Patch Tuesday Update – March 2024
2024-3-13 04:28:46 Author: securityboulevard.com(查看原文) 阅读量:6 收藏

Fortra VM will include the Microsoft Patch Tuesday checks in the NIRV 4.38.0 and FVM Agent 2.5 releases.

  • Microsoft addressed 60 vulnerabilities in this release, including 2 rated as Critical and 18 Remote Code Execution vulnerabilities.
CVE/Advisory Title Tag Microsoft Severity Rating Base Score Microsoft Impact Exploited Publicly Disclosed
CVE-2024-20671 Microsoft Defender Security Feature Bypass Vulnerability Windows Defender Important 5.5 Security Feature Bypass No No
CVE-2024-21392 .NET and Visual Studio Denial of Service Vulnerability .NET Important 7.5 Denial of Service No No
CVE-2024-21411 Skype for Consumer Remote Code Execution Vulnerability Skype for Consumer Important 8.8 Remote Code Execution No No
CVE-2024-21418 Software for Open Networking in the Cloud (SONiC) Elevation of Privilege Vulnerability Software for Open Networking in the Cloud (SONiC) Important 7.8 Elevation of Privilege No No
CVE-2024-21421 Azure SDK Spoofing Vulnerability Azure SDK Important 7.5 Spoofing No No
CVE-2024-21426 Microsoft SharePoint Server Remote Code Execution Vulnerability Microsoft Office SharePoint Important 7.8 Remote Code Execution No No
CVE-2024-21429 Windows USB Hub Driver Remote Code Execution Vulnerability Windows USB Hub Driver Important 6.8 Remote Code Execution No No
CVE-2024-21430 Windows USB Attached SCSI (UAS) Protocol Remote Code Execution Vulnerability Windows USB Serial Driver Important 5.7 Remote Code Execution No No
CVE-2024-21438 Microsoft AllJoyn API Denial of Service Vulnerability Windows AllJoyn API Important 7.5 Denial of Service No No
CVE-2024-21439 Windows Telephony Server Elevation of Privilege Vulnerability Windows Telephony Server Important 7 Elevation of Privilege No No
CVE-2024-21441 Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability Microsoft WDAC OLE DB provider for SQL Important 8.8 Remote Code Execution No No
CVE-2024-21442 Windows USB Print Driver Elevation of Privilege Vulnerability Windows USB Print Driver Important 7.8 Elevation of Privilege No No
CVE-2024-21443 Windows Kernel Elevation of Privilege Vulnerability Windows Kernel Important 7.3 Elevation of Privilege No No
CVE-2024-21444 Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability Microsoft WDAC OLE DB provider for SQL Important 8.8 Remote Code Execution No No
CVE-2024-21445 Windows USB Print Driver Elevation of Privilege Vulnerability Windows USB Print Driver Important 7 Elevation of Privilege No No
CVE-2024-21446 NTFS Elevation of Privilege Vulnerability Windows NTFS Important 7.8 Elevation of Privilege No No
CVE-2024-21450 Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability Microsoft WDAC OLE DB provider for SQL Important 8.8 Remote Code Execution No No
CVE-2024-21451 Microsoft ODBC Driver Remote Code Execution Vulnerability Microsoft WDAC ODBC Driver Important 8.8 Remote Code Execution No No
CVE-2024-26197 Windows Standards-Based Storage Management Service Denial of Service Vulnerability Windows Standards-Based Storage Management Service Important 6.5 Denial of Service No No
CVE-2024-26159 Microsoft ODBC Driver Remote Code Execution Vulnerability Windows ODBC Driver Important 8.8 Remote Code Execution No No
CVE-2024-26190 Microsoft QUIC Denial of Service Vulnerability Microsoft QUIC Important 7.5 Denial of Service No No
CVE-2024-26198 Microsoft Exchange Server Remote Code Execution Vulnerability Microsoft Exchange Server Important 8.8 Remote Code Execution No No
CVE-2024-26199 Microsoft Office Elevation of Privilege Vulnerability Microsoft Office Important 7.8 Elevation of Privilege No No
