Today is Microsoft’s March 2024 Patch Tuesday, and security updates have been released for 60 vulnerabilities, including eighteen remote code execution flaws.
This Patch Tuesday fixes only two critical vulnerabilities: Hyper-V remote code execution and denial of service flaws.
The number of bugs in each vulnerability category is listed below
- 24 Elevation of Privilege Vulnerabilities
- 3 Security Feature Bypass Vulnerabilities
- 18 Remote Code Execution Vulnerabilities
- 6 Information Disclosure Vulnerabilities
- 6 Denial of Service Vulnerabilities
- 2 Spoofing Vulnerabilities
The total count of 60 flaws does not include 4 Microsoft Edge flaws fixed on March 7th.
Furthermore, Microsoft did not disclose any zero-days as part of today’s Patch Tuesday updates.
To learn more about the non-security updates released today, you can review our dedicated articles on the new Windows 11 KB5035853 update and the Windows 10 KB5035845 update.
Flaws of interest
This month’s Patch Tuesday does not fix any zero-day vulnerabilities but does include some interesting flaws, which we have listed below.
CVE-2024-21400 – Microsoft Azure Kubernetes Service Confidential Container Elevation of Privilege Vulnerability
Microsoft fixed a vulnerability in Azure Kubernetes Service that could allow attackers to gain elevated privileges and steal credentials.
“An attacker who successfully exploited this vulnerability could steal credentials and affect resources beyond the security scope managed by Azure Kubernetes Service Confidential Containers (AKSCC),” explains a Microsoft security advisory.
The flaw was discovered by Yuval Avrahami.
CVE-2024-26199 – Microsoft Office Elevation of Privilege Vulnerability
Microsoft has fixed a Office vulnerability allowing any authenticated user to gain SYSTEM privileges.
“Any authenticated user could trigger this vulnerability. It does not require admin or other elevated privileges,” explains Microsoft.
The flaw was discovered by Iván Almuiña from Hacking Corporation Sàrl.
CVE-2024-20671 – Microsoft Defender Security Feature Bypass Vulnerability
Microsoft has fixed a Microsoft Defender vulnerability that could
“An authenticated attacker who successfully exploited this vulnerability could prevent Microsoft Defender from starting,” explains Microsoft.
However, this will be resolved by Windows Defender Antimalware Platform updates that are automatically installed on Windows devices.
This flaw is fixed in version 4.18.24010.12 of the Antimalware Platform.
Microsoft says that this flaw was discovered by Manuel Feifel with Infoguard (Vurex).
CVE-2024-21411 – Skype for Consumer Remote Code Execution Vulnerability
Microsoft has fixed a remote code execution vulnerability Skype for Consumer that can be triggered by a malicious link or image.
“An attacker could exploit the vulnerability by sending the user a malicious link or a malicious image via Instant Message and then convincing the user to click the link or image,” explains Microsoft.
Microsoft says this flaw was discovered by Hector Peralta and Nicole Armua working with Trend Micro Zero Day Initiative.
Recent updates from other companies
Other vendors who released updates or advisories in March 2024 include:
The March 2024 Patch Tuesday Security Updates
Below is the complete list of resolved vulnerabilities in the March 2024 Patch Tuesday updates.
To access the full description of each vulnerability and the systems it affects, you can view the full report here.
