Immediately is Microsoft’s March 2024 Patch Tuesday, and security updates have been launched for 60 vulnerabilities, together with eighteen distant code execution flaws.
This Patch Tuesday fixes solely two important vulnerabilities: Hyper-V distant code execution and denial of service flaws.
The variety of bugs in every vulnerability class is listed under
- 24 Elevation of Privilege Vulnerabilities
- 3 Safety Characteristic Bypass Vulnerabilities
- 18 Distant Code Execution Vulnerabilities
- 6 Info Disclosure Vulnerabilities
- 6 Denial of Service Vulnerabilities
- 2 Spoofing Vulnerabilities
The entire depend of 60 flaws doesn’t embrace 4 Microsoft Edge flaws fastened on March seventh.
Moreover, Microsoft didn’t disclose any zero-days as a part of at the moment’s Patch Tuesday updates.
Flaws of curiosity
This month’s Patch Tuesday doesn’t repair any zero-day vulnerabilities however does embrace some attention-grabbing flaws, which now we have listed under.
CVE-2024-26199 – Microsoft Workplace Elevation of Privilege Vulnerability
Microsoft has fastened a Workplace vulnerability permitting any authenticated person to realize SYSTEM privileges.
“Any authenticated person might set off this vulnerability. It doesn’t require admin or different elevated privileges,” explains Microsoft.
The flaw was found by Iván Almuiña from Hacking Company Sàrl.
CVE-2024-20671 – Microsoft Defender Safety Characteristic Bypass Vulnerability
Microsoft has fastened a Microsoft Defender vulnerability that would
“An authenticated attacker who efficiently exploited this vulnerability might stop Microsoft Defender from beginning,” explains Microsoft.
Nevertheless, this might be resolved by Home windows Defender Antimalware Platform updates which are mechanically put in on Home windows units.
This flaw is fastened in model 4.18.24010.12 of the Antimalware Platform.
Microsoft says that this flaw was found by Manuel Feifel with Infoguard (Vurex).
CVE-2024-21411 – Skype for Shopper Distant Code Execution Vulnerability
Microsoft has fastened a distant code execution vulnerability Skype for Shopper that may be triggered by a malicious hyperlink or picture.
“An attacker might exploit the vulnerability by sending the person a malicious hyperlink or a malicious picture by way of Instantaneous Message after which convincing the person to click on the hyperlink or picture,” explains Microsoft.
Microsoft says this flaw was found by Hector Peralta and Nicole Armua working with Development Micro Zero Day Initiative.
Current updates from different corporations
Different distributors who launched updates or advisories in March 2024 embrace:
The March 2024 Patch Tuesday Safety Updates
Under is the whole checklist of resolved vulnerabilities within the March 2024 Patch Tuesday updates.
To entry the complete description of every vulnerability and the methods it impacts, you possibly can view the complete report right here.
