Fortra VM will include the Microsoft Patch Tuesday checks in the NIRV 4.38.0 and FVM Agent 2.5 releases.
- Microsoft addressed 60 vulnerabilities in this release, including 2 rated as Critical and 18 Remote Code Execution vulnerabilities.
CVE/Advisory | Title | Tag | Microsoft Severity Rating | Base Score | Microsoft Impact | Exploited | Publicly Disclosed |
CVE-2024-20671 | Microsoft Defender Security Feature Bypass Vulnerability | Windows Defender | Important | 5.5 | Security Feature Bypass | No | No |
CVE-2024-21392 | .NET and Visual Studio Denial of Service Vulnerability | .NET | Important | 7.5 | Denial of Service | No | No |
CVE-2024-21411 | Skype for Consumer Remote Code Execution Vulnerability | Skype for Consumer | Important | 8.8 | Remote Code Execution | No | No |
CVE-2024-21418 | Software for Open Networking in the Cloud (SONiC) Elevation of Privilege Vulnerability | Software for Open Networking in the Cloud (SONiC) | Important | 7.8 | Elevation of Privilege | No | No |
CVE-2024-21421 | Azure SDK Spoofing Vulnerability | Azure SDK | Important | 7.5 | Spoofing | No | No |
CVE-2024-21426 | Microsoft SharePoint Server Remote Code Execution Vulnerability | Microsoft Office SharePoint | Important | 7.8 | Remote Code Execution | No | No |
CVE-2024-21429 | Windows USB Hub Driver Remote Code Execution Vulnerability | Windows USB Hub Driver | Important | 6.8 | Remote Code Execution | No | No |
CVE-2024-21430 | Windows USB Attached SCSI (UAS) Protocol Remote Code Execution Vulnerability | Windows USB Serial Driver | Important | 5.7 | Remote Code Execution | No | No |
CVE-2024-21438 | Microsoft AllJoyn API Denial of Service Vulnerability | Windows AllJoyn API | Important | 7.5 | Denial of Service | No | No |
CVE-2024-21439 | Windows Telephony Server Elevation of Privilege Vulnerability | Windows Telephony Server | Important | 7 | Elevation of Privilege | No | No |
CVE-2024-21441 | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | Microsoft WDAC OLE DB provider for SQL | Important | 8.8 | Remote Code Execution | No | No |
CVE-2024-21442 | Windows USB Print Driver Elevation of Privilege Vulnerability | Windows USB Print Driver | Important | 7.8 | Elevation of Privilege | No | No |
CVE-2024-21443 | Windows Kernel Elevation of Privilege Vulnerability | Windows Kernel | Important | 7.3 | Elevation of Privilege | No | No |
CVE-2024-21444 | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | Microsoft WDAC OLE DB provider for SQL | Important | 8.8 | Remote Code Execution | No | No |
CVE-2024-21445 | Windows USB Print Driver Elevation of Privilege Vulnerability | Windows USB Print Driver | Important | 7 | Elevation of Privilege | No | No |
CVE-2024-21446 | NTFS Elevation of Privilege Vulnerability | Windows NTFS | Important | 7.8 | Elevation of Privilege | No | No |
CVE-2024-21450 | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | Microsoft WDAC OLE DB provider for SQL | Important | 8.8 | Remote Code Execution | No | No |
CVE-2024-21451 | Microsoft ODBC Driver Remote Code Execution Vulnerability | Microsoft WDAC ODBC Driver | Important | 8.8 | Remote Code Execution | No | No |
CVE-2024-26197 | Windows Standards-Based Storage Management Service Denial of Service Vulnerability | Windows Standards-Based Storage Management Service | Important | 6.5 | Denial of Service | No | No |
CVE-2024-26159 | Microsoft ODBC Driver Remote Code Execution Vulnerability | Windows ODBC Driver | Important | 8.8 | Remote Code Execution | No | No |
CVE-2024-26190 | Microsoft QUIC Denial of Service Vulnerability | Microsoft QUIC | Important | 7.5 | Denial of Service | No | No |
CVE-2024-26198 | Microsoft Exchange Server Remote Code Execution Vulnerability | Microsoft Exchange Server | Important | 8.8 | Remote Code Execution | No | No |
CVE-2024-26199 | Microsoft Office Elevation of Privilege Vulnerability | Microsoft Office | Important | 7.8 | Elevation of Privilege | No | No |
CVE-2024-26201 | Microsoft Intune Linux Agent Elevation of Privilege Vulnerability | Microsoft Intune | Important | 6.6 | Elevation of Privilege | No | No |
CVE-2024-26203 | Azure Data Studio Elevation of Privilege Vulnerability | Azure Data Studio | Important | 7.3 | Elevation of Privilege | No | No |
CVE-2024-26161 | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | Microsoft WDAC OLE DB provider for SQL | Important | 8.8 | Remote Code Execution | No | No |
CVE-2024-26164 | Microsoft Django Backend for SQL Server Remote Code Execution Vulnerability | Microsoft Django Backend for SQL Server | Important | 8.8 | Remote Code Execution | No | No |
CVE-2024-21330 | Open Management Infrastructure (OMI) Elevation of Privilege Vulnerability | Open Management Infrastructure | Important | 7.8 | Elevation of Privilege | No | No |
CVE-2024-21334 | Open Management Infrastructure (OMI) Remote Code Execution Vulnerability | Open Management Infrastructure | Important | 9.8 | Remote Code Execution | No | No |
CVE-2024-21390 | Microsoft Authenticator Elevation of Privilege Vulnerability | Microsoft Authenticator | Important | 7.1 | Elevation of Privilege | No | No |