| Tag | CVE ID | CVE Title | Severity |
|---|---|---|---|
| .NET | CVE-2024-21392 | .NET and Visual Studio Denial of Service Vulnerability | Important |
| Azure Data Studio | CVE-2024-26203 | Azure Data Studio Elevation of Privilege Vulnerability | Important |
| Azure SDK | CVE-2024-21421 | Azure SDK Spoofing Vulnerability | Important |
| Intel | CVE-2023-28746 | Intel: CVE-2023-28746 Register File Data Sampling (RFDS) | Important |
| Microsoft Authenticator | CVE-2024-21390 | Microsoft Authenticator Elevation of Privilege Vulnerability | Important |
| Microsoft Azure Kubernetes Service | CVE-2024-21400 | Microsoft Azure Kubernetes Service Confidential Container Elevation of Privilege Vulnerability | Important |
| Microsoft Django Backend for SQL Server | CVE-2024-26164 | Microsoft Django Backend for SQL Server Remote Code Execution Vulnerability | Important |
| Microsoft Dynamics | CVE-2024-21419 | Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | Important |
| Microsoft Edge (Chromium-based) | CVE-2024-2174 | Chromium: CVE-2024-2174 Inappropriate implementation in V8 | Unknown |
| Microsoft Edge (Chromium-based) | CVE-2024-2173 | Chromium: CVE-2024-2173 Out of bounds memory access in V8 | Unknown |
| Microsoft Edge (Chromium-based) | CVE-2024-2176 | Chromium: CVE-2024-2176 Use after free in FedCM | Unknown |
| Microsoft Edge for Android | CVE-2024-26167 | Microsoft Edge for Android Spoofing Vulnerability | Unknown |
| Microsoft Exchange Server | CVE-2024-26198 | Microsoft Exchange Server Remote Code Execution Vulnerability | Important |
| Microsoft Graphics Component | CVE-2024-21437 | Windows Graphics Component Elevation of Privilege Vulnerability | Important |
| Microsoft Intune | CVE-2024-26201 | Microsoft Intune Linux Agent Elevation of Privilege Vulnerability | Important |
| Microsoft Office | CVE-2024-26199 | Microsoft Office Elevation of Privilege Vulnerability | Important |
| Microsoft Office SharePoint | CVE-2024-21426 | Microsoft SharePoint Server Remote Code Execution Vulnerability | Important |
| Microsoft QUIC | CVE-2024-26190 | Microsoft QUIC Denial of Service Vulnerability | Important |
| Microsoft Teams for Android | CVE-2024-21448 | Microsoft Teams for Android Information Disclosure Vulnerability | Important |
| Microsoft WDAC ODBC Driver | CVE-2024-21451 | Microsoft ODBC Driver Remote Code Execution Vulnerability | Important |
| Microsoft WDAC OLE DB provider for SQL | CVE-2024-21441 | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | Important |
| Microsoft WDAC OLE DB provider for SQL | CVE-2024-26161 | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | Important |
| Microsoft WDAC OLE DB provider for SQL | CVE-2024-26166 | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | Important |
| Microsoft WDAC OLE DB provider for SQL | CVE-2024-21444 | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | Important |
| Microsoft WDAC OLE DB provider for SQL | CVE-2024-21450 | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | Important |
| Microsoft Windows SCSI Class System File | CVE-2024-21434 | Microsoft Windows SCSI Class System File Elevation of Privilege Vulnerability | Important |
| Open Management Infrastructure | CVE-2024-21330 | Open Management Infrastructure (OMI) Elevation of Privilege Vulnerability | Important |
| Open Management Infrastructure | CVE-2024-21334 | Open Management Infrastructure (OMI) Remote Code Execution Vulnerability | Important |
| Outlook for Android | CVE-2024-26204 | Outlook for Android Information Disclosure Vulnerability | Important |
| Role: Windows Hyper-V | CVE-2024-21407 | Windows Hyper-V Remote Code Execution Vulnerability | Critical |
| Role: Windows Hyper-V | CVE-2024-21408 | Windows Hyper-V Denial of Service Vulnerability | Critical |
| Skype for Consumer | CVE-2024-21411 | Skype for Consumer Remote Code Execution Vulnerability | Important |
