At present is Microsoft’s March 2024 Patch Tuesday, and safety updates have been launched for 60 vulnerabilities, together with eighteen distant code execution flaws.
This Patch Tuesday fixes solely two vital vulnerabilities: Hyper-V distant code execution and denial of service flaws.
The variety of bugs in every vulnerability class is listed beneath
- 24 Elevation of Privilege Vulnerabilities
- 3 Safety Function Bypass Vulnerabilities
- 18 Distant Code Execution Vulnerabilities
- 6 Data Disclosure Vulnerabilities
- 6 Denial of Service Vulnerabilities
- 2 Spoofing Vulnerabilities
The full rely of 60 flaws doesn’t embody 4 Microsoft Edge flaws fastened on March seventh.
Moreover, Microsoft didn’t disclose any zero-days as a part of at the moment’s Patch Tuesday updates.
To be taught extra in regards to the non-security updates launched at the moment, you may evaluation our devoted articles on the brand new Home windows 11 KB5035853 replace and the Home windows 10 KB5035845 replace.
Flaws of curiosity
This month’s Patch Tuesday doesn’t repair any zero-day vulnerabilities however does embody some attention-grabbing flaws, which we’ve got listed beneath.
CVE-2024-21400 – Microsoft Azure Kubernetes Service Confidential Container Elevation of Privilege Vulnerability
Microsoft fastened a vulnerability in Azure Kubernetes Service that might enable attackers to achieve elevated privileges and steal credentials.
“An attacker who efficiently exploited this vulnerability may steal credentials and have an effect on assets past the safety scope managed by Azure Kubernetes Service Confidential Containers (AKSCC),” explains a Microsoft safety advisory.
The flaw was found by Yuval Avrahami.
CVE-2024-26199 – Microsoft Workplace Elevation of Privilege Vulnerability
Microsoft has fastened a Workplace vulnerability permitting any authenticated consumer to achieve SYSTEM privileges.
“Any authenticated consumer may set off this vulnerability. It doesn’t require admin or different elevated privileges,” explains Microsoft.
The flaw was found by Iván Almuiña from Hacking Company Sàrl.
CVE-2024-20671 – Microsoft Defender Safety Function Bypass Vulnerability
Microsoft has fastened a Microsoft Defender vulnerability that might
“An authenticated attacker who efficiently exploited this vulnerability may forestall Microsoft Defender from beginning,” explains Microsoft.
Nevertheless, this shall be resolved by Home windows Defender Antimalware Platform updates which are routinely put in on Home windows units.
This flaw is fastened in model 4.18.24010.12 of the Antimalware Platform.
Microsoft says that this flaw was found by Manuel Feifel with Infoguard (Vurex).
CVE-2024-21411 – Skype for Client Distant Code Execution Vulnerability
Microsoft has fastened a distant code execution vulnerability Skype for Client that may be triggered by a malicious hyperlink or picture.
“An attacker may exploit the vulnerability by sending the consumer a malicious hyperlink or a malicious picture by way of Instantaneous Message after which convincing the consumer to click on the hyperlink or picture,” explains Microsoft.
Microsoft says this flaw was found by Hector Peralta and Nicole Armua working with Pattern Micro Zero Day Initiative.
Latest updates from different firms
Different distributors who launched updates or advisories in March 2024 embody:
The March 2024 Patch Tuesday Safety Updates
Under is the whole record of resolved vulnerabilities within the March 2024 Patch Tuesday updates.
To entry the complete description of every vulnerability and the techniques it impacts, you may view the complete report right here.
