March 2024 brings a fresh focus on cybersecurity as Microsoft rolls out its latest set of patches, addressing 61 vulnerabilities in the Microsoft Patch Tuesday 2024 update.
This regular security update from Microsoft aims to fortify the security of its systems against potential threats and attacks. Notably, this month’s Patch Tuesday does not reveal any zero-day vulnerabilities. However, it includes fixes for several critical issues that could potentially be exploited by cyber attackers if left unaddressed.
Among the vulnerabilities patched are those impacting various Microsoft products, including Windows, Azure, Skype for Consumer, Microsoft Defender, and Microsoft Office.
Microsoft Patch Tuesday 2024 Update: The Most Critical Vulnerabilities
| Tag | CVE | Base Score |
| Windows Defender | CVE-2024-20671 | 5.5 |
| Open Management Infrastructure | CVE-2024-21330 | 7.8 |
| Open Management Infrastructure | CVE-2024-21334 | 9.8 |
| Microsoft Authenticator | CVE-2024-21390 | 7.1 |
| .NET | CVE-2024-21392 | 7.5 |
| Microsoft Azure Kubernetes Service | CVE-2024-21400 | 9 |
| Role: Windows Hyper-V | CVE-2024-21407 | 8.1 |
| Role: Windows Hyper-V | CVE-2024-21408 | 5.5 |
| Skype for Consumer | CVE-2024-21411 | 8.8 |
| Software for Open Networking in the Cloud (SONiC) | CVE-2024-21418 | 7.8 |
| Microsoft Dynamics | CVE-2024-21419 | 7.6 |
| Azure SDK | CVE-2024-21421 | 7.5 |
| Microsoft Office SharePoint | CVE-2024-21426 | 7.8 |
| Windows Kerberos | CVE-2024-21427 | 7.5 |
| Windows USB Hub Driver | CVE-2024-21429 | 6.8 |
| Windows USB Serial Driver | CVE-2024-21430 | 5.7 |
| Windows Hypervisor-Protected Code Integrity | CVE-2024-21431 | 7.8 |
| Windows Update Stack | CVE-2024-21432 | 7 |
| Windows Print Spooler Components | CVE-2024-21433 | 7 |
| Microsoft Windows SCSI Class System File | CVE-2024-21434 | 7.8 |
| Windows OLE | CVE-2024-21435 | 8.8 |
| Windows Installer | CVE-2024-21436 | 7.8 |
| Microsoft Graphics Component | CVE-2024-21437 | 7.8 |
| Windows AllJoyn API | CVE-2024-21438 | 7.5 |
| Windows Telephony Server | CVE-2024-21439 | 7 |
| Windows ODBC Driver | CVE-2024-21440 | 8.8 |
| Microsoft WDAC OLE DB provider for SQL | CVE-2024-21441 | 8.8 |
| Windows USB Print Driver | CVE-2024-21442 | 7.8 |
| Windows Kernel | CVE-2024-21443 | 7.3 |
| Microsoft WDAC OLE DB provider for SQL | CVE-2024-21444 | 8.8 |
| Windows USB Print Driver | CVE-2024-21445 | 7 |
| Windows NTFS | CVE-2024-21446 | 7.8 |
| Microsoft Teams for Android | CVE-2024-21448 | 5 |
| Microsoft WDAC OLE DB provider for SQL | CVE-2024-21450 | 8.8 |
| Microsoft WDAC ODBC Driver | CVE-2024-21451 | 8.8 |
| Windows ODBC Driver | CVE-2024-26159 | 8.8 |
| Windows Cloud Files Mini Filter Driver | CVE-2024-26160 | 5.5 |
| Microsoft WDAC OLE DB provider for SQL | CVE-2024-26161 | 8.8 |
| Windows ODBC Driver | CVE-2024-26162 | 8.8 |
| SQL Server | CVE-2024-26164 | 8.8 |
| Visual Studio Code | CVE-2024-26165 | 8.8 |
| Microsoft WDAC OLE DB provider for SQL | CVE-2024-26166 | 8.8 |
| Microsoft Edge for Android | CVE-2024-26167 | 4.3 |
| Windows Error Reporting | CVE-2024-26169 | 7.8 |
| Windows Composite Image File System | CVE-2024-26170 | 7.8 |
| Windows Kernel | CVE-2024-26173 | 7.8 |
| Windows Kernel | CVE-2024-26174 | 5.5 |
| Windows Kernel | CVE-2024-26176 | 7.8 |
| Windows Kernel | CVE-2024-26177 | 5.5 |
| Windows Kernel | CVE-2024-26178 | 7.8 |
| Windows Kernel | CVE-2024-26181 | 5.5 |
| Windows Kernel | CVE-2024-26182 | 7.8 |
| Windows Compressed Folder | CVE-2024-26185 | 6.5 |
| Microsoft QUIC | CVE-2024-26190 | 7.5 |
| Windows Standards-Based Storage Management Service | CVE-2024-26197 | 6.5 |
| Microsoft Exchange Server | CVE-2024-26198 | 8.8 |
| Microsoft Office | CVE-2024-26199 | 7.8 |
| Microsoft Intune | CVE-2024-26201 | 6.6 |
| Azure Data Studio | CVE-2024-26203 | 7.3 |
| Outlook for Android | CVE-2024-26204 | 7.5 |
One of the most critical vulnerabilities addressed in this Microsoft Patch Tuesday 2024 update is a remote code execution (RCE) flaw in Windows, which could enable a virtual machine to escape from a Hyper-V guest.
