HomeWinBuzzer NewsMicrosoft Addresses 59 Security Flaws in Latest Patch Tuesday Updates

Microsoft Addresses 59 Security Flaws in Latest Patch Tuesday Updates

Microsoft's March Patch Tuesday fixes 60 security vulnerabilities across Windows 11 and other products, including critical remote code execution flaws.

-

Microsoft has announced a comprehensive series of updates as part of its March 2024 Patch Tuesday. This update is crucial for users across various versions of Windows 11, including versions 23H2, 22H2, and 21H2, with the updates delivered through KB5035853 for the first two versions and KB5035854 for version 21H2. Post-update, Windows 11 will see its builds updated to 22631.3296, 22621.3296, and 22000.2836, respectively. The focus of these updates is to address security vulnerabilities and improve the overall quality and stability of the operating system.

This March 2024 Patch Tuesday is particularly noteworthy for its scale and scope, addressing 60 security vulnerabilities across Microsoft’s diverse product lineup. Among these, 18 are remote code execution flaws, including two critical vulnerabilities: one being a Hyper-V remote code execution flaw and the other a denial of service vulnerability within the same Hyper-V context. The detailed remediation of these vulnerabilities emphasizes Microsoft’s commitment to securing its ecosystem against a backdrop of increasingly sophisticated cyber threats.

Patching High-Profile Critical Flaws

Moreover, the updates address several high-profile vulnerabilities, such as the Open Management Infrastructure (OMI) Remote Code Execution Vulnerability (CVE-2024-21334) with a CVSS score of 9.8, highlighting its severity. This vulnerability, in particular, has raised concerns due to its potential for remote, unauthenticated attackers to execute code on Internet-accessible OMI instances. Despite the high severity, Microsoft has assessed the exploitation likelihood as “less likely,” reassuring users about the effectiveness of the patches.

Microsoft has also made strides in ensuring the smooth application of these updates through the release of servicing stack updates (SSUs) for improved update installation functionality. These SSUs are integral to the maintenance and reliability of the update process, ensuring that systems can seamlessly receive and implement Microsoft’s security enhancements.

Accessibility to these updates is facilitated through Windows Update, with most installations occurring automatically. However, for users who prefer or require manual installation, the updates are also available for direct download from the Microsoft Update Catalog website. As part of this rollout, Microsoft has not reported any issues, underlining the thoroughness and reliability of their update process.

In conjunction with Microsoft’s efforts, other technology companies, including Apple, Cisco, and Google, have also released their security updates, contributing to a broader industry-wide push towards fortifying digital defenses. As the digital landscape continues to evolve, such proactive measures by Microsoft and other tech giants are vital in safeguarding digital infrastructures and user data against emerging threats.

All Patch Updates for March 2024

CVE ID

CVE Title

Tag

Severity

CVE-2024-21392

.NET and Visual Studio Denial of Service Vulnerability

.NET

Important

CVE-2024-26203

Azure Data Studio Elevation of Privilege Vulnerability

Azure Data Studio

Important

CVE-2024-21421

Azure SDK Spoofing Vulnerability

Azure SDK

Important

CVE-2023-28746

Intel: CVE-2023-28746 Register File Data Sampling (RFDS)

Intel

Important

CVE-2024-21390

Microsoft Authenticator Elevation of Privilege Vulnerability

Microsoft Authenticator

Important

CVE-2024-21400

Microsoft Azure Kubernetes Service Confidential Container Elevation of Privilege Vulnerability

Microsoft Azure Kubernetes Service

Important

CVE-2024-26164

Microsoft Django Backend for SQL Server Remote Code Execution Vulnerability

Microsoft Django Backend for SQL Server

Important

CVE-2024-21419

Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability

Microsoft Dynamics

Important

CVE-2024-2174

Chromium: CVE-2024-2174 Inappropriate implementation in V8

Microsoft Edge (Chromium-based)

Unknown

CVE-2024-2173

Chromium: CVE-2024-2173 Out of bounds memory access in V8

Microsoft Edge (Chromium-based)

Unknown

CVE-2024-2176

Chromium: CVE-2024-2176 Use after free in FedCM

Microsoft Edge (Chromium-based)

