Microsoft has released corrections for 60 vulnerabilities as part of a monthly safety renewal known as Patch Tuesday. Among these, 18 vulnerabilities stand out. Special attention was given to fixing two critical errors related to remote code execution and denial of service in Hyper-V.
The breakdown of corrected vulnerabilities in each category is as follows:
- 24 vulnerabilities for privilege escalation;
- 3 vulnerabilities for security system bypass;
- 18 vulnerabilities for remote code execution;
- 6 vulnerabilities for information disclosure;
- 6 vulnerabilities for denial of service;
- 2 vulnerabilities for data exfiltration.
It is important to note that zero-day vulnerabilities were not reported this time by the company. Additionally, the correction did not address 4 vulnerabilities in Microsoft Edge, which were already fixed on March 7th.
However, some vulnerabilities stand out from the list, including:
- CVE-2024-21400: Vulnerability in Azure Kubernetes Service that allows attackers to escalate privileges and steal accounting data.
- CVE-2024-26199: Vulnerability in Microsoft Office that enables any authenticated user to gain System privileges.
- CVE-2024-20671: Vulnerability in Microsoft Defender that bypasses security features and prevents Defender from running.
- CVE-2024-21411: Vulnerability in Skype for Consumer that allows for remote code execution via a malicious link or image.
In addition to Microsoft, other major manufacturers released fixes for vulnerabilities in March 2024, including Anycubic, Apple, Cisco, Fortinet, Google, Intel, Qnap, SAP, and VMware, addressing issues from zero-day to critical.
For a comprehensive list of eliminated vulnerabilities and their descriptions, visit