This particular vulnerability, labeled as CVE-2024-21407, presents a high level of complexity for attackers, requiring them to gather specific information about the environment and execute a series of preparatory steps. Once exploited, attackers could gain unauthorized access to the Hyper-V host, posing a significant risk to system integrity.
Another noteworthy fix is for Skype for Consumer, addressing a remote code execution vulnerability (CVE-2024-21411) that could be triggered through malicious links or images sent via Instant Message. This flaw, discovered by Hector Peralta and Nicole Armua in collaboration with Trend Micro Zero Day Initiative, highlights the importance of staying up to date against social engineering tactics employed by cybercriminals.
Furthermore, Microsoft has patched vulnerabilities affecting its Azure Kubernetes Service (CVE-2024-21400), Microsoft Defender (CVE-2024-20671), and Microsoft Office (CVE-2024-26199), among others. These fixes aim to mitigate various risks, including elevation of privilege, security feature bypass, and confidential container compromise.
APT Groups Exploiting Microsoft Vulnerabilities
In a conversation with TCE, Satnam Narang, Senior Staff Research Engineer, Tenable, shared his take on the Microsoft Patch Tuesday 2024 update, noting, “Of the 60 CVEs patched…only six are considered more likely to be exploited.” He highlighted elevation of privilege vulnerabilities such as CVE-2024-26182 and CVE-2024-26170, often exploited by advanced persistent threat (APT) groups for espionage.
Narang explained that while some vulnerabilities require social engineering, like CVE-2024-21426 in Microsoft SharePoint Server, they still pose a threat if attackers can manipulate users. Notably, CVE-2024-21390, an elevation of privilege flaw in Microsoft Authenticator, allows attackers with device access to bypass multi-factor authentication, emphasizing the importance of device security.
Narang also observed a decrease in CVEs patched in 2024 compared to previous years, suggesting a shift in cybersecurity trends, stating, “The first quarter of Patch Tuesday in 2024 has been quieter compared to the last four years.
Security Updates for Other Microsoft Products
| CNA | Tag | CVE |
| Intel Corporation | Intel | CVE-2023-28746 |
| Chrome | Microsoft Edge (Chromium-based) | CVE-2024-2173 |
| Chrome | Microsoft Edge (Chromium-based) | CVE-2024-2174 |
| Chrome | Microsoft Edge (Chromium-based) | CVE-2024-2176 |
Additionally, Microsoft has addressed vulnerabilities in Windows 11, SharePoint, and the Windows Print Spooler service, targeting issues such as compressed folder tampering and elevation to SYSTEM privileges. These fixes are crucial for maintaining the overall security posture of Windows-based systems and preventing potential exploitation by malicious actors.
While no prior public disclosure or exploitation in the wild has been reported for the vulnerabilities patched in this update, it’s essential for users and administrators to promptly apply the patches to mitigate any potential risks.
Windows updates ensure device security and productivity, catering to both IT administrators and general users. These monthly updates, released on “Patch Tuesday,” consolidate security and non-security fixes to maintain device integrity.
Through channels like Windows Update and Microsoft Intune, users receive mandatory security updates. Additionally, optional non-security preview releases, available a week before security updates, offer advanced features. Out-of-band releases address critical issues promptly.
With Windows 11, continuous innovation arrives through phased rollouts, allowing users to control feature releases. Microsoft optimizes update processes for reliability, ensuring a seamless user experience while prioritizing device security and performance.
Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.
