Microsoft has announced a comprehensive series of updates as part of its March 2024 Patch Tuesday. This update is crucial for users across various versions of Windows 11, including versions 23H2, 22H2, and 21H2, with the updates delivered through KB5035853 for the first two versions and KB5035854 for version 21H2. Post-update, Windows 11 will see its builds updated to 22631.3296, 22621.3296, and 22000.2836, respectively. The focus of these updates is to address security vulnerabilities and improve the overall quality and stability of the operating system.
This March 2024 Patch Tuesday is particularly noteworthy for its scale and scope, addressing 60 security vulnerabilities across Microsoft's diverse product lineup. Among these, 18 are remote code execution flaws, including two critical vulnerabilities: one being a Hyper-V remote code execution flaw and the other a denial of service vulnerability within the same Hyper-V context. The detailed remediation of these vulnerabilities emphasizes Microsoft's commitment to securing its ecosystem against a backdrop of increasingly sophisticated cyber threats.
Patching High-Profile Critical Flaws
Moreover, the updates address several high-profile vulnerabilities, such as the Open Management Infrastructure (OMI) Remote Code Execution Vulnerability (CVE-2024-21334) with a CVSS score of 9.8, highlighting its severity. This vulnerability, in particular, has raised concerns due to its potential for remote, unauthenticated attackers to execute code on Internet-accessible OMI instances. Despite the high severity, Microsoft has assessed the exploitation likelihood as “less likely,” reassuring users about the effectiveness of the patches.
Microsoft has also made strides in ensuring the smooth application of these updates through the release of servicing stack updates (SSUs) for improved update installation functionality. These SSUs are integral to the maintenance and reliability of the update process, ensuring that systems can seamlessly receive and implement Microsoft's security enhancements.
Accessibility to these updates is facilitated through Windows Update, with most installations occurring automatically. However, for users who prefer or require manual installation, the updates are also available for direct download from the Microsoft Update Catalog website. As part of this rollout, Microsoft has not reported any issues, underlining the thoroughness and reliability of their update process.
In conjunction with Microsoft's efforts, other technology companies, including Apple, Cisco, and Google, have also released their security updates, contributing to a broader industry-wide push towards fortifying digital defenses. As the digital landscape continues to evolve, such proactive measures by Microsoft and other tech giants are vital in safeguarding digital infrastructures and user data against emerging threats.
All Patch Updates for March 2024
CVE ID |
CVE Title |
Tag |
Severity |
.NET and Visual Studio Denial of Service Vulnerability |
.NET |
Important |
|
Azure Data Studio Elevation of Privilege Vulnerability |
Azure Data Studio |
Important |
|
Azure SDK Spoofing Vulnerability |
Azure SDK |
Important |
|
Intel: CVE-2023-28746 Register File Data Sampling (RFDS) |
Intel |
Important |
|
Microsoft Authenticator Elevation of Privilege Vulnerability |
Microsoft Authenticator |
Important |
|
Microsoft Azure Kubernetes Service Confidential Container Elevation of Privilege Vulnerability |
Microsoft Azure Kubernetes Service |
Important |
|
Microsoft Django Backend for SQL Server Remote Code Execution Vulnerability |
Microsoft Django Backend for SQL Server |
Important |
|
Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability |
Microsoft Dynamics |
Important |
|
Chromium: CVE-2024-2174 Inappropriate implementation in V8 |
Microsoft Edge (Chromium-based) |
Unknown |
|
Chromium: CVE-2024-2173 Out of bounds memory access in V8 |
Microsoft Edge (Chromium-based) |
Unknown |
|
Chromium: CVE-2024-2176 Use after free in FedCM |
Microsoft Edge (Chromium-based) |
Unknown |
|
Microsoft Edge for Android Spoofing Vulnerability |
Microsoft Edge for Android |
Unknown |
|
Microsoft Exchange Server Remote Code Execution Vulnerability |
Microsoft Exchange Server |
Important |
|
Windows Graphics Component Elevation of Privilege Vulnerability |
Microsoft Graphics Component |
Important |
|
Microsoft Intune Linux Agent Elevation of Privilege Vulnerability |
Microsoft Intune |
Important |
|
Microsoft Office Elevation of Privilege Vulnerability |
Microsoft Office |
Important |
|
Microsoft SharePoint Server Remote Code Execution Vulnerability |
Microsoft Office SharePoint |
Important |
|
Microsoft QUIC Denial of Service Vulnerability |
Microsoft QUIC |
Important |
|
