Microsoft just patched a whole load of important security flaws, including two critical issues – so update now
The March 2024 edition of Microsoft’s Patch Tuesday is upon us, fixing dozens of vulnerabilities, including two critical severity issues which could result in remote code execution (RCE) and privilege escalation.
In its advisory, Microsoft announced addressing 61 CVEs, in addition to 17 Edge flaws fixed a few weeks prior. Of those 61 vulnerabilities, two are labeled critical, 58 important, and one low. The company said the flaws were not publicly known, or under active exploitation.
However, six were flagged as “exploitation more likely”, probably suggesting that they are relatively easy to discover and abuse, and that it was only a matter of time before a threat actor finds them.
Hyper-V flaws addressed
That being said, the two critical severity vulnerabilities are tracked as CVE-2024-21334 and CVE-2024-21400. The former has a severity score of 9.8, and is described as an Open Management Infrastructure (OMI) Remote Code Execution Vulnerability. The latter, on the other hand, has a severity score of 9.0, and is described as an Azure Kubernetes Service Confidential Container Elevation of Privilege Vulnerability.
Besides the two, other notable mentions include CVE-2024-21407, and CVE-2024-21408, two flaws affecting Hyper-V, and allowing threat actors not only to run RCE, but also denial-of-service (DoS) attacks.
This month’s Patch Tuesday also fixes a number of vulnerabilities discovered in products from other vendors, such as Adobe, AMD, Citrix, Chrome, NVIDIA, and many others. The full list of vulnerabilities serviced this month can be found on this link.
Every second Tuesday in a month, Microsoft releases cumulative updates, addressing as many vulnerabilities as it can (aside from critical updates which are released as soon as they’re available, and are usually known as out-of-bands patches). This is a longstanding practice in the IT industry that’s been picked up by many companies, including Adobe, and Oracle, and formalized in late 2003 by Microsoft.
More from TechRadar Pro
The March 2024 edition of Microsoft’s Patch Tuesday is upon us, fixing dozens of vulnerabilities, including two critical severity issues which could result in remote code execution (RCE) and privilege escalation. In its advisory, Microsoft announced addressing 61 CVEs, in addition to 17 Edge flaws fixed a few weeks prior.…
Recent Posts
- Safari tipped to get AI-powered Intelligent Search in iOS 18 and macOS 15
- TikTok seems to be dodging App Store commissions in Epic fashion
- Amazon Q is now open to any workers looking to build an AI chatbot for work
- AWS Q1 growth pushes ahead as cloud revenue soars
- Network specialist debuts free tool that promises to solve VPN and ZTNA connectivity issues for good
Archives
- May 2024
- April 2024
- March 2024
- February 2024
- January 2024
- December 2023
- November 2023
- October 2023
- September 2023
- August 2023
- July 2023
- June 2023
- May 2023
- April 2023
- March 2023
- February 2023
- January 2023
- December 2022
- November 2022
- October 2022
- September 2022
- August 2022
- July 2022
- June 2022
- May 2022
- April 2022
- March 2022
- February 2022
- January 2022
- December 2021
- November 2021
- October 2021
- September 2021
- August 2021
- July 2021
- June 2021
- May 2021
- April 2021
- March 2021
- February 2021
- January 2021
- December 2020
- November 2020
- October 2020
- September 2020
- August 2020
- July 2020
- June 2020
- May 2020
- April 2020
- March 2020
- February 2020
- January 2020
- December 2019
- November 2019
- December 2011