Vulnerabilities

Microsoft Patch Tuesday 2024: Major Fixes And Recommendations

Additionally, Microsoft has addressed vulnerabilities in Windows 11, SharePoint, and the Windows Print Spooler service.

by Ashish Khaitan March 13, 2024 in Firewall Daily, Vulnerabilities Reading Time: 19 mins read 0

615 SHARES 3.4k VIEWS Share on LinkedInShare on Twitter

March 2024 brings a fresh focus on cybersecurity as Microsoft rolls out its latest set of patches, addressing 61 vulnerabilities in the update.

This regular security update from Microsoft aims to fortify the security of its systems against potential threats and attacks. Notably, this month's does not reveal any zero-day vulnerabilities. However, it includes fixes for several critical issues that could potentially be exploited by cyber attackers if left unaddressed.

Among the vulnerabilities patched are those impacting various Microsoft products, including Windows, Azure, Skype for Consumer, Microsoft Defender, and Microsoft Office.

Microsoft Patch Tuesday 2024 Update: The Most Critical Vulnerabilities

Tag CVE Base Score
Windows Defender 5.5
Open Management Infrastructure CVE-2024-21330 7.8
Open Management Infrastructure CVE-2024-21334 9.8
Microsoft Authenticator CVE-2024-21390 7.1
.NET CVE-2024-21392 7.5
Microsoft Azure Kubernetes Service 9
Role: Windows Hyper-V 8.1
Role: Windows Hyper-V CVE-2024-21408 5.5
Skype for Consumer 8.8
Software for Open Networking in the Cloud (SONiC) CVE-2024-21418 7.8
Microsoft Dynamics CVE-2024-21419 7.6
Azure SDK CVE-2024-21421 7.5
Microsoft Office SharePoint CVE-2024-21426 7.8
Windows Kerberos CVE-2024-21427 7.5
Windows USB Hub Driver CVE-2024-21429 6.8
Windows USB Serial Driver CVE-2024-21430 5.7
Windows Hypervisor-Protected Code Integrity CVE-2024-21431 7.8
Windows Update Stack CVE-2024-21432 7
Windows Print Spooler Components CVE-2024-21433 7
Microsoft Windows SCSI Class System File CVE-2024-21434 7.8
Windows OLE CVE-2024-21435 8.8
Windows Installer CVE-2024-21436 7.8
Microsoft Graphics Component CVE-2024-21437 7.8
Windows AllJoyn API CVE-2024-21438 7.5
Windows Telephony Server CVE-2024-21439 7
Windows ODBC Driver CVE-2024-21440 8.8
Microsoft WDAC OLE DB provider for SQL CVE-2024-21441 8.8
Windows USB Print Driver CVE-2024-21442 7.8
Windows Kernel CVE-2024-21443 7.3
Microsoft WDAC OLE DB provider for SQL CVE-2024-21444 8.8
Windows USB Print Driver CVE-2024-21445 7
Windows NTFS CVE-2024-21446 7.8
Microsoft Teams for Android CVE-2024-21448 5
Microsoft WDAC OLE DB provider for SQL CVE-2024-21450 8.8
Microsoft WDAC ODBC Driver CVE-2024-21451 8.8
Windows ODBC Driver CVE-2024-26159 8.8
Windows Cloud Files Mini Filter Driver CVE-2024-26160 5.5
Microsoft WDAC OLE DB provider for SQL CVE-2024-26161 8.8
Windows ODBC Driver CVE-2024-26162 8.8
SQL Server CVE-2024-26164 8.8
Visual Studio Code CVE-2024-26165 8.8
Microsoft WDAC OLE DB provider for SQL CVE-2024-26166 8.8
Microsoft Edge for Android CVE-2024-26167 4.3
Windows Error Reporting CVE-2024-26169 7.8
Windows Composite Image File System CVE-2024-26170 7.8
Windows Kernel CVE-2024-26173 7.8
Windows Kernel CVE-2024-26174 5.5
Windows Kernel CVE-2024-26176 7.8
Windows Kernel CVE-2024-26177 5.5
Windows Kernel CVE-2024-26178 7.8
Windows Kernel CVE-2024-26181 5.5
Windows Kernel CVE-2024-26182 7.8
Windows Compressed Folder CVE-2024-26185 6.5
Microsoft QUIC CVE-2024-26190 7.5
Windows Standards-Based Storage Management Service CVE-2024-26197 6.5
Microsoft Exchange Server CVE-2024-26198 8.8
Microsoft Office CVE-2024-26199 7.8
Microsoft Intune CVE-2024-26201 6.6
Azure Data Studio CVE-2024-26203 7.3
Outlook for Android CVE-2024-26204 7.5

