Microsoft has rolled out its latest batch of security fixes for March 2024 Patch Tuesday, addressing a total of 59 CVE-numbered vulnerabilities. The good news is that none of these vulnerabilities are currently known to be publicly exploited, offering a sigh of relief to users and administrators alike.
However, the memory of last month’s post-Patch Tuesday exploits is still fresh. In a recent update, Microsoft revealed that two vulnerabilities, previously unknown to the public, were indeed being actively exploited. One of these, identified as CVE-2024-21338, was an elevation of privilege flaw in the Windows Kernel, originally reported by researchers at Avast. Shockingly, it had been exploited by North Korean hackers for several months before Microsoft issued a patch. This incident highlights the utmost importance of timely addressing security loopholes to prevent exploitation.
Significant Vulnerabilities Fixed in March 2024 Patch Tuesday
Two critical vulnerabilities affecting Windows Hyper-V stand out. CVE-2024-21407 enables remote code execution (RCE) through a guest-to-host escape, while CVE-2024-21408 addresses a denial of service (DoS) vulnerability. Despite the seeming disparity in severity, both vulnerabilities need immediate attention, urging administrators to update Windows systems running the hypervisor.
Dustin Childs, head of threat awareness at Trend Micro’s Zero Day Initiative, highlights CVE-2024-26198 as another significant vulnerability. This unauthenticated RCE flaw affecting Microsoft Exchange Server exploits DLL loading, potentially leading to code execution. The patch is included in cumulative updates for Microsoft Exchange Server 2016 and 2019, ensuring protection for Exchange Online customers.
In addition, CVE-2024-21400, an elevation of privilege vulnerability affecting Azure Kubernetes Service (AKS) Confidential Containers, poses a serious threat. Unauthenticated attackers could exploit this vulnerability to compromise systems.
Satnam Narang, senior staff research engineer at Tenable, emphasizes six vulnerabilities patched by Microsoft as “more likely” to be exploited. These include elevation of privilege vulnerabilities in Windows Kernel, Windows Composite Image File System, Windows Graphics Component, and Windows Print Spooler. Narang also draws attention to CVE-2024-21390, an elevation of privilege flaw in Microsoft Authenticator. While less likely to be exploited, this flaw could have severe repercussions if leveraged by attackers already present on the victim’s device.
Milena Dimitrova
An inspired writer and content manager who has been with SensorsTechForum since the project started. A professional with 10+ years of experience in creating engaging content. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles! Follow Milena @Milenyim
Follow Me: