1totaltech-main-logo

59 CVEs primed for Microsoft’s March Patch Tuesday

On Tuesday Microsoft released 59 CVEs, including 41 for Windows. A remarkable 20 other product groups or tools are also affected. Of the CVEs addressed, just two are considered Critical in severity by Microsoft, both in Windows (specifically, in Hyper-V).

At patch time, none of the issues has been publicly disclosed, or is known to be under active exploit in the wild. Six of the important-severity vulnerabilities in Windows are by the company’s estimation more likely to be exploited in the next 30 days. Five of the issues addressed are amenable to detection by Sophos protections, and we include information on those in a table below.

In addition to these patches the release included advisory information on four patches related to the Edge browser; three of those CVEs were assigned by the Chrome team, not Microsoft. (More on Microsoft’s Edge patch, CVE-2024-26167, in a minute.) There is also one Important-severity issue, CVE-2023-28746, for which advisory information is given this month.

We don’t include advisories in the CVE counts and graphics below, but we provide information on all of them in an appendix at the end of the article. We are as usual including at the end of this post three other appendices listing all Microsoft’s patches, sorted by severity, by predicted exploitability, and by product family.

By the Numbers

Total Microsoft CVEs (excluding Edge): 59
Total Edge / Chrome issues covered in update: 4
Total non-Microsoft CVEs covered in update: 1
Publicly disclosed: 0
Exploited: 0
Severity
Critical: 2
Important: 57

Elevation of Privilege: 25
Remote Code Execution: 18
Denial of Service: 6
Information Disclosure: 5
Security Feature Bypass: 2
Spoofing: 2
Tampering: 1

Figure 1: And just like that, 2024 ties 2023’s entire output of tampering CVEs… at one. More on CVE-2024-26185 in a minute

Products

Windows: 41 (including one shared with .NET and Visual Studio)
Azure: 4 (including one shared with Log Analytics Agent, OMI, OMS, and SCOM)
Visual Studio: 3 (including one shared with .NET and one shared with .NET and Windows)
.NET: 2 (including one shared with Visual Studio and one shared with Visual Studio and Windows)
OMI (Open Management Infrastructure): 2 (including one shared with Azure, Log Analytics Agent, OMS, and SCOM; and one shared with SCOM)
SCOM (System Center Operations Manager): 2 (including one shared with Azure, Log Analytics Agent, OMI, and OMS; and one shared with OMI
Authenticator: 1
Defender: 1
Dynamics 365: 1
Exchange: 1
Intune: 1
Log Analytics Agent: 1 (shared with Azure, OMI, OMS, and SCOM)
Office (365 on-premises): 1
OMS (Operations Management Suite Agent for Linux): 1 (shared with Azure, OMI, and SCOM)
Outlook: 1
SharePoint: 1
Skype: 1
SONiC (Software for Open Networking in the Cloud): 1
SQL: 1
Teams: 1

Figure 2: There’s something for everyone, as twenty tools or product groups are touched by the March Patch Tuesday angel

Notable March updates

In addition to the issues discussed above, a few specific items merit attention.

CVE-2024-26185

Windows Compressed Folder Tampering Vulnerability

One of the six issues Microsoft believes more likely to be exploited in the next 30 days, this vulnerability affects the ubiquitous 7zip. Minimal user interaction is required, most likely via email (in which the attacker sends a specially crafted file and convinces the user to open it) or via the web. This patch applies only to Win11 22H2 and Win11 23H2.

CVE-2024-21334

Open Management Infrastructure (OMI) Remote Code Execution Vulnerability

Sporting the month’s highest CVSS score (9.8 base) and yet not likely to be exploited in the next 30 days as judged by Microsoft, this RCE applies to not just OMI but to SCOM (System Center Operations Manager) 2019 and 2022 as well. If exploited, a unauthenticated remote attacker could access the OMI instance via the internet and send specially crafted requests to trigger a use-after-free vulnerability. (If patching’s not an immediate option, Linux machines that don’t need network listening can disable their incoming OMI ports by way of mitigation.)

