Security Guidance

Microsoft Patch Tuesday: March 2024

March 13, 2024

Microsoft Patch Tuesday: March 2024

This month’s Patch Tuesday release sees 60 total vulnerabilities being patched, distributed between 2 critical and 58 important, with zero vulnerabilities publicly disclosed or actively exploited.

CVE-2024-21407: Windows Hyper-V Remote Code Execution Vulnerability

This critical vulnerability affecting Windows Hyper-V could allow a remote attacker to execute arbitrary code on the target host. Exploitation of this flaw requires an authenticated attacker on a guest VM to send specially crafted file operation requests on the VM to hardware resources on the VM which could result in remote code execution on the host server.

However, it is noted that successful exploitation requires an attacker to know specific information about the environment and take prior actions, but no further information has been provided.

CVE-2024-21400: Microsoft Azure Kubernetes Service Confidential Container Elevation of Privilege Vulnerability

A vulnerability present in Azure Kubernetes Service could allow an unauthenticated attacker to steal credentials and affect resources beyond the security scope managed by Azure Kubernetes Service Confidential Containers (AKSCC). Attack complexity for this vulnerability is high, as the attacker is required to prepare the target environment to improve exploit reliability.

CVE-2024-20671: Microsoft Defender Security Feature Bypass Vulnerability

This important vulnerability could allow an authenticated attacker to prevent Microsoft Defender from starting. A fix for this flaw will be automatically applied by the Windows Defender Antimalware Platform, meaning a manual update is not required.

Despite being issued automatically; Microsoft are urging users to verify that this update has been installed.

You can check this by following these instructions:

1. Open the Windows Security program. For example, type Security in the Search bar, and select the Windows Security program.

2. In the navigation pane, select Virus & threat protection.

3. Under Virus & threat protection updates in the main window, select Check for updates.

4. Select Check for updates again.

5. In the navigation pane, select Settings, and then select About.

6. Examine the Platform Version number. The update was successfully installed if the Malware Protection Platform version number or the signature package version number matches or exceeds the version number that you are trying to verify as installed.

CVE-2024-26198: Microsoft Exchange Server Remote Code Execution Vulnerability

This important vulnerability in Microsoft Exchange Server could allow an unauthenticated attacker to load a malicious DLL which could lead to remote code execution. Successful exploitation of this flaw requires placing a specially crafted file onto an online directory or in a local network location and then convincing the user to open it to run the DLL.

For a full list of this month’s updates please see the links below:

Patch Tuesday release notes: https://msrc.microsoft.com/update-guide/releaseNote/2024-Mar

Security update guide: https://msrc.microsoft.com/update-guide/

Author

Stuart Hare is a Technologist with a passion for helping people in all aspects of IT & Cyber Security. Stuart is the Founder of Ironshare, an Information and Cyber Security company providing consultancy and managed services.

Samuel is a Security Analyst with Ironshare, an Information and Cyber Security company providing Security consultancy and managed services.

Joshua is working as a Managed Service Lead with Ironshare, an Information and Cyber Security company providing Security consultancy and managed services.

SUBSCRIBE

Ironshare is a provider of Information and Cyber Security services.

we went with; wizard pi