March 2024 Patch Tuesday: Microsoft fixes critical bugs in Windows Hyper-V

Last month several days after Patch Tuesday, the company updated two advisories to say that those particular vulnerabilities were being exploited in the wild.
One of the two - CVE-2024-21338, an elevation of privilege vulnerability affecting the Windows Kernel - had been reported to Microsoft by Avast researchers, who later shared that it had been leveraged by North Korean hackers for months before the patch was released.
Microsoft obviously knew that when they first published the associated advisory, but only confirmed in-the-wild exploitation after Avast went public with the information.
Time will tell if Microsoft will repeat the trick this month.
In the meantime, admins must begin prioritizing patches based on the information that's currently available.
Two critical Windows Hyper-V vulnerabilities have been fixed, one allowing remote code execution via a so-called guest-to-host escape, and the other denial of service.
Dustin Childs, head of threat awareness at Trend Micro's Zero Day Initiative, singled out CVE-2024-26198, an unauthenticated RCE flaw affecting Microsoft Exchange Server, as important.
The patch is delivered via cumulative updates for Microsoft Exchange Server 2016 and 2019.
CVE-2024-21400, an elevation of privilege vulnerability affecting Azure Kubernetes Service Confidential Containers, may allow unauthenticated attackers to steal credentials and manipulate resources not intended to be accessible.
He also singled out CVE-2024-21390, an elevation of privilege flaw in Microsoft Authenticator, as interesting - though to exploit it, an attacker must already have an established presence on the mobile device (either via malware or a malicious app.


This Cyber News was published on www.helpnetsecurity.com. Publication date: Tue, 12 Mar 2024 20:13:05 +0000


Cyber News related to March 2024 Patch Tuesday: Microsoft fixes critical bugs in Windows Hyper-V