| Tag | CVE ID | CVE Title | Severity |
|---|---|---|---|
| .NET | CVE-2024-21392 | .NET and Visible Studio Denial of Service Vulnerability | Vital |
| Azure Data Studio | CVE-2024-26203 | Azure Data Studio Elevation of Privilege Vulnerability | Vital |
| Azure SDK | CVE-2024-21421 | Azure SDK Spoofing Vulnerability | Vital |
| Intel | CVE-2023-28746 | Intel: CVE-2023-28746 Register File Data Sampling (RFDS) | Vital |
| Microsoft Authenticator | CVE-2024-21390 | Microsoft Authenticator Elevation of Privilege Vulnerability | Vital |
| Microsoft Azure Kubernetes Service | CVE-2024-21400 | Microsoft Azure Kubernetes Service Confidential Container Elevation of Privilege Vulnerability | Vital |
| Microsoft Django Backend for SQL Server | CVE-2024-26164 | Microsoft Django Backend for SQL Server Distant Code Execution Vulnerability | Vital |
| Microsoft Dynamics | CVE-2024-21419 | Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | Vital |
| Microsoft Edge (Chromium-based) | CVE-2024-2174 | Chromium: CVE-2024-2174 Inappropriate implementation in V8 | Unknown |
| Microsoft Edge (Chromium-based) | CVE-2024-2173 | Chromium: CVE-2024-2173 Out of bounds reminiscence entry in V8 | Unknown |
| Microsoft Edge (Chromium-based) | CVE-2024-2176 | Chromium: CVE-2024-2176 Use after free in FedCM | Unknown |
| Microsoft Edge for Android | CVE-2024-26167 | Microsoft Edge for Android Spoofing Vulnerability | Unknown |
| Microsoft Change Server | CVE-2024-26198 | Microsoft Change Server Distant Code Execution Vulnerability | Vital |
| Microsoft Graphics Part | CVE-2024-21437 | Home windows Graphics Part Elevation of Privilege Vulnerability | Vital |
| Microsoft Intune | CVE-2024-26201 | Microsoft Intune Linux Agent Elevation of Privilege Vulnerability | Vital |
| Microsoft Workplace | CVE-2024-26199 | Microsoft Workplace Elevation of Privilege Vulnerability | Vital |
| Microsoft Workplace SharePoint | CVE-2024-21426 | Microsoft SharePoint Server Distant Code Execution Vulnerability | Vital |
| Microsoft QUIC | CVE-2024-26190 | Microsoft QUIC Denial of Service Vulnerability | Vital |
| Microsoft Groups for Android | CVE-2024-21448 | Microsoft Groups for Android Info Disclosure Vulnerability | Vital |
| Microsoft WDAC ODBC Driver | CVE-2024-21451 | Microsoft ODBC Driver Distant Code Execution Vulnerability | Vital |
| Microsoft WDAC OLE DB supplier for SQL | CVE-2024-21441 | Microsoft WDAC OLE DB supplier for SQL Server Distant Code Execution Vulnerability | Vital |
| Microsoft WDAC OLE DB supplier for SQL | CVE-2024-26161 | Microsoft WDAC OLE DB supplier for SQL Server Distant Code Execution Vulnerability | Vital |
| Microsoft WDAC OLE DB supplier for SQL | CVE-2024-26166 | Microsoft WDAC OLE DB supplier for SQL Server Distant Code Execution Vulnerability | Vital |
| Microsoft WDAC OLE DB supplier for SQL | CVE-2024-21444 | Microsoft WDAC OLE DB supplier for SQL Server Distant Code Execution Vulnerability | Vital |
| Microsoft WDAC OLE DB supplier for SQL | CVE-2024-21450 | Microsoft WDAC OLE DB supplier for SQL Server Distant Code Execution Vulnerability | Vital |
| Microsoft Home windows SCSI Class System File | CVE-2024-21434 | Microsoft Home windows SCSI Class System File Elevation of Privilege Vulnerability | Vital |
| Open Administration Infrastructure | CVE-2024-21330 | Open Administration Infrastructure (OMI) Elevation of Privilege Vulnerability | Vital |
| Open Administration Infrastructure | CVE-2024-21334 | Open Administration Infrastructure (OMI) Distant Code Execution Vulnerability | Vital |
| Outlook for Android | CVE-2024-26204 | Outlook for Android Info Disclosure Vulnerability | Vital |
| Function: Home windows Hyper-V | CVE-2024-21407 | Home windows Hyper-V Distant Code Execution Vulnerability | Important |
| Function: Home windows Hyper-V | CVE-2024-21408 | Home windows Hyper-V Denial of Service Vulnerability | Important |
| Skype for Shopper | CVE-2024-21411 | Skype for Shopper Distant Code Execution Vulnerability | Vital |