Unknown

CVE-2024-26167

Microsoft Edge for Android Spoofing Vulnerability

Microsoft Edge for Android

Unknown

CVE-2024-26198

Microsoft Exchange Server Remote Code Execution Vulnerability

Microsoft Exchange Server

Important

CVE-2024-21437

Windows Graphics Component Elevation of Privilege Vulnerability

Microsoft Graphics Component

Important

CVE-2024-26201

Microsoft Intune Linux Agent Elevation of Privilege Vulnerability

Microsoft Intune

Important

CVE-2024-26199

Microsoft Office Elevation of Privilege Vulnerability

Microsoft Office

Important

CVE-2024-21426

Microsoft SharePoint Server Remote Code Execution Vulnerability

Microsoft Office SharePoint

Important

CVE-2024-26190

Microsoft QUIC Denial of Service Vulnerability

Microsoft QUIC

Important

CVE-2024-21448

Microsoft Teams for Android Information Disclosure Vulnerability

Microsoft Teams for Android

Important

CVE-2024-21451

Microsoft ODBC Driver Remote Code Execution Vulnerability

Microsoft WDAC ODBC Driver

Important

CVE-2024-21441

Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability

Microsoft WDAC OLE DB provider for SQL

Important

CVE-2024-26161

Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability

Microsoft WDAC OLE DB provider for SQL

Important

CVE-2024-26166

Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability

Microsoft WDAC OLE DB provider for SQL

Important

CVE-2024-21444

Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability

Microsoft WDAC OLE DB provider for SQL

Important

CVE-2024-21450

Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability

Microsoft WDAC OLE DB provider for SQL

Important

CVE-2024-21434

Microsoft Windows SCSI Class System File Elevation of Privilege Vulnerability

Microsoft Windows SCSI Class System File

Important

CVE-2024-21330

Open Management Infrastructure (OMI) Elevation of Privilege Vulnerability

Open Management Infrastructure

Important

CVE-2024-21334

Open Management Infrastructure (OMI) Remote Code Execution Vulnerability

Open Management Infrastructure

Important

CVE-2024-26204

Outlook for Android Information Disclosure Vulnerability

Outlook for Android

Important

CVE-2024-21407

Windows Hyper-V Remote Code Execution Vulnerability

Role: Windows Hyper-V

Critical

CVE-2024-21408

Windows Hyper-V Denial of Service Vulnerability

Role: Windows Hyper-V

Critical

CVE-2024-21411

Skype for Consumer Remote Code Execution Vulnerability

Skype for Consumer

Important

CVE-2024-21418

Software for Open Networking in the Cloud (SONiC) Elevation of Privilege Vulnerability

Software for Open Networking in the Cloud (SONiC)

Important

CVE-2024-26165

Visual Studio Code Elevation of Privilege Vulnerability

Visual Studio Code

Important

CVE-2024-21438

Microsoft AllJoyn API Denial of Service Vulnerability

Windows AllJoyn API

Important

CVE-2024-26160

Windows Cloud Files Mini Filter Driver Information Disclosure Vulnerability

Windows Cloud Files Mini Filter Driver

Important

CVE-2024-26170

Windows Composite Image File System (CimFS) Elevation of Privilege Vulnerability

Windows Composite Image File System

Important

CVE-2024-26185

Windows Compressed Folder Tampering Vulnerability

Windows Compressed Folder

Important

CVE-2024-20671

Microsoft Defender Security Feature Bypass Vulnerability

Windows Defender

Important

CVE-2024-26169

Windows Error Reporting Service Elevation of Privilege Vulnerability

Windows Error Reporting

Important

CVE-2024-21431

Hypervisor-Protected Code Integrity (HVCI) Security Feature Bypass Vulnerability

Windows Hypervisor-Protected Code Integrity

Important

CVE-2024-21436

Windows Installer Elevation of Privilege Vulnerability

Windows Installer

Important

CVE-2024-21427

Windows Kerberos Security Feature Bypass Vulnerability

Windows Kerberos

Important

CVE-2024-26177

Windows Kernel Information Disclosure Vulnerability

Windows Kernel

Important

CVE-2024-26176

Windows Kernel Elevation of Privilege Vulnerability

Windows Kernel

Important

CVE-2024-26174

Windows Kernel Information Disclosure Vulnerability

Windows Kernel

Important

CVE-2024-26182

Windows Kernel Elevation of Privilege Vulnerability

Windows Kernel

Important

CVE-2024-26181

Windows Kernel Denial of Service Vulnerability

Windows Kernel

Important

CVE-2024-26178

Windows Kernel Elevation of Privilege Vulnerability

Windows Kernel

Important

CVE-2024-26173

Windows Kernel Elevation of Privilege Vulnerability

Windows Kernel

Important

CVE-2024-21443

Windows Kernel Elevation of Privilege Vulnerability

Windows Kernel

Important

CVE-2024-21446

NTFS Elevation of Privilege Vulnerability

Windows NTFS

Important

CVE-2024-21440

Microsoft ODBC Driver Remote Code Execution Vulnerability

Windows ODBC Driver

Important

CVE-2024-26162

Microsoft ODBC Driver Remote Code Execution Vulnerability

Windows ODBC Driver

Important

CVE-2024-26159

Microsoft ODBC Driver Remote Code Execution Vulnerability

Windows ODBC Driver

Important

CVE-2024-21435

Windows OLE Remote Code Execution Vulnerability

Windows OLE

Important

CVE-2024-21433

Windows Print Spooler Elevation of Privilege Vulnerability

Windows Print Spooler Components

Important

CVE-2024-26197

Windows Standards-Based Storage Management Service Denial of Service Vulnerability

Windows Standards-Based Storage Management Service

Important

CVE-2024-21439

Windows Telephony Server Elevation of Privilege Vulnerability

Windows Telephony Server

Important

CVE-2024-21432

Windows Update Stack Elevation of Privilege Vulnerability

Windows Update Stack

Important

CVE-2024-21429

Windows USB Hub Driver Remote Code Execution Vulnerability

Windows USB Hub Driver

Important

CVE-2024-21442

Windows USB Print Driver Elevation of Privilege Vulnerability

Windows USB Print Driver

Important

CVE-2024-21445

Windows USB Print Driver Elevation of Privilege Vulnerability

Windows USB Print Driver

Important

CVE-2024-21430

Windows USB Attached SCSI (UAS) Protocol Remote Code Execution Vulnerability

Windows USB Serial Driver

Important

 

Luke Jones
Luke Jones
Luke has been writing about all things tech for more than five years. He is following Microsoft closely to bring you the latest news about Windows, Office, Azure, Skype, HoloLens and all the rest of their products.