| Tag | CVE ID | CVE Title | Severity |
|---|---|---|---|
| .NET | CVE-2024-21392 | .NET and Visible Studio Denial of Service Vulnerability | Essential |
| Azure Information Studio | CVE-2024-26203 | Azure Information Studio Elevation of Privilege Vulnerability | Essential |
| Azure SDK | CVE-2024-21421 | Azure SDK Spoofing Vulnerability | Essential |
| Intel | CVE-2023-28746 | Intel: CVE-2023-28746 Register File Information Sampling (RFDS) | Essential |
| Microsoft Authenticator | CVE-2024-21390 | Microsoft Authenticator Elevation of Privilege Vulnerability | Essential |
| Microsoft Azure Kubernetes Service | CVE-2024-21400 | Microsoft Azure Kubernetes Service Confidential Container Elevation of Privilege Vulnerability | Essential |
| Microsoft Django Backend for SQL Server | CVE-2024-26164 | Microsoft Django Backend for SQL Server Distant Code Execution Vulnerability | Essential |
| Microsoft Dynamics | CVE-2024-21419 | Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | Essential |
| Microsoft Edge (Chromium-based) | CVE-2024-2174 | Chromium: CVE-2024-2174 Inappropriate implementation in V8 | Unknown |
| Microsoft Edge (Chromium-based) | CVE-2024-2173 | Chromium: CVE-2024-2173 Out of bounds reminiscence entry in V8 | Unknown |
| Microsoft Edge (Chromium-based) | CVE-2024-2176 | Chromium: CVE-2024-2176 Use after free in FedCM | Unknown |
| Microsoft Edge for Android | CVE-2024-26167 | Microsoft Edge for Android Spoofing Vulnerability | Unknown |
| Microsoft Alternate Server | CVE-2024-26198 | Microsoft Alternate Server Distant Code Execution Vulnerability | Essential |
| Microsoft Graphics Element | CVE-2024-21437 | Home windows Graphics Element Elevation of Privilege Vulnerability | Essential |
| Microsoft Intune | CVE-2024-26201 | Microsoft Intune Linux Agent Elevation of Privilege Vulnerability | Essential |
| Microsoft Workplace | CVE-2024-26199 | Microsoft Workplace Elevation of Privilege Vulnerability | Essential |
| Microsoft Workplace SharePoint | CVE-2024-21426 | Microsoft SharePoint Server Distant Code Execution Vulnerability | Essential |
| Microsoft QUIC | CVE-2024-26190 | Microsoft QUIC Denial of Service Vulnerability | Essential |
| Microsoft Groups for Android | CVE-2024-21448 | Microsoft Groups for Android Data Disclosure Vulnerability | Essential |
| Microsoft WDAC ODBC Driver | CVE-2024-21451 | Microsoft ODBC Driver Distant Code Execution Vulnerability | Essential |
| Microsoft WDAC OLE DB supplier for SQL | CVE-2024-21441 | Microsoft WDAC OLE DB supplier for SQL Server Distant Code Execution Vulnerability | Essential |
| Microsoft WDAC OLE DB supplier for SQL | CVE-2024-26161 | Microsoft WDAC OLE DB supplier for SQL Server Distant Code Execution Vulnerability | Essential |
| Microsoft WDAC OLE DB supplier for SQL | CVE-2024-26166 | Microsoft WDAC OLE DB supplier for SQL Server Distant Code Execution Vulnerability | Essential |
| Microsoft WDAC OLE DB supplier for SQL | CVE-2024-21444 | Microsoft WDAC OLE DB supplier for SQL Server Distant Code Execution Vulnerability | Essential |
| Microsoft WDAC OLE DB supplier for SQL | CVE-2024-21450 | Microsoft WDAC OLE DB supplier for SQL Server Distant Code Execution Vulnerability | Essential |
| Microsoft Home windows SCSI Class System File | CVE-2024-21434 | Microsoft Home windows SCSI Class System File Elevation of Privilege Vulnerability | Essential |
| Open Administration Infrastructure | CVE-2024-21330 | Open Administration Infrastructure (OMI) Elevation of Privilege Vulnerability | Essential |
| Open Administration Infrastructure | CVE-2024-21334 | Open Administration Infrastructure (OMI) Distant Code Execution Vulnerability | Essential |
| Outlook for Android | CVE-2024-26204 | Outlook for Android Data Disclosure Vulnerability | Essential |
| Function: Home windows Hyper-V | CVE-2024-21407 | Home windows Hyper-V Distant Code Execution Vulnerability | Vital |
| Function: Home windows Hyper-V | CVE-2024-21408 | Home windows Hyper-V Denial of Service Vulnerability | Vital |
| Skype for Client | CVE-2024-21411 | Skype for Client Distant Code Execution Vulnerability | Essential |
