Learn

Microsoft’s March 2024 Patch Tuesday Update

March 13, 2024
Microsoft’s March 2024 Patch Tuesday Update

This month’s Patch Tuesday has been released with security updates for 60 vulnerabilities, including 18 remote code execution flaws. This update focuses on just two critical vulnerabilities: Hyper-V remote code execution and denial of service flaws.

Below are the counts of bugs in each vulnerability category:

• 24 Elevation of Privilege Vulnerabilities

• 3 Security Feature Bypass Vulnerabilities

• 18 Remote Code Execution Vulnerabilities

• 6 Information Disclosure Vulnerabilities

• 6 Denial of Service Vulnerabilities

• 2 Spoofing Vulnerabilities

The total tally of 60 flaws excludes the 4 Microsoft Edge flaws resolved on March 7th. There were no zero-day disclosures in this month’s Patch Tuesday update.

Highlighted Vulnerabilities

While this month's Patch Tuesday doesn't address any zero-day vulnerabilities, it does include several noteworthy flaws, detailed below:

CVE-2024-21400 - Microsoft Azure Kubernetes Service Confidential Container Elevation of Privilege Vulnerability

Microsoft has addressed a vulnerability in Azure Kubernetes Service that could potentially enable attackers to elevate privileges and pilfer credentials.

"A successful exploitation of this vulnerability could lead to the theft of credentials and impact resources beyond the security confines managed by Azure Kubernetes Service Confidential Containers (AKSCC)," says a Microsoft security advisory.

CVE-2024-26199 - Microsoft Office Privilege Elevation Vulnerability

Microsoft has addressed a vulnerability in Microsoft Office that could enable any authenticated user to attain SYSTEM privileges.

"Any authenticated user could exploit this vulnerability without requiring admin or elevated privileges," Microsoft clarifies.

CVE-2024-20671 - Microsoft Defender Security Feature Bypass Vulnerability

Microsoft has patched a vulnerability in Microsoft Defender that could be exploited by an authenticated attacker.

However, this issue will be rectified by automatic updates to the Windows Defender Antimalware Platform, which are deployed to Windows devices.

This vulnerability has been resolved in version 4.18.24010.12 of the Antimalware Platform.

CVE-2024-21411 - Skype for Consumer Remote Code Execution Vulnerability

Microsoft has addressed a remote code execution vulnerability in Skype for Consumer, which could be triggered by a malicious link or image.

The full report

For a detailed list and descriptions of each vulnerability and the systems they impact, you can refer to the complete report available here.

All Posts

Let's talk

We’re here to help! Submit your information or call the office on +44 (0)1243 670 854 and a member of our team would be happy to help.

Who are Cybaverse?
How can we support your business?
Why work with us?
Langstone Technology Park,
Langstone Road, Havant,
Hampshire, PO9 1SA

Cirencester Growth Hub,
The Alliston Centre, Stroud Road,
Gloucestershire, GL7 6JR
+44 (0)1243 670 854
sales@cybaverse.co.uk
LinkedIn
Consulting Services
Managed Services
Security Operations Center (SOC) Services
Managed Awareness Training
Managed Compliance
Managed Penetration Testing
Managed Detection & Response
MSSP 360
Company
© YYYY Cybaverse LTD. All rights reserved.
Registered in England with Company Number 11537535.
By clicking “Accept”, you agree to the storing of cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts. View our Privacy Policy for more information.
Deny
Accept