Microsoft releases March 2024 patch package, fixes two critical issues in Hyper-V
Take action: This month focus on updating your Windows OS, patch the Hyper-V critical issues and update Edge and Teams on all devices. Even though there are no immediate attacks, even Microsoft expects them to start.
Learn More
In it's March 2024 update Microsoft addressed a total of 59 Common Vulnerabilities and Exposures (CVEs), with a significant focus on Windows, which had 41 vulnerabilities patched. Of these CVEs, only two were classified as Critical, both located within Windows' Hyper-V feature.
Despite the potential severity of these vulnerabilities, at the time of the patch release, there were no known cases of these issues being publicly disclosed or exploited in the wild.
Microsoft advises that users focus on the critical issues and on patching Windows, Edge and Teams since there
The patch update not only addressed vulnerabilities in Windows but also extended to cover a broad array of Microsoft products, impacting 20 different product groups or tools. This extensive coverage underscores the importance of the updates in securing the Microsoft ecosystem against potential threats.
Additionally, the patch update provided advisory information on four patches related to the Edge browser, with three of these CVEs attributed to the Chrome team, illustrating the collaborative nature of security within the software industry.
The list of all patched issues:
| Tag | CVE ID | CVE Title | Severity |
|---|---|---|---|
| .NET | CVE-2024-21392 | .NET and Visual Studio Denial of Service Vulnerability | Important |
| Azure Data Studio | CVE-2024-26203 | Azure Data Studio Elevation of Privilege Vulnerability | Important |
| Azure SDK | CVE-2024-21421 | Azure SDK Spoofing Vulnerability | Important |
| Intel | CVE-2023-28746 | Intel: CVE-2023-28746 Register File Data Sampling (RFDS) | Important |
| Microsoft Authenticator | CVE-2024-21390 | Microsoft Authenticator Elevation of Privilege Vulnerability | Important |
| Microsoft Azure Kubernetes Service | CVE-2024-21400 | Microsoft Azure Kubernetes Service Confidential Container Elevation of Privilege Vulnerability | Important |
| Microsoft Django Backend for SQL Server | CVE-2024-26164 | Microsoft Django Backend for SQL Server Remote Code Execution Vulnerability | Important |
| Microsoft Dynamics | CVE-2024-21419 | Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | Important |
| Microsoft Edge (Chromium-based) | CVE-2024-2174 | Chromium: CVE-2024-2174 Inappropriate implementation in V8 | Unknown |
| Microsoft Edge (Chromium-based) | CVE-2024-2173 | Chromium: CVE-2024-2173 Out of bounds memory access in V8 | Unknown |
| Microsoft Edge (Chromium-based) | CVE-2024-2176 | Chromium: CVE-2024-2176 Use after free in FedCM | Unknown |
| Microsoft Edge for Android | CVE-2024-26167 | Microsoft Edge for Android Spoofing Vulnerability | Unknown |
| Microsoft Exchange Server | CVE-2024-26198 | Microsoft Exchange Server Remote Code Execution Vulnerability | Important |
| Microsoft Graphics Component | CVE-2024-21437 | Windows Graphics Component Elevation of Privilege Vulnerability | Important |
| Microsoft Intune | CVE-2024-26201 | Microsoft Intune Linux Agent Elevation of Privilege Vulnerability | Important |
| Microsoft Office | CVE-2024-26199 | Microsoft Office Elevation of Privilege Vulnerability | Important |
| Microsoft Office SharePoint | CVE-2024-21426 | Microsoft SharePoint Server Remote Code Execution Vulnerability | Important |
| Microsoft QUIC | CVE-2024-26190 | Microsoft QUIC Denial of Service Vulnerability | Important |
| Microsoft Teams for Android | CVE-2024-21448 | Microsoft Teams for Android Information Disclosure Vulnerability | Important |
| Microsoft WDAC ODBC Driver | CVE-2024-21451 | Microsoft ODBC Driver Remote Code Execution Vulnerability | Important |
| Microsoft WDAC OLE DB provider for SQL | CVE-2024-21441 | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | Important |
| Microsoft WDAC OLE DB provider for SQL | CVE-2024-26161 | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | Important |
| Microsoft WDAC OLE DB provider for SQL | CVE-2024-26166 | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | Important |
| Microsoft WDAC OLE DB provider for SQL | CVE-2024-21444 | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | Important |
| Microsoft WDAC OLE DB provider for SQL | CVE-2024-21450 | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | Important |
| Microsoft Windows SCSI Class System File | CVE-2024-21434 | Microsoft Windows SCSI Class System File Elevation of Privilege Vulnerability | Important |
