HomeVulnerabilityMicrosoft March 2024 Patch Tuesday fixes 60 flaws, 18 RCE bugs

Microsoft March 2024 Patch Tuesday fixes 60 flaws, 18 RCE bugs

Immediately is Microsoft’s March 2024 Patch Tuesday, and security updates have been launched for 60 vulnerabilities, together with eighteen distant code execution flaws.

This Patch Tuesday fixes solely two important vulnerabilities: Hyper-V distant code execution and denial of service flaws.

The variety of bugs in every vulnerability class is listed under

  • 24 Elevation of Privilege Vulnerabilities
  • 3 Safety Characteristic Bypass Vulnerabilities
  • 18 Distant Code Execution Vulnerabilities
  • 6 Info Disclosure Vulnerabilities
  • 6 Denial of Service Vulnerabilities
  • 2 Spoofing Vulnerabilities

The entire depend of 60 flaws doesn’t embrace 4 Microsoft Edge flaws fastened on March seventh.

Moreover, Microsoft didn’t disclose any zero-days as a part of at the moment’s Patch Tuesday updates.

Flaws of curiosity

This month’s Patch Tuesday doesn’t repair any zero-day vulnerabilities however does embrace some attention-grabbing flaws, which now we have listed under.

CVE-2024-26199 – Microsoft Workplace Elevation of Privilege Vulnerability

Microsoft has fastened a Workplace vulnerability permitting any authenticated person to realize SYSTEM privileges.

“Any authenticated person might set off this vulnerability. It doesn’t require admin or different elevated privileges,” explains Microsoft.

The flaw was found by Iván Almuiña from Hacking Company Sàrl.

CVE-2024-20671 – Microsoft Defender Safety Characteristic Bypass Vulnerability

Microsoft has fastened a Microsoft Defender vulnerability that would 

“An authenticated attacker who efficiently exploited this vulnerability might stop Microsoft Defender from beginning,” explains Microsoft.

Nevertheless, this might be resolved by Home windows Defender Antimalware Platform updates which are mechanically put in on Home windows units.

This flaw is fastened in model 4.18.24010.12 of the Antimalware Platform.

Microsoft says that this flaw was found by Manuel Feifel with Infoguard (Vurex).

CVE-2024-21411 – Skype for Shopper Distant Code Execution Vulnerability

Microsoft has fastened a distant code execution vulnerability Skype for Shopper that may be triggered by a malicious hyperlink or picture.

“An attacker might exploit the vulnerability by sending the person a malicious hyperlink or a malicious picture by way of Instantaneous Message after which convincing the person to click on the hyperlink or picture,” explains Microsoft.

Microsoft says this flaw was found by Hector Peralta  and Nicole Armua working with Development Micro Zero Day Initiative.

See also  New Marvin assault revives 25-year-old decryption flaw in RSA

Current updates from different corporations

Different distributors who launched updates or advisories in March 2024 embrace:

The March 2024 Patch Tuesday Safety Updates

Under is the whole checklist of resolved vulnerabilities within the March 2024 Patch Tuesday updates.

To entry the complete description of every vulnerability and the methods it impacts, you possibly can view the complete report right here.

Tag CVE ID CVE Title Severity
.NET CVE-2024-21392 .NET and Visible Studio Denial of Service Vulnerability Vital
Azure Data Studio CVE-2024-26203 Azure Data Studio Elevation of Privilege Vulnerability Vital
Azure SDK CVE-2024-21421 Azure SDK Spoofing Vulnerability Vital
Intel CVE-2023-28746 Intel: CVE-2023-28746 Register File Data Sampling (RFDS) Vital
Microsoft Authenticator CVE-2024-21390 Microsoft Authenticator Elevation of Privilege Vulnerability Vital
Microsoft Azure Kubernetes Service CVE-2024-21400 Microsoft Azure Kubernetes Service Confidential Container Elevation of Privilege Vulnerability Vital
Microsoft Django Backend for SQL Server CVE-2024-26164 Microsoft Django Backend for SQL Server Distant Code Execution Vulnerability Vital
Microsoft Dynamics CVE-2024-21419 Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability Vital
Microsoft Edge (Chromium-based) CVE-2024-2174 Chromium: CVE-2024-2174 Inappropriate implementation in V8 Unknown
Microsoft Edge (Chromium-based) CVE-2024-2173 Chromium: CVE-2024-2173 Out of bounds reminiscence entry in V8 Unknown
Microsoft Edge (Chromium-based) CVE-2024-2176 Chromium: CVE-2024-2176 Use after free in FedCM Unknown
Microsoft Edge for Android CVE-2024-26167 Microsoft Edge for Android Spoofing Vulnerability Unknown
Microsoft Change Server CVE-2024-26198 Microsoft Change Server Distant Code Execution Vulnerability Vital
Microsoft Graphics Part CVE-2024-21437 Home windows Graphics Part Elevation of Privilege Vulnerability Vital
Microsoft Intune CVE-2024-26201 Microsoft Intune Linux Agent Elevation of Privilege Vulnerability Vital
Microsoft Workplace CVE-2024-26199 Microsoft Workplace Elevation of Privilege Vulnerability Vital
Microsoft Workplace SharePoint CVE-2024-21426 Microsoft SharePoint Server Distant Code Execution Vulnerability Vital
Microsoft QUIC CVE-2024-26190 Microsoft QUIC Denial of Service Vulnerability Vital
Microsoft Groups for Android CVE-2024-21448 Microsoft Groups for Android Info Disclosure Vulnerability Vital
Microsoft WDAC ODBC Driver CVE-2024-21451 Microsoft ODBC Driver Distant Code Execution Vulnerability Vital
Microsoft WDAC OLE DB supplier for SQL CVE-2024-21441 Microsoft WDAC OLE DB supplier for SQL Server Distant Code Execution Vulnerability Vital
Microsoft WDAC OLE DB supplier for SQL CVE-2024-26161 Microsoft WDAC OLE DB supplier for SQL Server Distant Code Execution Vulnerability Vital
Microsoft WDAC OLE DB supplier for SQL CVE-2024-26166 Microsoft WDAC OLE DB supplier for SQL Server Distant Code Execution Vulnerability Vital
Microsoft WDAC OLE DB supplier for SQL CVE-2024-21444 Microsoft WDAC OLE DB supplier for SQL Server Distant Code Execution Vulnerability Vital
Microsoft WDAC OLE DB supplier for SQL CVE-2024-21450 Microsoft WDAC OLE DB supplier for SQL Server Distant Code Execution Vulnerability Vital
Microsoft Home windows SCSI Class System File CVE-2024-21434 Microsoft Home windows SCSI Class System File Elevation of Privilege Vulnerability Vital
Open Administration Infrastructure CVE-2024-21330 Open Administration Infrastructure (OMI) Elevation of Privilege Vulnerability Vital
Open Administration Infrastructure CVE-2024-21334 Open Administration Infrastructure (OMI) Distant Code Execution Vulnerability Vital
Outlook for Android CVE-2024-26204 Outlook for Android Info Disclosure Vulnerability Vital
Function: Home windows Hyper-V CVE-2024-21407 Home windows Hyper-V Distant Code Execution Vulnerability Important
Function: Home windows Hyper-V CVE-2024-21408 Home windows Hyper-V Denial of Service Vulnerability Important
Skype for Shopper CVE-2024-21411 Skype for Shopper Distant Code Execution Vulnerability Vital
Software program for Open Networking within the Cloud (SONiC) CVE-2024-21418 Software program for Open Networking within the Cloud (SONiC) Elevation of Privilege Vulnerability Vital
