Top 5 trending vulnerabilities for April 2024 according to Positive Technologies

[Father]

Which ones are already being used in attacks, and which ones will fully manifest themselves a little later?

Positive Technologies identified five critical vulnerabilities, the most dangerous for corporate infrastructure, as of April this year. Some of them are already actively exploited by attackers, and some may be used in the near future. We'll briefly review each of the trending threats below.

1. CVSS 10). CVE-2024-3400, Remote command execution vulnerability in PAN-OS Palo Alto Networks ( This vulnerability is considered extremely critical and has a maximum CVSS score of 10. It allows attackers to create files and execute malicious code on vulnerable devices. Research by the Shadowserver Foundation indicates that there are more than 149,000 potentially vulnerable devices on the network. Exploiting this vulnerability can lead to serious security breaches and leakage of confidential information.
2. CVSS 6.7). CVE-2024-26234, Windows proxy driver spoofing vulnerability (This flaw allows potential attackers to "listen" to network traffic through proxy server manipulation. Earlier, Sophos detected the use of malicious software with a valid Microsoft Hardware Publisher certificate, which worsens the threat. The issue highlights the importance of proper control of digital signatures and certificate management.
3. CVSS 8.1). CVE-2023-35628, Remote code execution in Microsoft Outlook via MSHTML ( An attacker can send a specially designed malicious email that, even if not opened, can initiate remote code execution. This vulnerability does not require user interaction and can cause File Explorer to crash, which opens up wide opportunities for further attacks.
4. CVSS 7.8). CVE-2022-38028, vulnerability in the Print Spooler service on Windows ( This vulnerability allows authorized users to increase their privileges to the system administrator level. Attackers can use this to install backdoors or move around the network infrastructure. Microsoft reports that this vulnerability is actively exploited by the hacker utility Goosegg.
5. CVSS 8.8). CVE-2024-29988, SmartScreen filter bypass vulnerability in Windows Defender ( This vulnerability is usually exploited by sending attackers a special exploit in an archive file, which avoids detection by EDR and NDR systems. Consequences include bypassing Mark of the Web, which allows you to run potentially dangerous files without warnings from the Windows Defender SmartScreen system.

Positive Technologies specialists emphasize the need for active work to eliminate these vulnerabilities and update systems in accordance with manufacturers ' recommendations. At the same time, the new-generation vulnerability management system MaxPatrol VM will help provide enterprises with protection from possible cyber attacks in the shortest possible time, as expertise enters the product within 12 hours.