Microsoft has released its April 2024 Patch Tuesday, addressing a total of 150 security flaws, including 67 remote code execution (RCE) vulnerabilities. The update also includes fixes for two zero-day vulnerabilities that were actively exploited in malware attacks.

Today’s Patch Tuesday includes security updates for various vulnerabilities, with only three critical vulnerabilities being addressed. However, the focus is on the 67 RCE bugs, with more than half of them found within Microsoft SQL drivers, indicating a potential common flaw.

In addition to the RCE vulnerabilities, the update addresses 31 elevation of privilege vulnerabilities, 29 security feature bypass vulnerabilities, 13 information disclosure vulnerabilities, 7 denial of service vulnerabilities, and 3 spoofing vulnerabilities.

The release also includes fixes for twenty-six Secure Boot bypasses, including two from Lenovo. It is important to note that the total count of 150 flaws does not include 5 Microsoft Edge flaws fixed on April 4th and 2 Mariner flaws.

Mariner is an open-source Linux distribution developed by Microsoft for its Microsoft Azure services. The update also covers non-security updates, such as the new Windows 10 KB5036892 cumulative update and the Windows 10 KB5036892 update.

Furthermore, the Patch Tuesday fixed two zero-day vulnerabilities that were actively exploited in malware attacks. Although Microsoft initially did not mark the zero days as actively exploited, Sophos and Trend Micro shared information on how they were being used in attacks.