| Software program for Open Networking within the Cloud (SONiC) | CVE-2024-21418 | Software program for Open Networking within the Cloud (SONiC) Elevation of Privilege Vulnerability | Vital |
| Visible Studio Code | CVE-2024-26165 | Visible Studio Code Elevation of Privilege Vulnerability | Vital |
| Home windows AllJoyn API | CVE-2024-21438 | Microsoft AllJoyn API Denial of Service Vulnerability | Vital |
| Home windows Cloud Recordsdata Mini Filter Driver | CVE-2024-26160 | Home windows Cloud Recordsdata Mini Filter Driver Info Disclosure Vulnerability | Vital |
| Home windows Composite Picture File System | CVE-2024-26170 | Home windows Composite Picture File System (CimFS) Elevation of Privilege Vulnerability | Vital |
| Home windows Compressed Folder | CVE-2024-26185 | Home windows Compressed Folder Tampering Vulnerability | Vital |
| Home windows Defender | CVE-2024-20671 | Microsoft Defender Safety Characteristic Bypass Vulnerability | Vital |
| Home windows Error Reporting | CVE-2024-26169 | Home windows Error Reporting Service Elevation of Privilege Vulnerability | Vital |
| Home windows Hypervisor-Protected Code Integrity | CVE-2024-21431 | Hypervisor-Protected Code Integrity (HVCI) Safety Characteristic Bypass Vulnerability | Vital |
| Home windows Installer | CVE-2024-21436 | Home windows Installer Elevation of Privilege Vulnerability | Vital |
| Home windows Kerberos | CVE-2024-21427 | Home windows Kerberos Safety Characteristic Bypass Vulnerability | Vital |
| Home windows Kernel | CVE-2024-26177 | Home windows Kernel Info Disclosure Vulnerability | Vital |
| Home windows Kernel | CVE-2024-26176 | Home windows Kernel Elevation of Privilege Vulnerability | Vital |
| Home windows Kernel | CVE-2024-26174 | Home windows Kernel Info Disclosure Vulnerability | Vital |
| Home windows Kernel | CVE-2024-26182 | Home windows Kernel Elevation of Privilege Vulnerability | Vital |
| Home windows Kernel | CVE-2024-26181 | Home windows Kernel Denial of Service Vulnerability | Vital |
| Home windows Kernel | CVE-2024-26178 | Home windows Kernel Elevation of Privilege Vulnerability | Vital |
| Home windows Kernel | CVE-2024-26173 | Home windows Kernel Elevation of Privilege Vulnerability | Vital |
| Home windows Kernel | CVE-2024-21443 | Home windows Kernel Elevation of Privilege Vulnerability | Vital |
| Home windows NTFS | CVE-2024-21446 | NTFS Elevation of Privilege Vulnerability | Vital |
| Home windows ODBC Driver | CVE-2024-21440 | Microsoft ODBC Driver Distant Code Execution Vulnerability | Vital |
| Home windows ODBC Driver | CVE-2024-26162 | Microsoft ODBC Driver Distant Code Execution Vulnerability | Vital |
| Home windows ODBC Driver | CVE-2024-26159 | Microsoft ODBC Driver Distant Code Execution Vulnerability | Vital |
| Home windows OLE | CVE-2024-21435 | Home windows OLE Distant Code Execution Vulnerability | Vital |
| Home windows Print Spooler Elements | CVE-2024-21433 | Home windows Print Spooler Elevation of Privilege Vulnerability | Vital |
| Home windows Requirements-Based mostly Storage Administration Service | CVE-2024-26197 | Home windows Requirements-Based mostly Storage Administration Service Denial of Service Vulnerability | Vital |
| Home windows Telephony Server | CVE-2024-21439 | Home windows Telephony Server Elevation of Privilege Vulnerability | Vital |
| Home windows Replace Stack | CVE-2024-21432 | Home windows Replace Stack Elevation of Privilege Vulnerability | Vital |
| Home windows USB Hub Driver | CVE-2024-21429 | Home windows USB Hub Driver Distant Code Execution Vulnerability | Vital |
| Home windows USB Print Driver | CVE-2024-21442 | Home windows USB Print Driver Elevation of Privilege Vulnerability | Vital |
| Home windows USB Print Driver | CVE-2024-21445 | Home windows USB Print Driver Elevation of Privilege Vulnerability | Vital |
| Home windows USB Serial Driver | CVE-2024-21430 | Home windows USB Connected SCSI (UAS) Protocol Distant Code Execution Vulnerability | Vital |