CVE-2024-21421

Azure SDK Spoofing Vulnerability

Check the date of your last deployment: Was it prior to October 19, 2023? If so, you’ll need to manually update to Azure Core Build 1.29.5 or higher. (For convenience, Azure SDK’s GitHub is available here.) Those with deployments after that date already received the fix automatically.

CVE-2024-21448

Microsoft Teams for Android Information Disclosure

There are a number of Android-related patches this month – Intune, Outlook, the Edge patch we’ll discuss below – but only this one, an important-severity Teams issue, will require a trip to the Play Store. Exploitation would allow the attacker to read files from the private directory of the application.

CVE-2024-26167

Microsoft Edge for Android Spoofing Vulnerability

As an Edge vulnerability, this one arrives with scant information from Microsoft, which in the post-IE era mainly takes its browser updates outside the Patch Tuesday cycle. As an Android vulnerability, it may well be that Android users will take this update from other sources. What’s clear from Microsoft is that whatever it is and whoever’s patching it, the patch is not yet available, and that those concerned should keep an eye on the publicly posted CVE information for updates. Fortunately, with a 4.3 CVSS base score, this mystery may well be a tempest in a teapot.

Figure 3: March continues the trend so far in 2024 of lighter-than-usual patch loads. So far in 2024 there have been 179 patches released in the normal second-Tuesday cadence, compared with 246 in 2023, 225 in 2022, 228 in 2021, and 266 in 2020

Sophos protections

CVE
Sophos Intercept X/Endpoint IPS
Sophos XGS Firewall
CVE-2024-21433
Exp/2421433-A
Exp/2421433-A
CVE-2024-21437
Exp/2421437-A
Exp/2421437-A
CVE-2024-26160
Exp/2426160-A
Exp/2426160-A
CVE-2024-26170
Exp/2426170-A
Exp/2426170-A
CVE-2024-26182
Exp/2426182-A
Exp/2426182-A

As you can every month, if you don’t want to wait for your system to pull down Microsoft’s updates itself, you can download them manually from the Windows Update Catalog website. Run the winver.exe tool to determine which build of Windows 10 or 11 you’re running, then download the Cumulative Update package for your specific system’s architecture and build number.

Appendix A: Vulnerability Impact and Severity

This is a list of March patches sorted by impact, then sub-sorted by severity. Each list is further arranged by CVE.

Elevation of Privilege (25 CVEs)

Important severity
CVE-2024-21330
Open Management Infrastructure (OMI) Elevation of Privilege Vulnerability
CVE-2024-21390
Microsoft Authenticator Elevation of Privilege Vulnerability
CVE-2024-21400
Microsoft Azure Kubernetes Service Confidential Container Elevation of Privilege Vulnerability
CVE-2024-21418
Software for Open Networking in the Cloud (SONiC) Elevation of Privilege Vulnerability
CVE-2024-21431
Hypervisor-Protected Code Integrity (HVCI) Security Feature Bypass Vulnerability
CVE-2024-21432
Windows Update Stack Elevation of Privilege Vulnerability
CVE-2024-21433
Windows Print Spooler Elevation of Privilege Vulnerability
CVE-2024-21434
Microsoft Windows SCSI Class System File Elevation of Privilege Vulnerability
CVE-2024-21436
Windows Installer Elevation of Privilege Vulnerability
CVE-2024-21437
Windows Graphics Component Elevation of Privilege Vulnerability
CVE-2024-21439
Windows Telephony Server Elevation of Privilege Vulnerability
CVE-2024-21442
Windows USB Print Driver Elevation of Privilege Vulnerability
CVE-2024-21443
Windows Kernel Elevation of Privilege Vulnerability
CVE-2024-21445
Windows USB Print Driver Elevation of Privilege Vulnerability
CVE-2024-21446
NTFS Elevation of Privilege Vulnerability
CVE-2024-26165
Visual Studio Code Elevation of Privilege Vulnerability
CVE-2024-26169
Windows Error Reporting Service Elevation of Privilege Vulnerability
CVE-2024-26170
Windows Composite Image File System (CimFS) Elevation of Privilege Vulnerability
CVE-2024-26173
Windows Kernel Elevation of Privilege Vulnerability
CVE-2024-26176
Windows Kernel Elevation of Privilege Vulnerability
CVE-2024-26178
Windows Kernel Elevation of Privilege Vulnerability
CVE-2024-26182
Windows Kernel Elevation of Privilege Vulnerability
CVE-2024-26199
Microsoft Office Elevation of Privilege Vulnerability
CVE-2024-26201
Microsoft Intune Linux Agent Elevation of Privilege Vulnerability
CVE-2024-26203
Azure Data Studio Elevation of Privilege Vulnerability

