News

Microsoft March 2024 Patch Day

Microsoft issued security notices for 59 vulnerabilities. There are several vulnerabilities that are classified as critical and need to be addressed.

On March Patch Day 2024, Microsoft issued security notices for 59 vulnerabilities. There are several vulnerabilities that are classified as critical and need to be addressed. According to the Redmond company's findings, none of the gaps have been actively attacked yet.

Microsoft's CVE Entry Summary lists 63 entries for March, three of which are updates to older vulnerability reports and one about an Intel vulnerability. Products from all Microsoft divisions are affected, from Android software, operating systems and virtualization to Azure cloud software.

Critical vulnerabilities on patch day

A vulnerability in the System Center Operations Manager (SCOM) affects the Open Management Infrastructure (OMI). Attackers can access the OMI instance over the Internet without prior authentication and send specially crafted requests to exploit a use-after-free vulnerability to inject malicious code (CVE-2024-21334, CVSS 9.8, risk critical) . As a countermeasure, IT managers can deactivate the OMI ports on Linux computers that do not require network monitoring, Microsoft's developers write in the according security notice.

In Microsoft's Azure Kubernetes Service (AKS) Confidential Container, attackers can also expand their rights and access login information (CVE-2024-21400, CVSS 9.0, risk critical). The according security notice explains how IT managers can take protective measures against abuse of the vulnerability.

Deviating from the CVSS classification, Microsoft classifies two vulnerabilities in Hyper-V as critical. It is a security vulnerability that allows attackers to inject malicious code (CVE-2024-21407, CVSS 8.1, risk high) and a denial of service vulnerability (CVE-2024-21408, CVSS 5.5, risk medium).

Microsoft considers vulnerabilities in the printer spooler, the Microsoft Graphics component, the Cloud Files Mini Filter Driver, the Windows Composite Image file system, the Windows kernel and compressed folders to be very likely. IT managers should therefore not put off applying the available updates, but rather act quickly.

About Author

I am an editor at UpdateStar. I started as a support engineer, and am now specialized in writing about general software topics from a usability and performance angle among others. I telecommute from UpdateStar’s Berlin office, when I am not working remote as a digital nomad for UpdateStar.

Next Article

Previous Article