Visible Studio Code CVE-2024-26165 Visible Studio Code Elevation of Privilege Vulnerability Vital
Home windows AllJoyn API CVE-2024-21438 Microsoft AllJoyn API Denial of Service Vulnerability Vital
Home windows Cloud Recordsdata Mini Filter Driver CVE-2024-26160 Home windows Cloud Recordsdata Mini Filter Driver Info Disclosure Vulnerability Vital
Home windows Composite Picture File System CVE-2024-26170 Home windows Composite Picture File System (CimFS) Elevation of Privilege Vulnerability Vital
Home windows Compressed Folder CVE-2024-26185 Home windows Compressed Folder Tampering Vulnerability Vital
Home windows Defender CVE-2024-20671 Microsoft Defender Safety Characteristic Bypass Vulnerability Vital
Home windows Error Reporting CVE-2024-26169 Home windows Error Reporting Service Elevation of Privilege Vulnerability Vital
Home windows Hypervisor-Protected Code Integrity CVE-2024-21431 Hypervisor-Protected Code Integrity (HVCI) Safety Characteristic Bypass Vulnerability Vital
Home windows Installer CVE-2024-21436 Home windows Installer Elevation of Privilege Vulnerability Vital
Home windows Kerberos CVE-2024-21427 Home windows Kerberos Safety Characteristic Bypass Vulnerability Vital
Home windows Kernel CVE-2024-26177 Home windows Kernel Info Disclosure Vulnerability Vital
Home windows Kernel CVE-2024-26176 Home windows Kernel Elevation of Privilege Vulnerability Vital
Home windows Kernel CVE-2024-26174 Home windows Kernel Info Disclosure Vulnerability Vital
Home windows Kernel CVE-2024-26182 Home windows Kernel Elevation of Privilege Vulnerability Vital
Home windows Kernel CVE-2024-26181 Home windows Kernel Denial of Service Vulnerability Vital
Home windows Kernel CVE-2024-26178 Home windows Kernel Elevation of Privilege Vulnerability Vital
Home windows Kernel CVE-2024-26173 Home windows Kernel Elevation of Privilege Vulnerability Vital
Home windows Kernel CVE-2024-21443 Home windows Kernel Elevation of Privilege Vulnerability Vital
Home windows NTFS CVE-2024-21446 NTFS Elevation of Privilege Vulnerability Vital
Home windows ODBC Driver CVE-2024-21440 Microsoft ODBC Driver Distant Code Execution Vulnerability Vital
Home windows ODBC Driver CVE-2024-26162 Microsoft ODBC Driver Distant Code Execution Vulnerability Vital
Home windows ODBC Driver CVE-2024-26159 Microsoft ODBC Driver Distant Code Execution Vulnerability Vital
Home windows OLE CVE-2024-21435 Home windows OLE Distant Code Execution Vulnerability Vital
Home windows Print Spooler Elements CVE-2024-21433 Home windows Print Spooler Elevation of Privilege Vulnerability Vital
Home windows Requirements-Based mostly Storage Administration Service CVE-2024-26197 Home windows Requirements-Based mostly Storage Administration Service Denial of Service Vulnerability Vital
Home windows Telephony Server CVE-2024-21439 Home windows Telephony Server Elevation of Privilege Vulnerability Vital
Home windows Replace Stack CVE-2024-21432 Home windows Replace Stack Elevation of Privilege Vulnerability Vital
Home windows USB Hub Driver CVE-2024-21429 Home windows USB Hub Driver Distant Code Execution Vulnerability Vital
Home windows USB Print Driver CVE-2024-21442 Home windows USB Print Driver Elevation of Privilege Vulnerability Vital
Home windows USB Print Driver CVE-2024-21445 Home windows USB Print Driver Elevation of Privilege Vulnerability Vital
Home windows USB Serial Driver CVE-2024-21430 Home windows USB Connected SCSI (UAS) Protocol Distant Code Execution Vulnerability Vital
See also  Proof-of-Idea Exploit Launched for Progress Software program OpenEdge Vulnerability
- Advertisment -spot_img
RELATED ARTICLES

LEAVE A REPLY

Please enter your comment!
Please enter your name here

- Advertisment -

Most Popular