 

Remote Code Execution (18 CVEs)

Critical severity
CVE-2024-21407
Windows Hyper-V Remote Code Execution Vulnerability
Important severity

CVE-2024-21334
Open Management Infrastructure (OMI) Remote Code Execution Vulnerability
CVE-2024-21411
Skype for Consumer Remote Code Execution Vulnerability
CVE-2024-21426
Microsoft SharePoint Server Remote Code Execution Vulnerability
CVE-2024-21429
Windows USB Hub Driver Remote Code Execution Vulnerability
CVE-2024-21430
Windows USB Attached SCSI (UAS) Protocol Remote Code Execution Vulnerability
CVE-2024-21435
Windows OLE Remote Code Execution Vulnerability
CVE-2024-21440
Microsoft ODBC Driver Remote Code Execution Vulnerability
CVE-2024-21441
Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
CVE-2024-21444
Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
CVE-2024-21450
Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
CVE-2024-21451
Microsoft ODBC Driver Remote Code Execution Vulnerability
CVE-2024-26159
Microsoft ODBC Driver Remote Code Execution Vulnerability
CVE-2024-26161
Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
CVE-2024-26162
Microsoft ODBC Driver Remote Code Execution Vulnerability
CVE-2024-26164
Microsoft Django Backend for SQL Server Remote Code Execution Vulnerability
CVE-2024-26166
Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
CVE-2024-26198
Microsoft Exchange Server Remote Code Execution Vulnerability

Denial of Service (6 CVEs)

Critical severity
CVE-2024-21408
Windows Hyper-V Denial of Service Vulnerability
Important severity
CVE-2024-21392
.NET and Visual Studio Denial of Service Vulnerability
CVE-2024-21438
Microsoft AllJoyn API Denial of Service Vulnerability
CVE-2024-26181
Windows Kernel Denial of Service Vulnerability
CVE-2024-26190
Microsoft QUIC Denial of Service Vulnerability
CVE-2024-26197
Windows Standards-Based Storage Management Service Denial of Service Vulnerability

information Disclosure (5 CVEs)

Important severity
CVE-2024-21448
Microsoft Teams for Android Information Disclosure
CVE-2024-26160
Windows Cloud Files Mini Filter Driver Information Disclosure Vulnerability
CVE-2024-26174
Windows Kernel Information Disclosure Vulnerability
CVE-2024-26177
Windows Kernel Information Disclosure Vulnerability
CVE-2024-26204
Outlook for Android Information Disclosure Vulnerability

 

Security Feature Bypass (2 CVEs)

Important severity
CVE-2024-20671
Microsoft Defender Security Feature Bypass Vulnerability
CVE-2024-21427
Windows Kerberos Security Feature Bypass Vulnerability

 

Spoofing (2 CVEs)

Important severity
CVE-2024-21419
Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability
CVE-2024-21421
Azure SDK Spoofing Vulnerability

Tampering (1 CVE)

Important severity
CVE-2024-26185
Windows Compressed Folder Tampering Vulnerability

 

Appendix B: Exploitability

This is a list of the March CVEs judged by Microsoft to be more likely to be exploited in the wild within the first 30 days post-release. The list is arranged by CVE.

