It’s the second Tuesday of the month and Microsoft has released patches for multiple products. In this edition of patch Tuesday, Microsoft has addressed 59 CVEs.
This month’s patches are relatively low in severity. Out of 59, 2 are rated as Critical and 57 as important by Microsoft. No Zero-days were reported. However, elevation of privilege and remote code execution covered majority of the vulnerabilities.
Notable Vulnerabilities
CVE-2024-21407 – A Critical remote code execution vulnerability in Windows Hyper-v. It has a CVSS score of 8.1.
CVE-2024-21334 – Critical. Open Management Infrastructure (OMI) Remote Code Execution Vulnerability. It has a CVSS score of 9.8
CVE-2024-21400 – Elevation of privilege vulnerability in Azure Kubernetes Service. It has CVSS score of 9.1
CVE-2024-26198 – Unauthenticated RCE Flaw in Microsoft Exchange with CVSS score of 8.8
CVE – 2024-26182 – Windows Kernel Elevation of Privilege Vulnerability with CVSS score of 7.8
CVE-2024-26170 – Elevation of Privilege vulnerability in Windows Composite Image File System with CVSS score of 7.8
CVE-2024-21433 – Elevation of Privilege vulnerability in Windows Print Spooler with CVSS score of 7.0
Here is the list of CVEs addressed in this month:
| CVE | Title | Exploited? | Publicly disclosed? | CVSSv3 base score |
| CVE-2024-21435 | Windows OLE Remote Code Execution Vulnerability | No | No | 8.8 |
| CVE-2024-21442 | Windows USB Print Driver Elevation of Privilege Vulnerability | No | No | 7.8 |
| CVE-2024-26182 | Windows Kernel Elevation of Privilege Vulnerability | No | No | 7.8 |
| CVE-2024-26170 | Windows Composite Image File System (CimFS) Elevation of Privilege Vulnerability | No | No | 7.8 |
| CVE-2024-21434 | Microsoft Windows SCSI Class System File Elevation of Privilege Vulnerability | No | No | 7.8 |
| CVE-2024-21431 | Hypervisor-Protected Code Integrity (HVCI) Security Feature Bypass Vulnerability | No | No | 7.8 |
| CVE-2024-21438 | Microsoft AllJoyn API Denial of Service Vulnerability | No | No | 7.5 |
| CVE-2024-21443 | Windows Kernel Elevation of Privilege Vulnerability | No | No | 7.3 |
| CVE-2024-21445 | Windows USB Print Driver Elevation of Privilege Vulnerability | No | No | 7 |
| CVE-2024-26185 | Windows Compressed Folder Tampering Vulnerability | No | No | 6.5 |
| CVE-2024-21408 | Windows Hyper-V Denial of Service Vulnerability | No | No | 5.5 |
| CVE-2024-26160 | Windows Cloud Files Mini Filter Driver Information Disclosure Vulnerability | No | No | 5.5 |
| CVE-2024-20671 | Microsoft Defender Security Feature Bypass Vulnerability | No | No | 5.5 |
| CVE-2024-26164 | Microsoft Django Backend for SQL Server Remote Code Execution Vulnerability | No | No | 8.8 |
| CVE-2024-21426 | Microsoft SharePoint Server Remote Code Execution Vulnerability | No | No | 7.8 |
| CVE-2024-26199 | Microsoft Office Elevation of Privilege Vulnerability | No | No | 7.8 |
| CVE-2024-21448 | Microsoft Teams for Android Information Disclosure Vulnerability | No | No | 5 |
| CVE-2024-21419 | Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | No | No | 7.6 |
| CVE-2024-26198 | Microsoft Exchange Server Remote Code Execution Vulnerability | No | No | 8.8 |
| CVE-2024-21441 | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | No | No | 8.8 |
| CVE-2024-21444 | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | No | No | 8.8 |
| CVE-2024-21450 | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | No | No | 8.8 |
| CVE-2024-26161 | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | No | No | 8.8 |
| CVE-2024-26166 | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | No | No | 8.8 |
