March 12, 2024 at 06:13PM
Microsoft’s March Patch Tuesday update addresses 60 unique CVEs, with only two rated as “critical”. Both affect Windows Hyper-V: CVE-2024-21407, a remote code execution (RCE) bug, and CVE-2024-21408, a denial-of-service (DoS) vulnerability. The update also includes fixes for 18 RCE and two dozen elevation-of-privilege vulnerabilities, requiring immediate attention. Notably, this month sees a decrease in fixed vulnerabilities compared to last month.
After reviewing the meeting notes, here are the key takeaways:
– Microsoft released a security update for March containing patches for 60 unique CVEs, which is a decrease from the previous month’s 74 updates.
– Among the CVEs, two critical vulnerabilities affect the Windows Hyper-V virtualization technology: CVE-2024-21407, a remote code execution (RCE) bug, and CVE-2024-21408, a denial-of-service (DoS) vulnerability.
– The update includes fixes for a total of 18 RCE flaws and two dozen elevation-of-privilege vulnerabilities, some allowing threat actors to gain administrative control of affected systems.
– Notably, even vulnerabilities assessed by Microsoft as “important” have severity scores exceeding 9.0 out of 10 on the CVSS vulnerability severity scale due to their potential impact if abused.
– There were no zero-day vulnerabilities or proofs of concept (PoCs) disclosed, marking a period of relative calm.
– The RCE bug in Hyper-V allows attackers to take complete control of affected systems, while the DoS vulnerability can render the Hyper-V service unusable, potentially disrupting critical business operations.
– Six of the disclosed vulnerabilities, including CVE-2024-26182 in the Windows Kernel, are expected to be of more interest to advanced persistent threat (APT) actors for espionage-related objectives.
– A high-severity bug rated as “important,” CVE-2024-21334, in Open Management Infrastructure (OMI), poses significant risk and should be a high-priority patch due to its potential impact on managing IT environments.
– CVE-2024-20671, a Microsoft Defender security feature bypass flaw, and CVE-2024-21421, a spoofing vulnerability in Azure SDK, are two other flaws deserving higher attention than their “important” ratings would suggest.
– The past three months have seen a reduction in the number of CVEs patched by Microsoft compared to previous years.
These takeaways provide a clear understanding of the critical issues addressed by Microsoft’s security update for March and highlight the importance of promptly addressing the identified vulnerabilities to mitigate potential risks and protect systems.