Exploitation more likely within the next 30 days
CVE-2024-21433
Windows Print Spooler Elevation of Privilege Vulnerability
CVE-2024-21437
Windows Graphics Component Elevation of Privilege Vulnerability
CVE-2024-26160
Windows Cloud Files Mini Filter Driver Information Disclosure Vulnerability
CVE-2024-26170
Windows Composite Image File System (CimFS) Elevation of Privilege Vulnerability
CVE-2024-26182
Windows Kernel Elevation of Privilege Vulnerability
CVE-2024-26185
Windows Compressed Folder Tampering Vulnerability

 

Appendix C: Products Affected

This is a list of March’s patches sorted by product family, then sub-sorted by severity. Each list is further arranged by CVE. Patches that are shared among multiple product families are listed multiple times, once for each product family.

Windows (41 CVEs)

Critical severity
CVE-2024-21407
Windows Hyper-V Remote Code Execution Vulnerability
CVE-2024-21408
Windows Hyper-V Denial of Service Vulnerability
Important severity
CVE-2024-21427
Windows Kerberos Security Feature Bypass Vulnerability
CVE-2024-21429
Windows USB Hub Driver Remote Code Execution Vulnerability
CVE-2024-21430
Windows USB Attached SCSI (UAS) Protocol Remote Code Execution Vulnerability
CVE-2024-21431
Hypervisor-Protected Code Integrity (HVCI) Security Feature Bypass Vulnerability
CVE-2024-21432
Windows Update Stack Elevation of Privilege Vulnerability
CVE-2024-21433
Windows Print Spooler Elevation of Privilege Vulnerability
CVE-2024-21434
Microsoft Windows SCSI Class System File Elevation of Privilege Vulnerability
CVE-2024-21435
Windows OLE Remote Code Execution Vulnerability
CVE-2024-21436
Windows Installer Elevation of Privilege Vulnerability
CVE-2024-21437
Windows Graphics Component Elevation of Privilege Vulnerability
CVE-2024-21438
Microsoft AllJoyn API Denial of Service Vulnerability
CVE-2024-21439
Windows Telephony Server Elevation of Privilege Vulnerability
CVE-2024-21440
Microsoft ODBC Driver Remote Code Execution Vulnerability
CVE-2024-21441
Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
CVE-2024-21442
Windows USB Print Driver Elevation of Privilege Vulnerability
CVE-2024-21443
Windows Kernel Elevation of Privilege Vulnerability
CVE-2024-21444
Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
CVE-2024-21445
Windows USB Print Driver Elevation of Privilege Vulnerability
CVE-2024-21446
NTFS Elevation of Privilege Vulnerability
CVE-2024-21450
Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
CVE-2024-21451
Microsoft ODBC Driver Remote Code Execution Vulnerability
CVE-2024-26159
Microsoft ODBC Driver Remote Code Execution Vulnerability
CVE-2024-26160
Windows Cloud Files Mini Filter Driver Information Disclosure Vulnerability
CVE-2024-26161
Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
CVE-2024-26162
Microsoft ODBC Driver Remote Code Execution Vulnerability
CVE-2024-26166
Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
CVE-2024-26169
Windows Error Reporting Service Elevation of Privilege Vulnerability
CVE-2024-26170
Windows Composite Image File System (CimFS) Elevation of Privilege Vulnerability
CVE-2024-26173
Windows Kernel Elevation of Privilege Vulnerability
CVE-2024-26174
Windows Kernel Information Disclosure Vulnerability
CVE-2024-26176
Windows Kernel Elevation of Privilege Vulnerability
CVE-2024-26177
Windows Kernel Information Disclosure Vulnerability
CVE-2024-26178
Windows Kernel Elevation of Privilege Vulnerability
CVE-2024-26181
Windows Kernel Denial of Service Vulnerability
CVE-2024-26182
Windows Kernel Elevation of Privilege Vulnerability
CVE-2024-26185
Windows Compressed Folder Tampering Vulnerability
CVE-2024-26190
Microsoft QUIC Denial of Service Vulnerability
CVE-2024-26197
Windows Standards-Based Storage Management Service Denial of Service Vulnerability

Azure (4 CVEs)

Important severity
CVE-2024-21330
Open Management Infrastructure (OMI) Elevation of Privilege Vulnerability
CVE-2024-21400
Microsoft Azure Kubernetes Service Confidential Container Elevation of Privilege Vulnerability
CVE-2024-21421
Azure SDK Spoofing Vulnerability
CVE-2024-26203
Azure Data Studio Elevation of Privilege Vulnerability

