Today marks Microsoft's March 2024 Patch Tuesday, with security updates addressing a total of 60 vulnerabilities, notably including eighteen remote code execution (RCE) flaws.
While this Patch Tuesday addresses only two critical vulnerabilities, namely Hyper-V remote code execution and denial of service flaws, it encompasses a range of other issues across various categories:
- 24 Elevation of Privilege Vulnerabilities
- 3 Security Feature Bypass Vulnerabilities
- 6 Information Disclosure Vulnerabilities
- 6 Denial of Service Vulnerabilities
- 2 Spoofing Vulnerabilities
It's worth noting that the total count of 60 flaws does not include the four Microsoft Edge vulnerabilities addressed on March 7th.
In this month's Patch Tuesday, Microsoft has not disclosed any zero-day vulnerabilities. However, several noteworthy flaws have been addressed:
CVE-2024-21400 - Microsoft Azure Kubernetes Service Confidential Container Elevation of Privilege Vulnerability
This vulnerability, discovered by Yuval Avrahami, affected Azure Kubernetes Service and could potentially allow attackers to gain elevated privileges, thus compromising credentials and affecting resources managed by Azure Kubernetes Service Confidential Containers (AKSCC).
CVE-2024-26199 - Microsoft Office Elevation of Privilege Vulnerability
Discovered by Iván Almuiña from Hacking Corporation Sàrl, this Office vulnerability allowed any authenticated user to obtain SYSTEM privileges, without requiring admin or other elevated privileges.
CVE-2024-20671 - Microsoft Defender Security Feature Bypass Vulnerability
This flaw, discovered by Manuel Feifel with Infoguard (Vurex), impacted Microsoft Defender, potentially preventing it from starting. However, it is resolved through updates to the Windows Defender Antimalware Platform, automatically installed on Windows devices.
CVE-2024-21411 - Skype for Consumer Remote Code Execution Vulnerability
Hector Peralta and Nicole Armua, collaborating with Trend Micro Zero Day Initiative, discovered this remote code execution vulnerability in Skype for Consumer. It could be triggered through a malicious link or image sent via Instant Message.
Recent updates from other companies include security updates from Apple, Cisco, Fortinet, Google, Intel, QNAP, SAP, VMware, and AnyCubic, addressing various vulnerabilities and issues across their products and services.
For more detailed information on these updates and advisories, stay tuned to our dedicated articles covering the latest developments in cybersecurity.
As always, it's crucial to promptly apply these patches and updates to ensure the security and integrity of your systems and data.
0 comments:
Post a Comment