Microsoft’s March 2024 Patch Tuesday Addresses 59 CVEs (CVE-2024-21407)
2024-3-13 02:3:18 Author: www.tenable.com(查看原文) 阅读量:53 收藏

Tenable Security Response Team

Patch Tuesday

  1. 2Critical
  2. 57Important
  3. 0Moderate
  4. 0Low

Microsoft addresses 59 CVEs in its March 2024 Patch Tuesday release with no zero-day or publicly disclosed vulnerabilities.

Microsoft patched 59 CVEs in its March 2024 Patch Tuesday release, with 2 rated critical and 57 rated as important.

This month’s update includes patches for:

  • .NET
  • Azure Data Studio
  • Azure SDK
  • Microsoft Authenticator
  • Microsoft Azure Kubernetes Service
  • Microsoft Dynamics
  • Microsoft Edge for Android
  • Microsoft Exchange Server
  • Microsoft Graphics Component
  • Microsoft Intune
  • Microsoft Office
  • Microsoft Office SharePoint
  • Microsoft QUIC
  • Microsoft Teams for Android
  • Microsoft WDAC ODBC Driver
  • Microsoft WDAC OLE DB provider for SQL
  • Microsoft Windows SCSI Class System File
  • Open Management Infrastructure
  • Outlook for Android
  • Role: Windows Hyper-V
  • Skype for Consumer
  • Software for Open Networking in the Cloud (SONiC)
  • SQL Server
  • Visual Studio Code
  • Windows AllJoyn API
  • Windows Cloud Files Mini Filter Driver
  • Windows Composite Image File System
  • Windows Compressed Folder
  • Windows Defender
  • Windows Error Reporting
  • Windows Hypervisor-Protected Code Integrity
  • Windows Installer
  • Windows Kerberos
  • Windows Kernel
  • Windows NTFS
  • Windows ODBC Driver
  • Windows OLE
  • Windows Print Spooler Components
  • Windows Standards-Based Storage Management Service
  • Windows Telephony Server
  • Windows Update Stack
  • Windows USB Hub Driver
  • Windows USB Print Driver
  • Windows USB Serial Driver

Elevation of privilege (EoP) vulnerabilities accounted for 40.7% of the vulnerabilities patched this month, followed by Remote code execution (RCE) at 30.5%.

CVE-2024-21334 | Open Management Infrastructure (OMI) Remote Code Execution Vulnerability

CVE-2024-21334 is a RCE affecting the open-source Open Management Infrastructure (OMI) management server. It was assigned a CVSSv3 score of 9.8 and is rated important. To exploit this vulnerability, a remote unauthenticated attacker could use a specially crafted request to trigger a use-after-free vulnerability. In addition, OMI received another patch this month, CVE-2024-21330 to address an EoP vulnerability.

In 2022, Microsoft patched two EoP flaws in OMI (CVE-2022-33640 and CVE-2022-29149), as well as an information disclosure vulnerability (CVE-2023-36043) in November 2023. This RCE is a first for OMI and despite the critical CVSS score, Microsoft rates this vulnerability as “Exploitation Less Likely” according to the Microsoft Exploitability Index.

CVE-2024-21407 | Windows Hyper-V Remote Code Execution Vulnerability

CVE-2024-21407 is a RCE vulnerability in Windows Hyper-V. This vulnerability was assigned a CVSSv3 score of 8.1 and is rated critical. Successful exploitation of this vulnerability requires that an attacker be authenticated and gather information about the target environment in order to craft their exploit. While the attack complexity is high, exploitation could result in code execution on the host server.

Including this month, nine RCE vulnerabilities affecting Windows Hyper-V have been disclosed since 2022, with seven of them rated as Critical. While these flaws generally are more difficult to exploit, successfully breaking out of a VM and executing code on the host is a significant risk and these flaws should be remediated quickly to avoid any potential misuse.

CVE-2024-21433 | Windows Print Spooler Elevation of Privilege Vulnerability

CVE-2024-21433 is an EoP vulnerability in Windows Print Spooler. This vulnerability is rated as ”Exploitation More Likely,” and was assigned a CVSSv3 score of 7.0. Exploitation of this vulnerability would require an attacker to win a race condition which could grant the attacker SYSTEM privileges.

Over the last few years, we’ve seen a sharp decline in the number of Print Spooler related vulnerabilities patched as part of Patch Tuesday since the disclosure of CVE-2021-34527, the original PrintNightmare vulnerability and the torrent of Print Spooler vulnerabilities that followed. In 2023, there were only four Print Spooler related bugs patched, including CVE-2023-35325, an information disclosure vulnerability in Print Spooler disclosed in July 2023, as well as three Print Spooler EoP vulnerabilities disclosed in January 2023. In 2022, there were 35 Print Spooler related vulnerabilities patched as part of Patch Tuesday, with the biggest concentration of disclosures occurring in April 2022, with 15 Print Spooler vulnerabilities patched.

CVE-2024-21443, CVE-2024-26173, CVE-2024-26176, CVE-2024-26178 and CVE-2024-26182 | Windows Kernel Elevation of Privilege Vulnerability

CVE-2024-21443, CVE-2024-26173, CVE-2024-26176, CVE-2024-26178 and CVE-2024-26182 are EoP vulnerabilities affecting the Windows Kernel. These vulnerabilities are all rated as important, and each was assigned a CVSSv3 score of 7.8 with the exception of CVE-2024-21443 which was scored as 7.3. CVE-2024-26182 was the only Windows Kernel EoP rated as “Exploitation More Likely.” Successful exploitation of these vulnerabilities could lead to an attacker gaining SYSTEM privileges.