| Software program for Open Networking within the Cloud (SONiC) | CVE-2024-21418 | Software program for Open Networking within the Cloud (SONiC) Elevation of Privilege Vulnerability | Essential |
| Visible Studio Code | CVE-2024-26165 | Visible Studio Code Elevation of Privilege Vulnerability | Essential |
| Home windows AllJoyn API | CVE-2024-21438 | Microsoft AllJoyn API Denial of Service Vulnerability | Essential |
| Home windows Cloud Recordsdata Mini Filter Driver | CVE-2024-26160 | Home windows Cloud Recordsdata Mini Filter Driver Data Disclosure Vulnerability | Essential |
| Home windows Composite Picture File System | CVE-2024-26170 | Home windows Composite Picture File System (CimFS) Elevation of Privilege Vulnerability | Essential |
| Home windows Compressed Folder | CVE-2024-26185 | Home windows Compressed Folder Tampering Vulnerability | Essential |
| Home windows Defender | CVE-2024-20671 | Microsoft Defender Safety Function Bypass Vulnerability | Essential |
| Home windows Error Reporting | CVE-2024-26169 | Home windows Error Reporting Service Elevation of Privilege Vulnerability | Essential |
| Home windows Hypervisor-Protected Code Integrity | CVE-2024-21431 | Hypervisor-Protected Code Integrity (HVCI) Safety Function Bypass Vulnerability | Essential |
| Home windows Installer | CVE-2024-21436 | Home windows Installer Elevation of Privilege Vulnerability | Essential |
| Home windows Kerberos | CVE-2024-21427 | Home windows Kerberos Safety Function Bypass Vulnerability | Essential |
| Home windows Kernel | CVE-2024-26177 | Home windows Kernel Data Disclosure Vulnerability | Essential |
| Home windows Kernel | CVE-2024-26176 | Home windows Kernel Elevation of Privilege Vulnerability | Essential |
| Home windows Kernel | CVE-2024-26174 | Home windows Kernel Data Disclosure Vulnerability | Essential |
| Home windows Kernel | CVE-2024-26182 | Home windows Kernel Elevation of Privilege Vulnerability | Essential |
| Home windows Kernel | CVE-2024-26181 | Home windows Kernel Denial of Service Vulnerability | Essential |
| Home windows Kernel | CVE-2024-26178 | Home windows Kernel Elevation of Privilege Vulnerability | Essential |
| Home windows Kernel | CVE-2024-26173 | Home windows Kernel Elevation of Privilege Vulnerability | Essential |
| Home windows Kernel | CVE-2024-21443 | Home windows Kernel Elevation of Privilege Vulnerability | Essential |
| Home windows NTFS | CVE-2024-21446 | NTFS Elevation of Privilege Vulnerability | Essential |
| Home windows ODBC Driver | CVE-2024-21440 | Microsoft ODBC Driver Distant Code Execution Vulnerability | Essential |
| Home windows ODBC Driver | CVE-2024-26162 | Microsoft ODBC Driver Distant Code Execution Vulnerability | Essential |
| Home windows ODBC Driver | CVE-2024-26159 | Microsoft ODBC Driver Distant Code Execution Vulnerability | Essential |
| Home windows OLE | CVE-2024-21435 | Home windows OLE Distant Code Execution Vulnerability | Essential |
| Home windows Print Spooler Elements | CVE-2024-21433 | Home windows Print Spooler Elevation of Privilege Vulnerability | Essential |
| Home windows Requirements-Primarily based Storage Administration Service | CVE-2024-26197 | Home windows Requirements-Primarily based Storage Administration Service Denial of Service Vulnerability | Essential |
| Home windows Telephony Server | CVE-2024-21439 | Home windows Telephony Server Elevation of Privilege Vulnerability | Essential |
| Home windows Replace Stack | CVE-2024-21432 | Home windows Replace Stack Elevation of Privilege Vulnerability | Essential |
| Home windows USB Hub Driver | CVE-2024-21429 | Home windows USB Hub Driver Distant Code Execution Vulnerability | Essential |
| Home windows USB Print Driver | CVE-2024-21442 | Home windows USB Print Driver Elevation of Privilege Vulnerability | Essential |
| Home windows USB Print Driver | CVE-2024-21445 | Home windows USB Print Driver Elevation of Privilege Vulnerability | Essential |
| Home windows USB Serial Driver | CVE-2024-21430 | Home windows USB Hooked up SCSI (UAS) Protocol Distant Code Execution Vulnerability | Essential |