5 Things To Know On Microsoft’s ‘Patch Tuesday’ For March 2024
The tech giant releases fixes for two critical vulnerabilities but discloses a ‘relatively low volume’ overall, according to a Trend Micro researcher.
Microsoft released fixes Tuesday for two critical vulnerabilities but disclosed a “relatively low volume” of issues overall as part of its March patch release, according to a Trend Micro researcher.
The flaws received patches as part of Microsoft’s monthly release of bug fixes, popularly known as “Patch Tuesday.”
[Related: CISA Warns Of Microsoft Streaming, Cisco NX-OS Vulnerabilities]
What follows are five things to know about Microsoft’s “Patch Tuesday” release for March 2024.
59 New Patches Released
Microsoft released a total of 59 new patches Tuesday as part of the monthly update, which “is a relatively low volume for March,” wrote Dustin Childs, head of threat awareness for Trend Micro’s Zero Day Initiative, in a blog post.
As usual, the patches address vulnerabilities (tracked as CVEs, or Common Vulnerabilities and Exposures) that affect numerous Microsoft product segments. Those include Windows, Office, Azure, .NET Framework, Visual Studio, SQL Server, Hyper-V and Dynamics.
Eighteen of the vulnerabilities could potentially be exploited to enable remote code execution and 24 of the vulnerabilities could enable privilege elevation, according to the Zero Day Initiative listing of the flaws.
Lack Of Exploits So Far
While Microsoft frequently discloses that some of the zero-day vulnerabilities addressed during Patch Tuesday have already been exploited, that’s not the case for March, according to the company.
“None of the CVEs released today are listed as publicly known or under active attack, but that could change,” Childs wrote, noting that following Microsoft’s bug fixes release for February the company “revised multiple updates to indicate they were being actively exploited.”
However, “for now, nothing is listed as [exploited] in the wild,” he said.
Critical Hyper-V Vulnerability
Two vulnerabilities have been rated as “critical” severity issues, according to Microsoft.
A remote code execution vulnerability affecting Windows Hyper-V (and tracked as CVE-2024-21407) could potentially enable an authenticated user on a guest operating system to remotely execute code on the host operating system, according to Childs.
The vulnerability poses a major risk of enabling compromise of both the full virtualization environment and the guest operating systems that are running on the impacted server, said Saeed Abbasi, manager for vulnerability research at Qualys, in an email.
Critical OMI Vulnerability
The second critical-severity vulnerability, which also enables remote code execution, impacts Microsoft’s Open Management Infrastructure and is tracked at CVE-2024-21334.
The bug can allow unauthenticated users to remotely execute code on OMI instances over the internet, according to Microsoft. “It’s not clear how many of these systems are reachable through the internet, but it’s likely a significant number,” Childs wrote.
Other Notable Vulnerabilities
Among the other vulnerabilities discussed by Childs is a remote code execution flaw impacting Microsoft Exchange (tracked at CVE-2024-26198).
The vulnerability is a “classic” DLL (dynamic link library) bug, where a threat actor “places a specially crafted file in a location they control” and then tries to entice a user into opening the file, he wrote.
Childs also pinpointed a privilege elevation flaw impacting Azure Kubernetes Service Confidential Container (tracked at CVE-2024-21400).
“This bug allows an unauthenticated attacker to access the untrusted AKS Kubernetes node and AKS Confidential Container to take over confidential guests and containers. Successful exploitation would allow the attacker to steal credentials and affect other resources,” he wrote, noting that several complexities mean that “patching won’t be straightforward” to address the issue.