| Open Management Infrastructure | CVE-2024-21330 | Open Management Infrastructure (OMI) Elevation of Privilege Vulnerability | Important |
| Open Management Infrastructure | CVE-2024-21334 | Open Management Infrastructure (OMI) Remote Code Execution Vulnerability | Important |
| Outlook for Android | CVE-2024-26204 | Outlook for Android Information Disclosure Vulnerability | Important |
| Role: Windows Hyper-V | CVE-2024-21407 | Windows Hyper-V Remote Code Execution Vulnerability | Critical |
| Role: Windows Hyper-V | CVE-2024-21408 | Windows Hyper-V Denial of Service Vulnerability | Critical |
| Skype for Consumer | CVE-2024-21411 | Skype for Consumer Remote Code Execution Vulnerability | Important |
| Software for Open Networking in the Cloud (SONiC) | CVE-2024-21418 | Software for Open Networking in the Cloud (SONiC) Elevation of Privilege Vulnerability | Important |
| Visual Studio Code | CVE-2024-26165 | Visual Studio Code Elevation of Privilege Vulnerability | Important |
| Windows AllJoyn API | CVE-2024-21438 | Microsoft AllJoyn API Denial of Service Vulnerability | Important |
| Windows Cloud Files Mini Filter Driver | CVE-2024-26160 | Windows Cloud Files Mini Filter Driver Information Disclosure Vulnerability | Important |
| Windows Composite Image File System | CVE-2024-26170 | Windows Composite Image File System (CimFS) Elevation of Privilege Vulnerability | Important |
| Windows Compressed Folder | CVE-2024-26185 | Windows Compressed Folder Tampering Vulnerability | Important |
| Windows Defender | CVE-2024-20671 | Microsoft Defender Security Feature Bypass Vulnerability | Important |
| Windows Error Reporting | CVE-2024-26169 | Windows Error Reporting Service Elevation of Privilege Vulnerability | Important |
| Windows Hypervisor-Protected Code Integrity | CVE-2024-21431 | Hypervisor-Protected Code Integrity (HVCI) Security Feature Bypass Vulnerability | Important |
| Windows Installer | CVE-2024-21436 | Windows Installer Elevation of Privilege Vulnerability | Important |
| Windows Kerberos | CVE-2024-21427 | Windows Kerberos Security Feature Bypass Vulnerability | Important |
| Windows Kernel | CVE-2024-26177 | Windows Kernel Information Disclosure Vulnerability | Important |
| Windows Kernel | CVE-2024-26176 | Windows Kernel Elevation of Privilege Vulnerability | Important |
| Windows Kernel | CVE-2024-26174 | Windows Kernel Information Disclosure Vulnerability | Important |
| Windows Kernel | CVE-2024-26182 | Windows Kernel Elevation of Privilege Vulnerability | Important |
| Windows Kernel | CVE-2024-26181 | Windows Kernel Denial of Service Vulnerability | Important |
| Windows Kernel | CVE-2024-26178 | Windows Kernel Elevation of Privilege Vulnerability | Important |
| Windows Kernel | CVE-2024-26173 | Windows Kernel Elevation of Privilege Vulnerability | Important |
| Windows Kernel | CVE-2024-21443 | Windows Kernel Elevation of Privilege Vulnerability | Important |
| Windows NTFS | CVE-2024-21446 | NTFS Elevation of Privilege Vulnerability | Important |
| Windows ODBC Driver | CVE-2024-21440 | Microsoft ODBC Driver Remote Code Execution Vulnerability | Important |
| Windows ODBC Driver | CVE-2024-26162 | Microsoft ODBC Driver Remote Code Execution Vulnerability | Important |
| Windows ODBC Driver | CVE-2024-26159 | Microsoft ODBC Driver Remote Code Execution Vulnerability | Important |
| Windows OLE | CVE-2024-21435 | Windows OLE Remote Code Execution Vulnerability | Important |
| Windows Print Spooler Components | CVE-2024-21433 | Windows Print Spooler Elevation of Privilege Vulnerability | Important |
| Windows Standards-Based Storage Management Service | CVE-2024-26197 | Windows Standards-Based Storage Management Service Denial of Service Vulnerability | Important |
| Windows Telephony Server | CVE-2024-21439 | Windows Telephony Server Elevation of Privilege Vulnerability | Important |
| Windows Update Stack | CVE-2024-21432 | Windows Update Stack Elevation of Privilege Vulnerability | Important |
| Windows USB Hub Driver | CVE-2024-21429 | Windows USB Hub Driver Remote Code Execution Vulnerability | Important |
| Windows USB Print Driver | CVE-2024-21442 | Windows USB Print Driver Elevation of Privilege Vulnerability | Important |
| Windows USB Print Driver | CVE-2024-21445 | Windows USB Print Driver Elevation of Privilege Vulnerability | Important |
| Windows USB Serial Driver | CVE-2024-21430 | Windows USB Attached SCSI (UAS) Protocol Remote Code Execution Vulnerability | Important |
