March 2024 Microsoft Patch Tuesday: Critical Vulnerabilities Addressed and Noteworthy Flaws Revealed

Yesterday, Tuesday March 12th, marks Microsoft’s regular Patch Tuesday for March 2024, featuring the rollout of security updates addressing a total of 60 vulnerabilities. Notably, among these are eighteen remote code execution flaws, demanding immediate attention.

Of these, only two critical vulnerabilities are being addressed this Patch Tuesday: one concerning Hyper-V remote code execution and another related to denial of service flaws.

Here’s a breakdown of the vulnerabilities by category:

- 24 Elevation of Privilege Vulnerabilities
- 3 Security Feature Bypass Vulnerabilities
- 18 Remote Code Execution Vulnerabilities
- 6 Information Disclosure Vulnerabilities
- 6 Denial of Service Vulnerabilities
- 2 Spoofing Vulnerabilities

It’s important to note that the total count of 60 flaws excludes the four Microsoft Edge flaws already addressed on March 7th.

Additionally, Microsoft has confirmed that there are no zero-day vulnerabilities disclosed as part of today’s Patch Tuesday updates.

For those interested in non-security updates released today, detailed information can be found in dedicated articles covering the new Windows 11 KB5035853 update and the Windows 10 KB5035845 update.

Of particular interest this month are several noteworthy flaws:

- CVE-2024–21400: Microsoft Azure Kubernetes Service Confidential Container Elevation of Privilege Vulnerability. This vulnerability in Azure Kubernetes Service could potentially allow attackers to gain elevated privileges and steal credentials.
- CVE-2024–26199: Microsoft Office Elevation of Privilege Vulnerability. Microsoft has addressed a vulnerability within Office that permitted any authenticated user to acquire SYSTEM privileges.
- CVE-2024–20671: Microsoft Defender Security Feature Bypass Vulnerability. A vulnerability within Microsoft Defender could be exploited by authenticated attackers to prevent Microsoft Defender from initiating. This issue will be resolved through Windows Defender Antimalware Platform updates.
- CVE-2024–21411: Skype for Consumer Remote Code Execution Vulnerability. Microsoft has tackled a remote code execution vulnerability in Skype for Consumer, which could be activated through a malicious link or image sent via Instant Message.

These vulnerabilities were discovered by various security researchers, including Yuval Avrahami, Iván Almuiña, Manuel Feifel, Hector Peralta, and Nicole Armua in collaboration with Trend Micro Zero Day Initiative.

You can see the full report of these vulnerabilities here.

Happy Hunting!

— j1nx