Microsoft Patches 137 Vulnerabilities, Including Critical Azure, Windows Flaws

/HIGH
Written by SCW Vulnerability Desk Vulnerability Intelligence
SCW threat-intelvulnerabilitycloudmicrosoftidentity
Microsoft Patches 137 Vulnerabilities, Including Critical Azure, Windows Flaws

Microsoft’s latest security updates address 137 vulnerabilities, according to SecurityWeek. This significant patch Tuesday includes fixes for critical flaws across key products like Azure, Windows, Dynamics 365, and the SSO Plugin for Jira & Confluence. The sheer volume underscores the ongoing challenge of maintaining a secure posture in complex enterprise environments.

The update specifically highlights critical vulnerabilities in Azure and Windows, which are foundational to most enterprise operations. Attackers consistently target these platforms due to their pervasive use and potential for broad impact. Neglecting these patches creates immediate exposure points, making organizations low-hanging fruit for exploitation.

For defenders, this means a focused and rapid patching cycle is non-negotiable. Prioritize the critical vulnerabilities in Azure and Windows first, as these often present the most direct routes to system compromise or data exfiltration. The inclusion of Dynamics 365 and SSO Plugin flaws also signals the need to broaden the scope of patching to business-critical applications and identity management solutions.

What This Means For You

  • If your organization relies on Microsoft products, you need to be patching these 137 vulnerabilities immediately. Focus first on the critical flaws in Azure, Windows, Dynamics 365, and the SSO Plugin for Jira & Confluence. Attackers are already reverse-engineering these patches; delay is not an option.

Related ATT&CK Techniques

T1190 Exploit Public-Facing Application Initial Access T1200 Hardware Additions Persistence T1068 Exploitation for Privilege Escalation Privilege Escalation

πŸ›‘οΈ Detection Rules

3 rules Β· 6 SIEM formats

3 detection rules auto-generated for this incident, mapped to MITRE ATT&CK. Sigma YAML is free β€” export to any SIEM format via the Intel Bot.

critical T1190 Initial Access

Microsoft Azure Vulnerability Exploitation (CVE-XXXX-XXXX)

Sigma YAML β€” free preview

Source: Shimi's Cyber World Β· License & reuse

βœ“ Sigma Β· Splunk SPL Sentinel KQL Elastic QRadar AQL Wazuh Get rules for your SIEM β†’

Indicators of Compromise

IDTypeIndicator
Microsoft-Patch-Tuesday-April-2024 Multiple Vulnerabilities Microsoft Azure
Microsoft-Patch-Tuesday-April-2024 Multiple Vulnerabilities Microsoft Windows
Microsoft-Patch-Tuesday-April-2024 Multiple Vulnerabilities Microsoft Dynamics 365
Microsoft-Patch-Tuesday-April-2024 Multiple Vulnerabilities SSO Plugin for Jira & Confluence

Written by SCW Vulnerability Desk

Take action on this incident
πŸ“‘ Monitor microsoft.com Free Β· 1 watchlist slot Β· instant alerts on new breaches πŸ” Threat intel on Microsoft All breaches, IOCs & vendor exposure

Related coverage on Microsoft

West Pharmaceutical Hit by Ransomware, Data Stolen

West Pharmaceutical Services has confirmed a ransomware attack that led to data theft and system encryption. The incident, which occurred on May 4, prompted the...

threat-inteldata-breachgovernmentmalwareransomwaremicrosoft
/SCW Research /HIGH /⚙ 3 Sigma

Microsoft Releases Windows 10 KB5087544 Extended Security Update

Microsoft has rolled out the Windows 10 KB5087544 extended security update. BleepingComputer reports this update addresses vulnerabilities from May 2026 Patch Tuesday. It also includes...

threat-inteldata-breachmalwarevulnerabilitymicrosofttools
/SCW Vulnerability Desk /MEDIUM /⚑ 3 IOCs

Fortinet Warns of Critical RCE Flaws in FortiSandbox and FortiAuthenticator

Fortinet has issued urgent security patches for critical remote code execution (RCE) vulnerabilities impacting its FortiSandbox and FortiAuthenticator products. BleepingComputer reports that these flaws could...

threat-inteldata-breachmalwarevulnerabilitycloudtools
/SCW Vulnerability Desk /HIGH /⚑ 4 IOCs /⚙ 3 Sigma