Microsoft Discloses Critical Hyper-V Flaws in Low-Volume Patch Update

Both affect the Windows Hyper-V virtualization technology: CVE-2024-21407, a remote code execution bug; and CVE-2024-21408, which is a denial-of-service vulnerability.
The update includes fixes for a total of 18 RCE flaws and two dozen elevation-of-privilege vulnerabilities, some of which allow threat actors to gain administrative control of affected systems.
Critical RCE, DoS Hyper-V Vulnerabilities The RCE bug in Hyper-V gives attackers a way to take complete control of affected systems and potentially compromise virtual machines housed on the Hyper-V server, says Sarah Jones, cyber threat intelligence research analyst at Critical Start.
The DoS vulnerability allows an adversary to crash the Hyper-V service, rendering it unusable.
A Flurry of Microsoft Privilege-Escalation Bugs Microsoft identified six of the vulnerabilities it disclosed this week as flaws that threat actors are more likely to exploit in future.
Most of these were elevation-of-privilege vulnerabilities.
Satnam Narang, senior staff researcher at Tenable, described the privilege-escalation flaws as likely to be of more interest in a post-exploit scenario to advanced persistent threat actors, rather than for ransomware groups and other financially motivated actors.
In an emailed comment, Ben McCarthy, lead cybersecurity engineer at Immersive Labs, pointed to the Windows Kernel elevation of privilege vulnerability as something an attacker would be able to exploit only if they already gained access to an affected system.
The bug would allow an attacker to gain complete system-level privileges.
Saeed Abbasi, manager of vulnerability research at Qualys' threat research unit, identifies the bug as one that should be high on the patch priority list because of that score.
While Microsoft considers exploitation less likely, the simplicity of the attack vector - a use-after-free bug - against a critical component suggests that the threat level should not be underestimated, he cautions.
In the past, bugs such as the OMIGOD set of OMI vulnerabilities in 2021 have been of high interest to attackers.
He also pointed to an elevation-of-privilege bug in Microsoft Authenticator as something that administrators should pay attention to.
Overall, for administrators used to dealing with large Microsoft patch volumes, the past three months have been something of a break from the usual.
This is the second straight month that Microsoft has not disclosed a zero-day bug in its monthly security update.
In the first quarter of the year, Microsoft has issued patches for a total of 181 CVEs, which is substantially lower than its first-quarter average of 237 patches in each of the previous four years, Tenable's Narang noted.


This Cyber News was published on www.darkreading.com. Publication date: Tue, 12 Mar 2024 22:10:18 +0000


Cyber News related to Microsoft Discloses Critical Hyper-V Flaws in Low-Volume Patch Update