One of the most critical vulnerabilities addressed in this Microsoft Patch Tuesday 2024 update is a remote code execution (RCE) flaw in Windows, which could enable a virtual machine to escape from a Hyper-V guest.

This particular vulnerability, labeled as CVE-2024-21407, presents a high level of complexity for attackers, requiring them to gather specific information about the environment and execute a series of preparatory steps. Once exploited, attackers could gain unauthorized access to the Hyper-V host, posing a significant risk to system integrity.

Another noteworthy fix is for Skype for Consumer, addressing a remote code execution vulnerability (CVE-2024-21411) that could be triggered through malicious links or images sent via Instant Message. This flaw, discovered by Hector Peralta and Nicole Armua in collaboration with Trend Micro Zero Day Initiative, highlights the importance of staying up to date against social engineering tactics employed by cybercriminals.

Furthermore, Microsoft has patched vulnerabilities affecting its Azure Kubernetes Service (CVE-2024-21400), Microsoft Defender (CVE-2024-20671), and Microsoft Office (CVE-2024-26199), among others. These fixes aim to mitigate various risks, including elevation of privilege, security feature bypass, and confidential container compromise.

APT Groups Exploiting Microsoft Vulnerabilities

In a conversation with TCE, Satnam Narang, Senior Staff Research Engineer, Tenable, shared his take on the Microsoft Patch Tuesday 2024 update, noting, “Of the 60 CVEs patched…only six are considered more likely to be exploited.” He highlighted elevation of privilege vulnerabilities such as CVE-2024-26182 and CVE-2024-26170, often exploited by advanced persistent threat (APT) groups for espionage.

Narang explained that while some vulnerabilities require social engineering, like CVE-2024-21426 in Microsoft SharePoint Server, they still pose a threat if attackers can manipulate users. Notably, CVE-2024-21390, an elevation of privilege flaw in Microsoft Authenticator, allows attackers with device access to bypass multi-factor authentication, emphasizing the importance of device security.

Narang also observed a decrease in CVEs patched in 2024 compared to previous years, suggesting a shift in cybersecurity trends, stating, “The first quarter of Patch Tuesday in 2024 has been quieter compared to the last four years.”

Security Updates for Other Microsoft Products

CNA Tag CVE
Intel Corporation Intel CVE-2023-28746
Chrome Microsoft Edge (Chromium-based) CVE-2024-2173
Chrome Microsoft Edge (Chromium-based) CVE-2024-2174
Chrome Microsoft Edge (Chromium-based) CVE-2024-2176

Additionally, Microsoft has addressed vulnerabilities in Windows 11, SharePoint, and the Windows Print Spooler service, targeting issues such as compressed folder tampering and elevation to SYSTEM privileges. These fixes are crucial for maintaining the overall security posture of Windows-based systems and preventing potential exploitation by malicious actors.

While no prior public disclosure or exploitation in the wild has been reported for the vulnerabilities patched in this update, it's essential for users and administrators to promptly apply the patches to mitigate any potential risks. 

Windows updates ensure device security and productivity, catering to both IT administrators and general users. These monthly updates, released on “Patch Tuesday,” consolidate security and non-security fixes to maintain device integrity. 

Through channels like Windows Update and Microsoft Intune, users receive mandatory security updates. Additionally, optional non-security preview releases, available a week before security updates, offer advanced features. Out-of-band releases address critical issues promptly. 

With Windows 11, continuous innovation arrives through phased rollouts, allowing users to control feature releases. Microsoft optimizes update processes for reliability, ensuring a seamless user experience while prioritizing device security and performance.

Source

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button