Home Latest Cyber Security News | Network Security Hacking Microsoft Addressed ~60 Vulnerabilities With March Patch Tuesday
Latest Cyber Security News | Network Security HackingNewsVulnerabilities

Microsoft Addressed ~60 Vulnerabilities With March Patch Tuesday

by Abeerah Hashim
written by Abeerah Hashim
Microsoft Patch Tuesday March 2024 arrived with 60 bug fixes

The Patch Tuesday update bundle for March 2024 carries some important security fixes for various Microsoft products. Nonetheless, no specific zero days were reported for this month’s fix.

Microsoft March 2024 Patch Tuesday Overview

With March updates, the Redmond giant addressed dozens of security vulnerabilities affecting different products. But interestingly, the updates do not include any zero-day fixes this time. So, while these updates do not demand an immediate rush from users, they are still important to secure eligible devices from potential threats.

The most noteworthy security fixes with the March 2024 Patch Tuesday bundle arrive for two critical vulnerabilities in Microsoft Hyper-V. These include,

  • CVE-2024-21407 (CVSS 8.1): A critical severity remote code execution vulnerability allowing attacks from an authenticated attacker. An adversary could exploit the flaw by sending maliciously crafted file operation requests to the guest VM that could allow code execution. Exploiting the flaw requires the attacker to first prepare the target environment by gathering specific information.
  • CVE-2024-21408 (CVSS 5.5): A denial-of-service vulnerability affecting Windows Hyper-V. While this vulnerability received a low CVSS score, it still achieved a critical severity rating given its impact.

Except for these two vulnerabilities, all other security issues received important severity ratings. These vulnerabilities affected different Microsoft products, including Windows Kernel, Print Spooler, Microsoft Edge, Windows Installer, and Microsoft Defender. From these, some noteworthy vulnerabilities include,

  • CVE-2024-26199 (CVSS 7.8): A privilege escalation vulnerability affecting Microsoft Office that could let an authenticated adversary gain SYSTEM privileges on the target system.
  • CVE-2024-26198 (CVSS 8.8): A remote code execution flaw in Microsoft Exchange Server. An unauthenticated attacker could exploit the flaw by placing a maliciously crafted file in an online directory or local network location, and tricking the victim user into opening the file which would load the malicious DLL.

While these updates would automatically reach all eligible systems, users must still check their devices manually for updates to ensure that they are promptly receiving the security fixes.

Let us know your thoughts in the comments.

Abeerah has been a passionate blogger for several years with a particular interest towards science and technology. She is crazy to know everything about the latest tech developments. Knowing and writing about cybersecurity, hacking, and spying has always enchanted her. When she is not writing, what else can be a better pastime than web surfing and staying updated about the tech world! Reach out to me at: [email protected]

You may also like

Multiple Vulnerabilities Found In Forminator WordPress Plugin

Palo Alto Networks Patched A Pan-OS Vulnerability Under...

Apple Removed Numerous Apps From China App Store

Xiid SealedTunnel: Unfazed by Yet Another Critical Firewall...

Personal Data Exposed in Massive Global Hack: Understanding...

Guardz Welcomes SentinelOne as Strategic Partner and Investor...

Invision Community Vulnerabilities Risk E-Commerce Websites

Microsoft April Patch Tuesday Fixes Dozens of RCE...

Match Systems publishes report on the consequences of...

Cypago Announces New Automation Support for AI Security...