Webinar Library
Welcome to my March Patch Tuesday. Today Microsoft released updates for 61 vulnerabilities and an additional 19 updates since the previous Patch Tuesday for a total of 80 updates this month. Believe it or not we have no zero days to talk about this month. It has been quite a while since we've had that. So I'll focus on the updates that are our highest priorities this month. First, according to CVSS metrics, our highest priorities are CVE-2024-21334 and CVE-2024-21400. 21334 is a remote code execution vulnerability and has a rating of 8.5 and affects SCOM and OMI. 21400 is an elevation of privilege and rated 8.1. The interesting thing for both is that the CVSS score is high but the severity rating from Microsoft is only "Important". So please review and test these updates before deploying them. Second, looking at the severity ratings from Microsoft we have two CVE's rated "Critical". CVE-2024-21407 and CVE-2024-21408 both affect Hyper-V which means your Windows OS's (both server and workstation) are vulnerable. So please update these as soon as possible. Interestingly, Microsoft Office has very few patches this month. I can't remember how many years have passed since we have had no updates for any of the Office Suite products. There's always next month!
Patch data provided by:
Technology
Products Affected
Severity
Reference
Workaround/ Exploited / Publicly Disclosed
Vulnerability Info
Windows
Windows 10, 11
Server 2008 SP2, 2008R2 SP1, 2012, 2012 R2, 2016, 2019, 2022 including Server Core Installations
Critical
CVE-2023-28746 CVE-2024-21407 CVE-2024-21408 CVE-2024-21427 CVE-2024-21429 CVE-2024-21430 CVE-2024-21431 CVE-2024-21432 CVE-2024-21433 CVE-2024-21434 CVE-2024-21435 CVE-2024-21436 CVE-2024-21437 CVE-2024-21438 CVE-2024-21439 CVE-2024-21440 CVE-2024-21441 CVE-2024-21442 CVE-2024-21443 CVE-2024-21444 CVE-2024-21445 CVE-2024-21446 CVE-2024-21450 CVE-2024-21451 CVE-2024-26159 CVE-2024-26160 CVE-2024-26161 CVE-2024-26162 CVE-2024-26166 CVE-2024-26169 CVE-2024-26170 CVE-2024-26173 CVE-2024-26174 CVE-2024-26176 CVE-2024-26177 CVE-2024-26178 CVE-2024-26181 CVE-2024-26182 CVE-2024-26185 CVE-2024-26190 CVE-2024-26197
Denial of Service
Elevation of Privilege
Information Disclosure
Remote Code Execution Security Feature Bypass Tampering
Edge
Chromium-based
Important
CVE-2024-1669 CVE-2024-1670 CVE-2024-1671 CVE-2024-1672 CVE-2024-1673 CVE-2024-1674 CVE-2024-1675 CVE-2024-1676 CVE-2024-1938 CVE-2024-1939 CVE-2024-21423 CVE-2024-2173 CVE-2024-2174 CVE-2024-2176 CVE-2024-26167 CVE-2024-26188 CVE-2024-26192 CVE-2024-26196
Workaround: No Exploited: No Public: No
Information Disclosure Spoofing
Office and SharePoint
365 Apps for Enterprise SharePoint Server 2016/2019 SharePoint Server Subscription Edition Teams for Android
CVE-2024-21426 CVE-2024-21448 CVE-2024-26199
Elevation of Privilege Information Disclosure Remote Code Execution
Exchange
Server 2016 CU23 Server 2019 CU13 & CU14
CVE-2024-26198
Remote Code Execution
Developer Tools
.NET 7.0, 8.0 Visual Studio 2022 17.4 - 17.9 VS Code
CVE-2024-21392 CVE-2024-26165 CVE-2024-26190
SQL Server
Backend for Django
CVE-2024-26164
Dynamics
On-Prem 9.1
CVE-2024-21419
Spoofing
Azure
Automation Automation Update Management Data Studio Kubernetes Service Kubernetes Service Confidential Containers SDK Security Center Sentinel Container Monitoring Solution Log Analytics Agent Open Management Infrastructure OMS for Linux SONic 201811, 201911, 202012 and 202205
CVE-2024-21330 CVE-2024-21334 CVE-2024-21400 CVE-2024-21418 CVE-2024-21421 CVE-2024-21626 CVE-2024-26203
Elevation of Privilege Remote Code Execution Spoofing
System Center
Defender Antimalware Platform Defender for Endpoint SCOM 2019 & 2022
CVE-2024-20671 CVE-2024-21315 CVE-2024-21330 CVE-2024-21334
Elevation of Privilege Remote Code Execution Security Feature Bypass
Apps
Intune Company Portal for Android MS Authenticator MS Outlook for Android Skype for Consumer
CVE-2024-21390 CVE-2024-21411 CVE-2024-26201 CVE-2024-26204
Mariner
CBL Mariner 2.0 for x64 & ARM
CVE-2024-21626