Article Details
Scrape Timestamp (UTC): 2024-03-12 17:53:29.076
Original Article Text
Click to Toggle View
Microsoft March 2024 Patch Tuesday fixes 60 flaws, 18 RCE bugs. Today is Microsoft's March 2024 Patch Tuesday, and security updates have been released for 60 vulnerabilities, including eighteen remote code execution flaws. This Patch Tuesday fixes only two critical vulnerabilities: Hyper-V remote code execution and denial of service flaws. The number of bugs in each vulnerability category is listed below The total count of 60 flaws does not include 4 Microsoft Edge flaws fixed on March 7th. Furthermore, Microsoft did not disclose any zero-days as part of today's Patch Tuesday updates. Flaws of interest This month's Patch Tuesday does not fix any zero-day vulnerabilities but does include some interesting flaws, which we have listed below. CVE-2024-26199 - Microsoft Office Elevation of Privilege Vulnerability Microsoft has fixed a Office vulnerability allowing any authenticated user to gain SYSTEM privileges. "Any authenticated user could trigger this vulnerability. It does not require admin or other elevated privileges," explains Microsoft. The flaw was discovered by Iván Almuiña from Hacking Corporation Sàrl. CVE-2024-20671 - Microsoft Defender Security Feature Bypass Vulnerability Microsoft has fixed a Microsoft Defender vulnerability that could "An authenticated attacker who successfully exploited this vulnerability could prevent Microsoft Defender from starting," explains Microsoft. However, this will be resolved by Windows Defender Antimalware Platform updates that are automatically installed on Windows devices. This flaw is fixed in version 4.18.24010.12 of the Antimalware Platform. Microsoft says that this flaw was discovered by Manuel Feifel with Infoguard (Vurex). CVE-2024-21411 - Skype for Consumer Remote Code Execution Vulnerability Microsoft has fixed a remote code execution vulnerability Skype for Consumer that can be triggered by a malicious link or image. "An attacker could exploit the vulnerability by sending the user a malicious link or a malicious image via Instant Message and then convincing the user to click the link or image," explains Microsoft. Microsoft says this flaw was discovered by Hector Peralta and Nicole Armua working with Trend Micro Zero Day Initiative. Recent updates from other companies Other vendors who released updates or advisories in March 2024 include: The March 2024 Patch Tuesday Security Updates Below is the complete list of resolved vulnerabilities in the March 2024 Patch Tuesday updates. To access the full description of each vulnerability and the systems it affects, you can view the full report here.
Daily Brief Summary
Microsoft’s March 2024 Patch Tuesday addresses 60 security issues, with updates tackling eighteen remote code execution (RCE) vulnerabilities.
Only two critical flaws were fixed: one Hyper-V RCE and a denial of service issue, signaling a focused yet significant patch rollout.
Notably absent were zero-day exploits; none were patched or disclosed in this month's update cycle.
High-profile fixes include an elevation of privilege in Microsoft Office and a security feature bypass in Microsoft Defender.
The Office vulnerability allowed authenticated users to gain SYSTEM privileges and was patched following the report from Iván Almuiña at Hacking Corporation Sàrl.
The Microsoft Defender vulnerability, which could stop the software from starting, was discovered by Manuel Feifel at Infoguard and is now fixed in Antimalware Platform version 4.18.24010.12.
A Skype for Consumer RCE flaw, which could be exploited via a malicious link or image, was another significant fix credited to researchers Hector Peralta and Nicole Armua from Trend Micro's Zero Day Initiative.
Security updates from other vendors in March 2024 are also highlighted, reflecting a broad industry response to emerging threats.