Microsoft Teams for Android Information Disclosure Vulnerability |
Microsoft Teams for Android |
Important |
|
Microsoft ODBC Driver Remote Code Execution Vulnerability |
Microsoft WDAC ODBC Driver |
Important |
|
Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability |
Microsoft WDAC OLE DB provider for SQL |
Important |
|
Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability |
Microsoft WDAC OLE DB provider for SQL |
Important |
|
Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability |
Microsoft WDAC OLE DB provider for SQL |
Important |
|
Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability |
Microsoft WDAC OLE DB provider for SQL |
Important |
|
Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability |
Microsoft WDAC OLE DB provider for SQL |
Important |
|
Microsoft Windows SCSI Class System File Elevation of Privilege Vulnerability |
Microsoft Windows SCSI Class System File |
Important |
|
Open Management Infrastructure (OMI) Elevation of Privilege Vulnerability |
Open Management Infrastructure |
Important |
|
Open Management Infrastructure (OMI) Remote Code Execution Vulnerability |
Open Management Infrastructure |
Important |
|
Outlook for Android Information Disclosure Vulnerability |
Outlook for Android |
Important |
|
Windows Hyper-V Remote Code Execution Vulnerability |
Role: Windows Hyper-V |
Critical |
|
Windows Hyper-V Denial of Service Vulnerability |
Role: Windows Hyper-V |
Critical |
|
Skype for Consumer Remote Code Execution Vulnerability |
Skype for Consumer |
Important |
|
Software for Open Networking in the Cloud (SONiC) Elevation of Privilege Vulnerability |
Software for Open Networking in the Cloud (SONiC) |
Important |
|
Visual Studio Code Elevation of Privilege Vulnerability |
Visual Studio Code |
Important |
|
Microsoft AllJoyn API Denial of Service Vulnerability |
Windows AllJoyn API |
Important |
|
Windows Cloud Files Mini Filter Driver Information Disclosure Vulnerability |
Windows Cloud Files Mini Filter Driver |
Important |
|
Windows Composite Image File System (CimFS) Elevation of Privilege Vulnerability |
Windows Composite Image File System |
Important |
|
Windows Compressed Folder Tampering Vulnerability |
Windows Compressed Folder |
Important |
|
Microsoft Defender Security Feature Bypass Vulnerability |
Windows Defender |
Important |
|
Windows Error Reporting Service Elevation of Privilege Vulnerability |
Windows Error Reporting |
Important |
|
Hypervisor-Protected Code Integrity (HVCI) Security Feature Bypass Vulnerability |
Windows Hypervisor-Protected Code Integrity |
Important |
|
Windows Installer Elevation of Privilege Vulnerability |
Windows Installer |
Important |
|
Windows Kerberos Security Feature Bypass Vulnerability |
Windows Kerberos |
Important |
|
Windows Kernel Information Disclosure Vulnerability |
Windows Kernel |
Important |
|
Windows Kernel Elevation of Privilege Vulnerability |
Windows Kernel |
Important |
|
Windows Kernel Information Disclosure Vulnerability |
Windows Kernel |
Important |
|
Windows Kernel Elevation of Privilege Vulnerability |
Windows Kernel |
Important |
|
Windows Kernel Denial of Service Vulnerability |
Windows Kernel |
Important |
|
Windows Kernel Elevation of Privilege Vulnerability |
Windows Kernel |
Important |
|
Windows Kernel Elevation of Privilege Vulnerability |
Windows Kernel |
Important |
|
Windows Kernel Elevation of Privilege Vulnerability |
Windows Kernel |
Important |
|
NTFS Elevation of Privilege Vulnerability |
Windows NTFS |
Important |
|
Microsoft ODBC Driver Remote Code Execution Vulnerability |
Windows ODBC Driver |
Important |
|
Microsoft ODBC Driver Remote Code Execution Vulnerability |
Windows ODBC Driver |
Important |
|
Microsoft ODBC Driver Remote Code Execution Vulnerability |
Windows ODBC Driver |
Important |
|
Windows OLE Remote Code Execution Vulnerability |
Windows OLE |
Important |
|
Windows Print Spooler Elevation of Privilege Vulnerability |
Windows Print Spooler Components |
Important |
|
Windows Standards-Based Storage Management Service Denial of Service Vulnerability |
Windows Standards-Based Storage Management Service |
Important |
|
Windows Telephony Server Elevation of Privilege Vulnerability |
Windows Telephony Server |
Important |
|
Windows Update Stack Elevation of Privilege Vulnerability |
Windows Update Stack |
Important |
|
Windows USB Hub Driver Remote Code Execution Vulnerability |
Windows USB Hub Driver |
Important |
|
Windows USB Print Driver Elevation of Privilege Vulnerability |
Windows USB Print Driver |
Important |
|
Windows USB Print Driver Elevation of Privilege Vulnerability |
Windows USB Print Driver |
Important |
|
Windows USB Attached SCSI (UAS) Protocol Remote Code Execution Vulnerability |
Windows USB Serial Driver |
Important |