- 79/2024
- Critical
Microsoft has released its monthly patch of security updates, known as Patch Tuesday.
Microsoft has fixed (60) vulnerabilities, with (2) classified as critical as they could allow the attacker to gain elevated privileges, perform remote code execution, and gain access to the affected products.
March’s Patch Tuesday was released to fix security flaws in several Microsoft products such as Microsoft Authenticator, Microsoft Azure Kubernetes Service, Microsoft Django Backend for SQL Server, Microsoft Dynamics, Microsoft Exchange Server, Microsoft Graphics Component, Microsoft WDAC ODBC Driver, Microsoft WDAC OLE DB provider for SQL, Microsoft Windows SCSI Class System File, Windows Hyper-V, Windows Composite Image File System, Windows Compressed Folder, .NET, Windows Defender, Windows Hypervisor-Protected Code Integrity, Windows Kernel, Windows NTFS, Microsoft Office, and Microsoft Office SharePoint.
Sample of the addressed vulnerabilities:
1. Microsoft Open Management Infrastructure (OMI) Remote Code Execution (CVE-2024-21334):
- CVSS: 9.8
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Consequences: Gain Access
2. Microsoft Visual Studio Code Elevation of Privilege (CVE-2024-26165):
- CVSS: 8.8
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Consequences: Gain Privileges
Vulnerabilities
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.