For the second month in 2024, there are no actively exploited vulnerabilities included in this month's security update from Microsoft.
Still, both critical vulnerabilities addressed this month are notable because they affect Windows Hyper-V, potentially allowing an adversary to target a host machine from a virtual machine environment.
CVE-2024-21408 is a denial-of-service vulnerability in Windows Hyper-V that could allow an adversary to target a host machine from inside a VM. However, Microsoft did not provide any additional details on how this denial-of-service could occur, and despite being listed as critical, it only scored a 5.5 out of 10 in the CVSS severity scoring system.
The other critical issue is CVE-2024-21407, a remote code execution also in Hyper-V. An attacker inside a VM environment could remotely execute code on the host machine by sending specially crafted file operation requests to hardware resources on the VM. However, the adversary would need to be authenticated inside the VM first and acquire certain, specific information about the environment to be gathered before a successful attack.
Another remote code execution vulnerability - of which there are 19 in Tuesday's release, CVE-2024-21334, exists in Open Management Infrastructure.
A remote, unauthenticated attacker could exploit this vulnerability by accessing the OMI instance from the internet and sending specially crafted requests to trigger a use-after-free vulnerability.
A complete list of all the other vulnerabilities Microsoft disclosed this month is available on its update page.
In response to these vulnerability disclosures, Talos is releasing a new Snort rule set that detects attempts to exploit some of them.
Please note that additional rules may be released at a future date and current rules are subject to change pending additional information.
Cisco Security Firewall customers should use the latest update to their ruleset by updating their SRU. Open-source Snort Subscriber Rule Set customers can stay up to date by downloading the latest rule pack available for purchase on Snort.org.
The rules included in this release that protect against the exploitation of many of these vulnerabilities are 63140, 63141, 63142, 63144, 63145, 63152, 63153, 63155, 63156, 63161, 63162 and 63169 - 63170.
This Cyber News was published on blog.talosintelligence.com. Publication date: Tue, 12 Mar 2024 18:43:05 +0000