| CVE-2024-21451 | Microsoft ODBC Driver Remote Code Execution Vulnerability | No | No | 8.8 |
| CVE-2024-26159 | Microsoft ODBC Driver Remote Code Execution Vulnerability | No | No | 8.8 |
| CVE-2024-21440 | Microsoft ODBC Driver Remote Code Execution Vulnerability | No | No | 8.8 |
| CVE-2024-26162 | Microsoft ODBC Driver Remote Code Execution Vulnerability | No | No | 8.8 |
| CVE-2024-21407 | Windows Hyper-V Remote Code Execution Vulnerability | No | No | 8.1 |
| CVE-2024-26173 | Windows Kernel Elevation of Privilege Vulnerability | No | No | 7.8 |
| CVE-2024-26176 | Windows Kernel Elevation of Privilege Vulnerability | No | No | 7.8 |
| CVE-2024-26178 | Windows Kernel Elevation of Privilege Vulnerability | No | No | 7.8 |
| CVE-2024-21436 | Windows Installer Elevation of Privilege Vulnerability | No | No | 7.8 |
| CVE-2024-21437 | Windows Graphics Component Elevation of Privilege Vulnerability | No | No | 7.8 |
| CVE-2024-26169 | Windows Error Reporting Service Elevation of Privilege Vulnerability | No | No | 7.8 |
| CVE-2024-21446 | NTFS Elevation of Privilege Vulnerability | No | No | 7.8 |
| CVE-2024-21427 | Windows Kerberos Security Feature Bypass Vulnerability | No | No | 7.5 |
| CVE-2024-21432 | Windows Update Stack Elevation of Privilege Vulnerability | No | No | 7 |
| CVE-2024-21439 | Windows Telephony Server Elevation of Privilege Vulnerability | No | No | 7 |
| CVE-2024-21433 | Windows Print Spooler Elevation of Privilege Vulnerability | No | No | 7 |
| CVE-2024-21429 | Windows USB Hub Driver Remote Code Execution Vulnerability | No | No | 6.8 |
| CVE-2024-26197 | Windows Standards-Based Storage Management Service Denial of Service Vulnerability | No | No | 6.5 |
| CVE-2024-21430 | Windows USB Attached SCSI (UAS) Protocol Remote Code Execution Vulnerability | No | No | 5.7 |
| CVE-2024-26174 | Windows Kernel Information Disclosure Vulnerability | No | No | 5.5 |
| CVE-2024-26177 | Windows Kernel Information Disclosure Vulnerability | No | No | 5.5 |
| CVE-2024-26181 | Windows Kernel Denial of Service Vulnerability | No | No | 5.5 |
| CVE-2023-28746 | Intel: CVE-2023-28746 Register File Data Sampling (RFDS) | No | No | N/A |
| CVE-2024-26167 | Microsoft Edge for Android Spoofing Vulnerability | No | No | 4.3 |
| CVE-2024-2176 | Chromium: CVE-2024-2176 Use after free in FedCM | No | No | N/A |
| CVE-2024-2174 | Chromium: CVE-2024-2174 Inappropriate implementation in V8 | No | No | N/A |
| CVE-2024-2173 | Chromium: CVE-2024-2173 Out of bounds memory access in V8 | No | No | N/A |
| CVE-2024-21400 | Microsoft Azure Kubernetes Service Confidential Container Elevation of Privilege Vulnerability | No | No | 9 |
| CVE-2024-21418 | Software for Open Networking in the Cloud (SONiC) Elevation of Privilege Vulnerability | No | No | 7.8 |
| CVE-2024-21421 | Azure SDK Spoofing Vulnerability | No | No | 7.5 |
| CVE-2024-26203 | Azure Data Studio Elevation of Privilege Vulnerability | No | No | 7.3 |
| CVE-2024-21334 | Open Management Infrastructure (OMI) Remote Code Execution Vulnerability | No | No | 9.8 |
| CVE-2024-21330 | Open Management Infrastructure (OMI) Elevation of Privilege Vulnerability | No | No | 7.8 |
| CVE-2024-21411 | Skype for Consumer Remote Code Execution Vulnerability | No | No | 8.8 |
| CVE-2024-26204 | Outlook for Android Information Disclosure Vulnerability | No | No | 7.5 |
| CVE-2024-21390 | Microsoft Authenticator Elevation of Privilege Vulnerability | No | No | 7.1 |
| CVE-2024-26201 | Microsoft Intune Linux Agent Elevation of Privilege Vulnerability | No | No | 6.6 |
Multiple other vendors have also released patches to fix critical vulnerabilities.