CVE-2024-21400 | Microsoft Azure Kubernetes Service Confidential Container Elevation of Privilege Vulnerability | Microsoft Azure Kubernetes Service | Important | 9 | Elevation of Privilege | No | No |
CVE-2024-21407 | Windows Hyper-V Remote Code Execution Vulnerability | Role: Windows Hyper-V | Critical | 8.1 | Remote Code Execution | No | No |
CVE-2024-21408 | Windows Hyper-V Denial of Service Vulnerability | Role: Windows Hyper-V | Critical | 5.5 | Denial of Service | No | No |
CVE-2024-21419 | Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | Microsoft Dynamics | Important | 7.6 | Spoofing | No | No |
CVE-2024-21427 | Windows Kerberos Security Feature Bypass Vulnerability | Windows Kerberos | Important | 7.5 | Security Feature Bypass | No | No |
CVE-2024-21431 | Hypervisor-Protected Code Integrity (HVCI) Security Feature Bypass Vulnerability | Windows Hypervisor-Protected Code Integrity | Important | 7.8 | Security Feature Bypass | No | No |
CVE-2024-21432 | Windows Update Stack Elevation of Privilege Vulnerability | Windows Update Stack | Important | 7 | Elevation of Privilege | No | No |
CVE-2024-21433 | Windows Print Spooler Elevation of Privilege Vulnerability | Windows Print Spooler Components | Important | 7 | Elevation of Privilege | No | No |
CVE-2024-21434 | Microsoft Windows SCSI Class System File Elevation of Privilege Vulnerability | Microsoft Windows SCSI Class System File | Important | 7.8 | Elevation of Privilege | No | No |
CVE-2024-21435 | Windows OLE Remote Code Execution Vulnerability | Windows OLE | Important | 8.8 | Remote Code Execution | No | No |
CVE-2024-21436 | Windows Installer Elevation of Privilege Vulnerability | Windows Installer | Important | 7.8 | Elevation of Privilege | No | No |
CVE-2024-21437 | Windows Graphics Component Elevation of Privilege Vulnerability | Microsoft Graphics Component | Important | 7.8 | Elevation of Privilege | No | No |
CVE-2024-21440 | Microsoft ODBC Driver Remote Code Execution Vulnerability | Windows ODBC Driver | Important | 8.8 | Remote Code Execution | No | No |
CVE-2024-21448 | Microsoft Teams for Android Information Disclosure Vulnerability | Microsoft Teams for Android | Important | 5 | Information Disclosure | No | No |
CVE-2024-26160 | Windows Cloud Files Mini Filter Driver Information Disclosure Vulnerability | Windows Cloud Files Mini Filter Driver | Important | 5.5 | Information Disclosure | No | No |
CVE-2024-26162 | Microsoft ODBC Driver Remote Code Execution Vulnerability | Windows ODBC Driver | Important | 8.8 | Remote Code Execution | No | No |
CVE-2024-26166 | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | Microsoft WDAC OLE DB provider for SQL | Important | 8.8 | Remote Code Execution | No | No |
CVE-2024-26169 | Windows Error Reporting Service Elevation of Privilege Vulnerability | Windows Error Reporting | Important | 7.8 | Elevation of Privilege | No | No |
CVE-2024-26170 | Windows Composite Image File System (CimFS) Elevation of Privilege Vulnerability | Windows Composite Image File System | Important | 7.8 | Elevation of Privilege | No | No |
CVE-2024-26173 | Windows Kernel Elevation of Privilege Vulnerability | Windows Kernel | Important | 7.8 | Elevation of Privilege | No | No |
CVE-2024-26174 | Windows Kernel Information Disclosure Vulnerability | Windows Kernel | Important | 5.5 | Information Disclosure | No | No |
CVE-2024-26176 | Windows Kernel Elevation of Privilege Vulnerability | Windows Kernel | Important | 7.8 | Elevation of Privilege | No | No |
CVE-2024-26177 | Windows Kernel Information Disclosure Vulnerability | Windows Kernel | Important | 5.5 | Information Disclosure | No | No |
CVE-2024-26178 | Windows Kernel Elevation of Privilege Vulnerability | Windows Kernel | Important | 7.8 | Elevation of Privilege | No | No |
CVE-2024-26181 | Windows Kernel Denial of Service Vulnerability | Windows Kernel | Important | 5.5 | Denial of Service | No | No |
CVE-2024-26182 | Windows Kernel Elevation of Privilege Vulnerability | Windows Kernel | Important | 7.8 | Elevation of Privilege | No | No |
CVE-2024-26185 | Windows Compressed Folder Tampering Vulnerability | Windows Compressed Folder | Important | 6.5 | Tampering | No | No |
CVE-2023-28746 | Intel: CVE-2023-28746 Register File Data Sampling (RFDS) | Intel | Important | N/A | Information Disclosure | No | No |
CVE-2024-26204 | Outlook for Android Information Disclosure Vulnerability | Outlook for Android | Important | 7.5 | Information Disclosure | No | No |
CVE-2024-26165 | Visual Studio Code Elevation of Privilege Vulnerability | Visual Studio Code | Important | 8.8 | Elevation of Privilege | No | No |
Quickly Find and Fix Your Most At-Risk Weaknesses
Watch this demo to see how Frontline VM can help.
The post Patch Tuesday Update – March 2024 appeared first on Digital Defense.
*** This is a Security Bloggers Network syndicated blog from Digital Defense authored by Digital Defense by Fortra. Read the original post at: https://www.digitaldefense.com/vulnerability-research/patch-tuesday-update-march-2024/