| Software for Open Networking in the Cloud (SONiC) | CVE-2024-21418 | Software for Open Networking in the Cloud (SONiC) Elevation of Privilege Vulnerability | Important |
| Visual Studio Code | CVE-2024-26165 | Visual Studio Code Elevation of Privilege Vulnerability | Important |
| Windows AllJoyn API | CVE-2024-21438 | Microsoft AllJoyn API Denial of Service Vulnerability | Important |
| Windows Cloud Files Mini Filter Driver | CVE-2024-26160 | Windows Cloud Files Mini Filter Driver Information Disclosure Vulnerability | Important |
| Windows Composite Image File System | CVE-2024-26170 | Windows Composite Image File System (CimFS) Elevation of Privilege Vulnerability | Important |
| Windows Compressed Folder | CVE-2024-26185 | Windows Compressed Folder Tampering Vulnerability | Important |
| Windows Defender | CVE-2024-20671 | Microsoft Defender Security Feature Bypass Vulnerability | Important |
| Windows Error Reporting | CVE-2024-26169 | Windows Error Reporting Service Elevation of Privilege Vulnerability | Important |
| Windows Hypervisor-Protected Code Integrity | CVE-2024-21431 | Hypervisor-Protected Code Integrity (HVCI) Security Feature Bypass Vulnerability | Important |
| Windows Installer | CVE-2024-21436 | Windows Installer Elevation of Privilege Vulnerability | Important |
| Windows Kerberos | CVE-2024-21427 | Windows Kerberos Security Feature Bypass Vulnerability | Important |
| Windows Kernel | CVE-2024-26177 | Windows Kernel Information Disclosure Vulnerability | Important |
| Windows Kernel | CVE-2024-26176 | Windows Kernel Elevation of Privilege Vulnerability | Important |
| Windows Kernel | CVE-2024-26174 | Windows Kernel Information Disclosure Vulnerability | Important |
| Windows Kernel | CVE-2024-26182 | Windows Kernel Elevation of Privilege Vulnerability | Important |
| Windows Kernel | CVE-2024-26181 | Windows Kernel Denial of Service Vulnerability | Important |
| Windows Kernel | CVE-2024-26178 | Windows Kernel Elevation of Privilege Vulnerability | Important |
| Windows Kernel | CVE-2024-26173 | Windows Kernel Elevation of Privilege Vulnerability | Important |
| Windows Kernel | CVE-2024-21443 | Windows Kernel Elevation of Privilege Vulnerability | Important |
| Windows NTFS | CVE-2024-21446 | NTFS Elevation of Privilege Vulnerability | Important |
| Windows ODBC Driver | CVE-2024-21440 | Microsoft ODBC Driver Remote Code Execution Vulnerability | Important |
| Windows ODBC Driver | CVE-2024-26162 | Microsoft ODBC Driver Remote Code Execution Vulnerability | Important |
| Windows ODBC Driver | CVE-2024-26159 | Microsoft ODBC Driver Remote Code Execution Vulnerability | Important |
| Windows OLE | CVE-2024-21435 | Windows OLE Remote Code Execution Vulnerability | Important |
| Windows Print Spooler Components | CVE-2024-21433 | Windows Print Spooler Elevation of Privilege Vulnerability | Important |
| Windows Standards-Based Storage Management Service | CVE-2024-26197 | Windows Standards-Based Storage Management Service Denial of Service Vulnerability | Important |
| Windows Telephony Server | CVE-2024-21439 | Windows Telephony Server Elevation of Privilege Vulnerability | Important |
| Windows Update Stack | CVE-2024-21432 | Windows Update Stack Elevation of Privilege Vulnerability | Important |
| Windows USB Hub Driver | CVE-2024-21429 | Windows USB Hub Driver Remote Code Execution Vulnerability | Important |
| Windows USB Print Driver | CVE-2024-21442 | Windows USB Print Driver Elevation of Privilege Vulnerability | Important |
| Windows USB Print Driver | CVE-2024-21445 | Windows USB Print Driver Elevation of Privilege Vulnerability | Important |
| Windows USB Serial Driver | CVE-2024-21430 | Windows USB Attached SCSI (UAS) Protocol Remote Code Execution Vulnerability | Important |
Source: Original Post
“An interesting youtube video that may be related to the article above”