Fortinet:
FG-IR-23-328.Critical Vulnerability in FortiOS & FortiProxy. CVE-2023-42789 & CVE-2023-42789
FG-IR-24-013 –HIGH vulnerability in FortiOS & FortiProxy. Authorization bypass in SSLVPN bookmarks
CISCO:
| Cisco Security Advisory | CVE ID | Security Impact Rating | CVSS Base Score |
| Cisco IOS XR Software SSH Privilege Escalation Vulnerability | CVE-2024-20320 | High | 7.8 |
| Cisco IOS XR Software for ASR 9000 Series Aggregation Services Routers PPPoE Denial of Service Vulnerability | CVE-2024-20327 | High | 7.4 |
| Cisco IOS XR Software Layer 2 Services Denial of Service Vulnerability | CVE-2024-20318 | High | 7.4 |
| Cisco IOS XR Software iPXE Boot Signature Bypass Vulnerability | CVE-2023-20236 | Medium | 6.7 |
| Cisco IOS XR Software Authenticated CLI Secure Copy Protocol and SFTP Denial of Service Vulnerability | CVE-2024-20262 | Medium | 6.5 |
| Cisco IOS XR Software MPLS and Pseudowire Interfaces Access Control List Bypass Vulnerabilities | CVE-2024-20315 CVE-2024-20322 | Medium | 5.8 |
| Cisco IOS XR Software DHCP Version 4 Server Denial of Service Vulnerability | CVE-2024-20266 | Medium | 5.3 |
| Cisco IOS XR Software SNMP Management Plane Protection ACL Bypass Vulnerability | CVE-2024-20319 | Medium | 4.3 |
Adobe:
| Vulnerable Product | Risk Level | Impacts | Notes | Details (including CVE) |
| Adobe Experience Manager | Medium Risk | Cross-site Scripting Remote Code Execution Security Restriction Bypass | APSB24-05 | |
| Adobe Premiere Pro | Medium Risk | Remote Code Execution | APSB24-12 | |
| Adobe ColdFusion | Medium Risk | Information Disclosure | APSB24-14 | |
| Adobe Bridge | Medium Risk | Remote Code Execution Information Disclosure | APSB24-15 | |
| Adobe Lightroom | Medium Risk | Remote Code Execution | APSB24-17 | |
| Adobe Animate | Medium Risk | Remote Code Execution Information Disclosure | APSB24-19 |
Reminder to Patch Administrators:
While it’s important to patch the vulnerabilities as soon as possible, it may be wise to test them before rolling out to production environment. In many occasions, the new released patches have the tendency to break a thing or two.
The following strategy has been beneficial for me:
- Setup a Pilot group of machines and deploy the patches on patch Tuesday.
- Observe the change for a week for any breaking point.
- If everything works as expected over the week, deploy patches to production.
References:
https://www.fortiguard.com/psirt
https://isc.sans.edu/diary/Microsoft+Patch+Tuesday+March+2024/30736/
https://www.rapid7.com/blog/post/2024/03/12/patch-tuesday-march-2024/