CVE-2024-21441, CVE-2024-21444, CVE-2024-21450, CVE-2024-26161 and CVE-2024-26166 | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability

CVE-2024-21441, CVE-2024-21444, CVE-2024-21450, CVE-2024-26161 and CVE-2024-26166 are RCE vulnerabilities affecting the Microsoft WDAC OLE DB provider for SQL Server. These vulnerabilities are rated as important, and were assigned CVSSV3 scores of 8.8. Successful exploitation requires an authenticated user to be enticed to connect to a malicious SQL database. Once a connection is made, specially crafted replies can be sent to the client in order to exploit the vulnerability and allow the execution of arbitrary code.

Tenable Solutions

A list of all the plugins released for Tenable’s March 2024 Patch Tuesday update can be found here. As always, we recommend patching systems as soon as possible and regularly scanning your environment to identify those systems yet to be patched.

For more specific guidance on best practices for vulnerability assessments, please refer to our blog post on How to Perform Efficient Vulnerability Assessments with Tenable.

Get more information

Join Tenable's Security Response Team on the Tenable Community.

Learn more about https://www.tenable.com/products/tenable-one">Tenable One, the Exposure Management Platform for the modern attack surface.

Tenable Security Response Team

Tenable Security Response Team

The Tenable Security Response Team (SRT) tracks threat and vulnerability intelligence feeds to ensure our research teams can deliver sensor coverage to our products as quickly as possible. The SRT also works to analyze and assess technical details and writes white papers, blogs and additional communications to ensure stakeholders are fully informed of the latest risks and threats. The SRT provides breakdowns for the latest vulnerabilities on the Tenable blog.

Related Articles

  • Exposure Management

Cybersecurity News You Can Use

Enter your email and never miss timely alerts and security guidance from the experts at Tenable.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose Your Subscription Option:

Thank You

Thank you for your interest in Tenable Vulnerability Management. A representative will be in touch soon.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose Your Subscription Option:

Thank You

Thank you for your interest in Tenable.io. A representative will be in touch soon.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose Your Subscription Option:

Thank You

Thank you for your interest in Tenable Vulnerability Management. A representative will be in touch soon.

Try Tenable Web App Scanning

Enjoy full access to our latest web application scanning offering designed for modern applications as part of the Tenable One Exposure Management platform. Safely scan your entire online portfolio for vulnerabilities with a high degree of accuracy without heavy manual effort or disruption to critical web applications. Sign up now.

Your Tenable Web App Scanning trial also includes Tenable Vulnerability Management and Tenable Lumin.

Buy Tenable Web App Scanning

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

Try Tenable Lumin

Visualize and explore your exposure management, track risk reduction over time and benchmark against your peers with Tenable Lumin.

Your Tenable Lumin trial also includes Tenable Vulnerability Management and Tenable Web App Scanning.

Buy Tenable Lumin

Contact a Sales Representative to see how Tenable Lumin can help you gain insight across your entire organization and manage cyber risk.

Thank You

Thank you for your interest in Tenable Lumin. A representative will be in touch soon.

Request a demo of Tenable Security Center

Please fill out this form with your contact information.

A sales representative will contact you shortly to schedule a demo.

* Field is required

Request a demo of Tenable OT Security

Get the Operational Technology Security You Need.

Reduce the Risk You Don’t.

Request a demo of Tenable Identity Exposure

Continuously detect and respond to Active Directory attacks. No agents. No privileges.

On-prem and in the cloud.

Request a Demo of Tenable Cloud Security

Exceptional unified cloud security awaits you!

We’ll show you exactly how Tenable Cloud Security helps you deliver multi-cloud asset discovery, prioritized risk assessments and automated compliance/audit reports.

See
Tenable One
In Action

Exposure management for the modern attack surface.

See Tenable Attack Surface Management In Action

Know the exposure of every asset on any platform.

Thank You

Thank you for your interest in Tenable Attack Surface Management. A representative will be in touch soon.

Try Tenable Nessus Professional Free

FREE FOR 7 DAYS

Tenable Nessus is the most comprehensive vulnerability scanner on the market today.

NEW - Tenable Nessus Expert
Now Available

Nessus Expert adds even more features, including external attack surface scanning, and the ability to add domains and scan cloud infrastructure. Click here to Try Nessus Expert.

Fill out the form below to continue with a Nessus Pro Trial.

Buy Tenable Nessus Professional

Tenable Nessus is the most comprehensive vulnerability scanner on the market today. Tenable Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy a multi-year license and save. Add Advanced Support for access to phone, community and chat support 24 hours a day, 365 days a year.

Try Tenable Nessus Expert Free

FREE FOR 7 DAYS

Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.

Already have Tenable Nessus Professional?
Upgrade to Nessus Expert free for 7 days.

Buy Tenable Nessus Expert

Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.

Learn How Tenable Helps Achieve SLCGP Cybersecurity Plan Requirements

Tenable solutions help fulfill all SLCGP requirements. Connect with a Tenable representative to learn more.


文章来源: https://www.tenable.com/blog/microsofts-march-2024-patch-tuesday-addresses-59-cves-cve-2024-21407
如有侵权请联系:admin#unsafe.sh