Microsoft’s latest Patch Tuesday update addressed a total of 60 vulnerabilities, including critical bugs affecting Windows Hyper-V [2] [5].

Description

Among these vulnerabilities [3] [5], CVE-2024-21407 and CVE-2024-21408 allow attackers to escape from a Hyper-V guest VM and execute remote code on the host [2], as well as cause denial of service, respectively. CVE-2024-21407 enables remote-code execution with a CVSS score of 8.1 [4], requiring the attacker to be authenticated on a guest VM to attempt remote-code execution on the host [4]. On the other hand, CVE-2024-21408 is a denial-of-service vulnerability with a CVSS rating of 5.5 [4], not requiring user interaction and only needing basic privileges to disrupt the system [4], potentially causing a crash [4]. Admins are advised to upgrade Windows systems running the hypervisor to mitigate these risks [3]. Additionally, CVE-2024-21433 impacts the Windows Print Spooler service [2], allowing attackers to elevate privileges [2]. Among the vulnerabilities patched [3], CVE-2024-20671 could disable Microsoft Defender [2], but automatic updates have been released to address this issue [2]. Another critical vulnerability [4] [7], CVE-2024-26185 [1] [2] [3] [4] [5] [6] [7], involves a compressed folder tampering vulnerability affecting the 7zip software and is more likely to be exploited in the next 30 days, requiring minimal user interaction [6], potentially through email or the web [6]. It is important to note that the patch for this vulnerability is only applicable to Win11 22H2 and Win11 23H2 [6]. Microsoft also identified several elevation-of-privilege vulnerabilities likely to be exploited [7], including CVE-2024-26170 [7], CVE-2024-26182 [1] [2] [3] [4] [5] [6] [7], and CVE-2024-21437 [3] [7].

Conclusion

These vulnerabilities pose significant risks to Windows systems and require immediate attention from administrators to ensure system security. Upgrading Windows systems running the hypervisor [3], applying automatic updates [2], and monitoring for potential exploitation of vulnerabilities are crucial steps to mitigate these risks. Looking ahead, it is important for organizations to stay vigilant and proactive in addressing security vulnerabilities to prevent potential cyber attacks.

References

[1] https://duo.com/decipher/microsoft-fixes-critical-windows-hyper-v-flaws
[2] https://www.infosecurity-magazine.com/news/rce-bug-60-cves-patch-tuesday/
[3] https://www.helpnetsecurity.com/2024/03/12/march-2024-patch-tuesday/
[4] https://www.techtarget.com/searchWindowsServer/news/366573352/March-Patch-Tuesday-fixes-critical-Hyper-V-vulnerabilities
[5] https://blog.talosintelligence.com/microsoft-patch-tuesday-march-2024/
[6] https://news.sophos.com/en-us/2024/03/12/59-cves-primed-for-microsofts-march-patch-tuesday/
[7] https://www.darkreading.com/vulnerabilities-threats/microsoft-discloses-two-critical-hyper-v-flaws-low-volume-patch-update