Visual Studio (3 CVEs)

Important severity
CVE-2024-21392
.NET and Visual Studio Denial of Service Vulnerability
CVE-2024-26165
Visual Studio Code Elevation of Privilege Vulnerability
CVE-2024-26190
Microsoft QUIC Denial of Service Vulnerability

.NET (2 CVEs)

Important severity
CVE-2024-21392
.NET and Visual Studio Denial of Service Vulnerability
CVE-2024-26190
Microsoft QUIC Denial of Service Vulnerability

OMI (2 CVEs)

Important severity
CVE-2024-21330
Open Management Infrastructure (OMI) Elevation of Privilege Vulnerability
CVE-2024-21334
Open Management Infrastructure (OMI) Remote Code Execution Vulnerability

SCOM (2 CVEs)

Important severity
CVE-2024-21330
Open Management Infrastructure (OMI) Elevation of Privilege Vulnerability
CVE-2024-21334
Open Management Infrastructure (OMI) Remote Code Execution Vulnerability

Authenticator (1 CVE)

Important severity
CVE-2024-21390
Microsoft Authenticator Elevation of Privilege Vulnerability

Defender (1 CVE)

Important severity
CVE-2024-20671
Microsoft Defender Security Feature Bypass Vulnerability

Dynamics 365 (1 CVE)

Important severity
CVE-2024-21419
Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability

Exchange (1 CVE)

Important severity
CVE-2024-26198
Microsoft Exchange Server Remote Code Execution Vulnerability

Intune (1 CVE)

Important severity
CVE-2024-26201
Microsoft Intune Linux Agent Elevation of Privilege Vulnerability

Law Analytics Agent (1 CVE)

Important severity
CVE-2024-21330
Open Management Infrastructure (OMI) Elevation of Privilege Vulnerability

Office (1 CVE)

Important severity
CVE-2024-26199
Microsoft Office Elevation of Privilege Vulnerability

OMS (1 CVE)

Important severity
CVE-2024-21330
Open Management Infrastructure (OMI) Elevation of Privilege Vulnerability

Outlook (1 CVE)

Important severity
CVE-2024-26204
Outlook for Android Information Disclosure Vulnerability

SharePoint (1 CVE)

Important severity
CVE-2024-21426
Microsoft SharePoint Server Remote Code Execution Vulnerability

Skype (1 CVE)

Important severity
CVE-2024-21411
Skype for Consumer Remote Code Execution Vulnerability

SONiC (1 CVE)

Important severity
CVE-2024-21418
Software for Open Networking in the Cloud (SONiC) Elevation of Privilege Vulnerability

SQL (1 CVE)

Important severity
CVE-2024-26164
Microsoft Django Backend for SQL Server Remote Code Execution Vulnerability

Teams for Android (1 CVE)

Important severity
CVE-2024-21448
Microsoft Teams for Android Information Disclosure

Appendix D: Advisories and Other Products

This is a list of advisories and information on other relevant CVEs in the March Microsoft release, sorted by product.

Relevant to Edge / Chromium (4 CVEs)

CVE-2024-2173
Chromium: CVE-2024-2173 Out of bounds memory access in V8
CVE-2024-2174
Chromium: CVE-2024-2174 Inappropriate implementation in V8
CVE-2024-2176
Chromium: CVE-2024-2176 Use after free in FedCM
CVE-2024-26167
Microsoft Edge for Android Spoofing Vulnerability

Relevant to Windows (non-Microsoft release) (one CVE)

CVE-2023-28746
Intel: CVE-2023-28746 Register File Data Sampling (RFDS)

Latest Posts

Getting started is easy

    1totaltech-footer-logo
    Facebook-f Twitter Linkedin-in Youtube

    Store

    Company

    Support

    Newsletter

      Copyright © 2024 Total Tech | Sitemap
      sophos-global-partner-program-badge-firewall-white
      sophos-global-partner-program-platinum-inverted

      Designed By Aleada Media Group