Microsoft Discloses Critical Hyper-V Flaws in Low-Volume Patch Update - Both affect the Windows Hyper-V virtualization technology: CVE-2024-21407, a remote code execution bug; and CVE-2024-21408, which is a denial-of-service vulnerability. The update includes fixes for a total of 18 RCE flaws and two dozen ...
8 months ago Darkreading.com
Microsoft Patch Tuesday March 2024 includes critical Hyper-V flaws - The March 2024 Patch Tuesday update includes patches for 61 Microsoft vulnerabilities. Only two of the vulnerabilities are rated critical and both of these are found in Windows Hyper-V. Hyper-V is a hardware virtualization product that allows you to ...
8 months ago Malwarebytes.com
Microsoft Incident Response lessons on preventing cloud identity compromise - Microsoft Incident Response is often engaged in cases where organizations have lost control of their Microsoft Entra ID tenant, due to a combination of misconfiguration, administrative oversight, exclusions to security policies, or insufficient ...
11 months ago Microsoft.com
Microsoft December 2023 Patch Tuesday fixes 34 flaws, 1 zero-day - Today is Microsoft's December 2023 Patch Tuesday, which includes security updates for a total of 34 flaws and one previously disclosed, unpatched vulnerability in AMD CPUs. While eight remote code execution bugs were fixed, Microsoft only rated three ...
11 months ago Bleepingcomputer.com
Microsoft March 2024 Patch Tuesday fixes 60 flaws, 18 RCE bugs - Today is Microsoft's March 2024 Patch Tuesday, and security updates have been released for 60 vulnerabilities, including eighteen remote code execution flaws. This Patch Tuesday fixes only two critical vulnerabilities: Hyper-V remote code execution ...
8 months ago Bleepingcomputer.com
Discovering SSRF Flaws in Microsoft Azure Services - Microsoft Azure is an incredibly popular cloud computing platform and its services are used around the world. Recently, security researchers uncovered several Server-Side Request Forgery (SSRF) flaws in many of Microsoft Azure’s services. This type ...
1 year ago Securityaffairs.com
Patch Now: Critical Windows Kerberos Bug Bypasses Microsoft Security - Microsoft eased enterprise security teams into 2024 with a relatively light January security update consisting of patches for 48 unique CVEs, just two of which the company identified as being of critical severity. For the second straight month, ...
10 months ago Darkreading.com
Microsoft May 2024 Patch Tuesday fixes 3 zero-days, 61 flaws - Today is Microsoft's May 2024 Patch Tuesday, which includes security updates for 61 flaws and three actively exploited or publicly disclosed zero days. The total count of 61 flaws does not include 2 Microsoft Edge flaws fixed on May 2nd and four ...
6 months ago Bleepingcomputer.com
CVE-2009-3874 - Integer overflow in the JPEGImageReader implementation in the ImageI/O component in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to execute arbitrary ...
6 years ago
Attackers Exploit Microsoft Security-Bypass Zero-Day Bugs - Microsoft's scheduled Patch Tuesday security update for February includes fixes for two zero-day security vulnerabilities under active attack, plus 71 other flaws across a wide range of its products. In all, five of the vulnerabilities for which ...
9 months ago Darkreading.com
How Patch Management Software Solves the Update Problem - I've never met an IT leader who doesn't know how important patch management is. At Heimdal, we believe patch management software provides the solution to this problem. Patch management software is a technology that allows businesses to automate the ...
4 months ago Heimdalsecurity.com
How to Download the Windows 11 KB5022360 Preview Update with 15 Improvements? - Are you looking to download the Windows 11 KB5022360 Preview update with 15 improvements? Microsoft has recently released the preview of the Windows 11 KB5022360 update that contains several improvements and fixes, including nine security updates, to ...
1 year ago Bleepingcomputer.com
Key software patch testing best practices - To ensure a predictable rollout when a patch is deployed across your network, it is important to test it first in a nonproduction environment. Companies install software and firmware patches to fix bugs, remove vulnerabilities and add new features, ...
7 months ago Techtarget.com
CVE-2022-39294 - conduit-hyper integrates a conduit application with the hyper server. Prior to version 0.4.2, `conduit-hyper` did not check any limit on a request's length before calling ...
1 year ago
March Patch Tuesday fixes Hyper-V guest-host escape The Register - Patch Tuesday Microsoft's monthly patch drop has arrived, delivering a mere 61 CVE-tagged vulnerabilities - none listed as under active attack or already known to the public. The second critical vulnerability, CVE-2024-21408, is a denial of service ...
8 months ago Go.theregister.com
Microsoft Outlook Zero-Click Security Flaws Triggered by Sound File - Researchers this week disclosed details on two security vulnerabilities in Microsoft Outlook that, when chained together, give attackers a way to execute arbitrary code on affected systems without any user interaction. Unusually, both of them can be ...
11 months ago Darkreading.com
Sav-Rx data breach impacted over 2.8 million individuals - Microsoft Patch Tuesday security updates for May 2024 fixes 2 actively exploited zero-days. Nation-state actors exploited two zero-days in ASA and FTD firewalls to breach government networks. Microsoft fixed two zero-day bugs exploited in malware ...
5 months ago Securityaffairs.com
Windows 10 KB5037768 update released with new features and 20 fixes - Microsoft has released the KB5037768 cumulative update for Windows 10 21H2 and Windows 10 22H2 with twenty changes, including account notifications in the Start Menu and Widgets on the lock screen. KB5037768 is a mandatory Windows 10 cumulative ...
6 months ago Bleepingcomputer.com
Microsoft: Multiple Perforce Server Flaws Allow for Network Takeover - Microsoft has identified four vulnerabilities in the Perforce source-code management platform, the most critical of which gives attackers access to a highly privileged Windows OS account to potentially take over the system via remote code execution ...
11 months ago Darkreading.com
Microsoft Patch Tuesday: Critical Spoofing and Remote Code Execution Flaws - Microsoft on Tuesday rolled out fixes for several critical security flaws in the Windows ecosystem and warned that hackers could target these issues to take complete control of unpatched machines. As part of its regular Patch Tuesday releases, ...
11 months ago Securityweek.com
Windows 11 KB5035853 update released, here's what's new - Microsoft has released the KB5035853 cumulative update for Windows 11 23H3 and 22H2, with 21 fixes and changes, including fixing a bug causing 0x800F0922 errors when installing updates. This update is mandatory as it contains the Microsoft March 2024 ...
8 months ago Bleepingcomputer.com
Russia's Midnight Blizzard stole email of more Microsoft customers - Microsoft Patch Tuesday security updates for May 2024 fixes 2 actively exploited zero-days. Microsoft fixed two zero-day bugs exploited in malware attacks. CISA adds Microsoft SharePoint bug disclosed at Pwn2Own to its Known Exploited Vulnerabilities ...
4 months ago Securityaffairs.com
New MOVEit Transfer critical bug is actively exploited - MUST READ. New MOVEit Transfer critical bug is actively exploited. CISA adds Microsoft SharePoint bug disclosed at Pwn2Own to its Known Exploited Vulnerabilities catalog. Critical Fortinet's FortiClient EMS flaw actively exploited in the wild. PoC ...
4 months ago Securityaffairs.com
Over 1,450 pfSense servers exposed to RCE attacks via bug chain - Roughly 1,450 pfSense instances exposed online are vulnerable to command injection and cross-site scripting flaws that, if chained, could enable attackers to perform remote code execution on the appliance. PfSense is a popular open-source firewall ...
11 months ago Bleepingcomputer.com
Microsoft January 2024 Patch Tuesday fixes 49 flaws, 12 RCE bugs - Today is Microsoft's January 2024 Patch Tuesday, which includes security updates for a total of 49 flaws and 12 remote code execution vulnerabilities. The total count of 49 flaws does not include 4 Microsoft Edge flaws fixed on January 5th. To learn ...
10 months ago Bleepingcomputer.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)