also our highest-rated CVE for the month at 9.0. We may sound like a broken record at this point, but if you are running a Confidential Container, make sure you are running the latest version of az confcom and Kata Image. If you’re not already running az confcom, you can install it by executing az extension add -n confcom or update it with az extension update -n confcom.

CVE-2024-26179: Among the highest-rated CVEs this month is this remote code execution (RCE) vulnerability targeting Windows Routing and Remote Access Service. With a network attack vector and a low attack complexity, the only thing keeping this from being rated higher is the fact that it requires user interaction in which they connect to a malicious server. I guess the question is how much do you trust your users?

CVE-2024-26257: Last highlight of the day goes to another RCE vulnerability targeting one of my favorite applications of all time, Excel. As with many of the vulnerabilities disclosed this month, this too requires user interaction. A user must execute the malicious code locally for the vulnerability to work. If you are a Mac user, be extra careful because a security update is not yet available, though Microsoft is currently working on a release.

Wrapping up

As you venture forth, know that I go with you — in spirit. But, if you’d like more help than that, we’ve got you covered. Check out PDQ Connect or PDQ Deploy & Inventory, which are designed to not only simplify but also automate your patch deployments. Make Patch Tuesday a thing of the past with the right tools. Download a free trial and worry less about Patch Tuesday — and more about Taco Tuesday.

Loading...

Brock Bingham candid headshot
Brock Bingham

Brock Bingham is a systems administrator with 15 years of experience managing endpoints and servers, with a strong focus on automation, patching, security, and maintaining stable environments at scale. After years of hands-on IT work, he now creates content and teaches, helping other admins learn through practical, real-world guidance.

Related articles

Illustration of mail with letter with check marks

PDQ launches integration with Freshworks, bridging help desk and endpoint ops

NEWS

Illustration of computer desk and monitor with PDQ logo

How to choose IT tools that scale with your team

GENERAL IT

Image of a doctor's kit and bandaid.

Patch Tuesday February 2026

SECURITY