Microsoft March 2024 Patch Tuesday fixes 60 flaws, 18 RCE bugs - Today is Microsoft's March 2024 Patch Tuesday, and security updates have been released for 60 vulnerabilities, including eighteen remote code execution flaws. This Patch Tuesday fixes only two critical vulnerabilities: Hyper-V remote code execution ...
7 months ago Bleepingcomputer.com
Patch Now: Critical Windows Kerberos Bug Bypasses Microsoft Security - Microsoft eased enterprise security teams into 2024 with a relatively light January security update consisting of patches for 48 unique CVEs, just two of which the company identified as being of critical severity. For the second straight month, ...
9 months ago Darkreading.com
Microsoft May 2024 Patch Tuesday fixes 3 zero-days, 61 flaws - Today is Microsoft's May 2024 Patch Tuesday, which includes security updates for 61 flaws and three actively exploited or publicly disclosed zero days. The total count of 61 flaws does not include 2 Microsoft Edge flaws fixed on May 2nd and four ...
5 months ago Bleepingcomputer.com
March Patch Tuesday fixes Hyper-V guest-host escape The Register - Patch Tuesday Microsoft's monthly patch drop has arrived, delivering a mere 61 CVE-tagged vulnerabilities - none listed as under active attack or already known to the public. The second critical vulnerability, CVE-2024-21408, is a denial of service ...
7 months ago Go.theregister.com
Microsoft Patch Tuesday March 2024 includes critical Hyper-V flaws - The March 2024 Patch Tuesday update includes patches for 61 Microsoft vulnerabilities. Only two of the vulnerabilities are rated critical and both of these are found in Windows Hyper-V. Hyper-V is a hardware virtualization product that allows you to ...
7 months ago Malwarebytes.com
Microsoft December 2023 Patch Tuesday fixes 34 flaws, 1 zero-day - Today is Microsoft's December 2023 Patch Tuesday, which includes security updates for a total of 34 flaws and one previously disclosed, unpatched vulnerability in AMD CPUs. While eight remote code execution bugs were fixed, Microsoft only rated three ...
10 months ago Bleepingcomputer.com
Microsoft Discloses Critical Hyper-V Flaws in Low-Volume Patch Update - Both affect the Windows Hyper-V virtualization technology: CVE-2024-21407, a remote code execution bug; and CVE-2024-21408, which is a denial-of-service vulnerability. The update includes fixes for a total of 18 RCE flaws and two dozen ...
7 months ago Darkreading.com
Windows 10 Extended Security Updates Promised for Small Businesses and Home Users - Already common for enterprises, for the first time, individuals will also get the option to pay for extended security updates for a Windows operating system that's out of support. Windows 10 will stop getting free updates, including security fixes, ...
11 months ago Techrepublic.com
Vulnerability Summary for the Week of March 11, 2024 - Published 2024-03-15 CVSS Score not yet calculated Source & Patch Info CVE-2021-47111416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67 PrimaryVendor - Product linux - linux Description In the ...
7 months ago Cisa.gov
Windows 10 KB5035845 update released with 9 new changes, fixes - Microsoft has released the KB5035845 cumulative update for Windows 10 21H2 and Windows 10 22H2, which includes nine new changes and fixes. After installing this mandatory Windows 10 cumulative update, the March 2024 Patch Tuesday security updates ...
7 months ago Bleepingcomputer.com
January Patch Tuesday: New year, more Windows bugs The Register - Patch Tuesday Microsoft rang in the New Year with a relatively calm Patch Tuesday: Just 49 Windows security updates including fixes for two critical-rated bugs, plus four high-severity Chrome flaws in Microsoft Edge. None of the January CVEs are ...
9 months ago Go.theregister.com
January 2024 Patch Tuesday forecast: A Focus on Printing - This article aims to provide a quick summary of some of the latest trends, announcements, and changes associated with IT patch operations while looking at the upcoming Patch Tuesday and what software updates to expect. December 2023 Patch Tuesday ...
10 months ago Helpnetsecurity.com
Russia's Midnight Blizzard stole email of more Microsoft customers - Microsoft Patch Tuesday security updates for May 2024 fixes 2 actively exploited zero-days. Microsoft fixed two zero-day bugs exploited in malware attacks. CISA adds Microsoft SharePoint bug disclosed at Pwn2Own to its Known Exploited Vulnerabilities ...
4 months ago Securityaffairs.com
Windows 10 KB5037849 update released with 9 changes or fixes - Microsoft has released the optional KB5037849 Preview cumulative update for Windows 10 22H2 with nine fixes or changes. This release is primarily a maintenance release, fixing numerous bugs causing crashes or network connection issues. Microsoft ...
5 months ago Bleepingcomputer.com
Microsoft Incident Response lessons on preventing cloud identity compromise - Microsoft Incident Response is often engaged in cases where organizations have lost control of their Microsoft Entra ID tenant, due to a combination of misconfiguration, administrative oversight, exclusions to security policies, or insufficient ...
11 months ago Microsoft.com
March 2024 Patch Tuesday: Microsoft fixes critical bugs in Windows Hyper-V - Last month several days after Patch Tuesday, the company updated two advisories to say that those particular vulnerabilities were being exploited in the wild. One of the two - CVE-2024-21338, an elevation of privilege vulnerability affecting the ...
7 months ago Helpnetsecurity.com
Microsoft Has Yet to Patch 7 Pwn2Own Zero-Days - Seven different Windows privilege escalation vulnerabilities have not yet been addressed by Microsoft, two months after they were revealed at Pwn2Own 2024 in Vancouver. This week's Patch Tuesday brought with it five dozen security fixes, including ...
5 months ago Darkreading.com
Microsoft Gives Admins a Reprieve With Lighter-Than-Usual Patch Update - In what's sure to be a refreshing break for IT and security teams, Microsoft's monthly security update for December 2023 contained fewer vulnerabilities for them to address than in recent months. The update included fixes for a total of 36 ...
10 months ago Darkreading.com
Windows 11 KB5037853 update fixes File Explorer issues, 20 bugs - Microsoft has released the May 2024 non-security preview update for Windows 11 versions 22H2 and 23H2, which includes 32 fixes and changes. Among this cumulative update's highlights, Microsoft mentions fixing an issue causing the Windows File ...
5 months ago Bleepingcomputer.com
Vulnerability Summary for the Week of March 4, 2024 - Published 2024-03-06 CVSS Score not yet calculated Source & Patch Info CVE-2023-52584416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67 PrimaryVendor - ...
7 months ago Cisa.gov
Windows 10 KB5032278 update adds Copilot AI assistant, fixes 13 bugs - Microsoft has started rolling out its Copilot AI assistant to Windows 10 with the KB5032278 November 2023 non-security preview update for systems running Windows 10, version 22H2. Two weeks ago, the company introduced Copilot to Windows 10 Insiders ...
11 months ago Bleepingcomputer.com
Microsoft Ships Urgent Fixes for Critical Flaws in Windows Kerberos, Hyper-V - Microsoft hit the ground running with the first Patch Tuesday release for 2024, rolling out security fixes for at least 49 security defects in a wide range of Windows OS and software components. The company called special attention to a pair of flaws ...
9 months ago Securityweek.com
Microsoft Patch Tuesday: Critical Spoofing and Remote Code Execution Flaws - Microsoft on Tuesday rolled out fixes for several critical security flaws in the Windows ecosystem and warned that hackers could target these issues to take complete control of unpatched machines. As part of its regular Patch Tuesday releases, ...
10 months ago Securityweek.com
Attackers Exploit Microsoft Security-Bypass Zero-Day Bugs - Microsoft's scheduled Patch Tuesday security update for February includes fixes for two zero-day security vulnerabilities under active attack, plus 71 other flaws across a wide range of its products. In all, five of the vulnerabilities for which ...
8 months ago Darkreading.com
Microsoft Fixes 12 RCE Bugs in January Patch Tuesday - Microsoft has begun the year with patches for a near-half century of CVEs, although there were no zero-day bugs addressed in the January 2024 Patch Tuesday yesterday. The haul included fixes for just two critical CVEs: impacting the Windows Kerberos ...
9 months ago Infosecurity-magazine.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)