CVE-2024-26201 Microsoft Intune Linux Agent Elevation of Privilege Vulnerability Microsoft Intune Important 6.6 Elevation of Privilege No No
CVE-2024-26203 Azure Data Studio Elevation of Privilege Vulnerability Azure Data Studio Important 7.3 Elevation of Privilege No No
CVE-2024-26161 Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability Microsoft WDAC OLE DB provider for SQL Important 8.8 Remote Code Execution No No
CVE-2024-26164 Microsoft Django Backend for SQL Server Remote Code Execution Vulnerability Microsoft Django Backend for SQL Server Important 8.8 Remote Code Execution No No
CVE-2024-21330 Open Management Infrastructure (OMI) Elevation of Privilege Vulnerability Open Management Infrastructure Important 7.8 Elevation of Privilege No No
CVE-2024-21334 Open Management Infrastructure (OMI) Remote Code Execution Vulnerability Open Management Infrastructure Important 9.8 Remote Code Execution No No
CVE-2024-21390 Microsoft Authenticator Elevation of Privilege Vulnerability Microsoft Authenticator Important 7.1 Elevation of Privilege No No
CVE-2024-21400 Microsoft Azure Kubernetes Service Confidential Container Elevation of Privilege Vulnerability Microsoft Azure Kubernetes Service Important 9 Elevation of Privilege No No
CVE-2024-21407 Windows Hyper-V Remote Code Execution Vulnerability Role: Windows Hyper-V Critical 8.1 Remote Code Execution No No
CVE-2024-21408 Windows Hyper-V Denial of Service Vulnerability Role: Windows Hyper-V Critical 5.5 Denial of Service No No
CVE-2024-21419 Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability Microsoft Dynamics Important 7.6 Spoofing No No
CVE-2024-21427 Windows Kerberos Security Feature Bypass Vulnerability Windows Kerberos Important 7.5 Security Feature Bypass No No
CVE-2024-21431 Hypervisor-Protected Code Integrity (HVCI) Security Feature Bypass Vulnerability Windows Hypervisor-Protected Code Integrity Important 7.8 Security Feature Bypass No No
CVE-2024-21432 Windows Update Stack Elevation of Privilege Vulnerability Windows Update Stack Important 7 Elevation of Privilege No No
CVE-2024-21433 Windows Print Spooler Elevation of Privilege Vulnerability Windows Print Spooler Components Important 7 Elevation of Privilege No No
CVE-2024-21434 Microsoft Windows SCSI Class System File Elevation of Privilege Vulnerability Microsoft Windows SCSI Class System File Important 7.8 Elevation of Privilege No No
CVE-2024-21435 Windows OLE Remote Code Execution Vulnerability Windows OLE Important 8.8 Remote Code Execution No No
CVE-2024-21436 Windows Installer Elevation of Privilege Vulnerability Windows Installer Important 7.8 Elevation of Privilege No No
CVE-2024-21437 Windows Graphics Component Elevation of Privilege Vulnerability Microsoft Graphics Component Important 7.8 Elevation of Privilege No No
CVE-2024-21440 Microsoft ODBC Driver Remote Code Execution Vulnerability Windows ODBC Driver Important 8.8 Remote Code Execution No No
CVE-2024-21448 Microsoft Teams for Android Information Disclosure Vulnerability Microsoft Teams for Android Important 5 Information Disclosure No No
CVE-2024-26160 Windows Cloud Files Mini Filter Driver Information Disclosure Vulnerability Windows Cloud Files Mini Filter Driver Important 5.5 Information Disclosure No No
CVE-2024-26162 Microsoft ODBC Driver Remote Code Execution Vulnerability Windows ODBC Driver Important 8.8 Remote Code Execution No No
CVE-2024-26166 Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability Microsoft WDAC OLE DB provider for SQL Important 8.8 Remote Code Execution No No
CVE-2024-26169 Windows Error Reporting Service Elevation of Privilege Vulnerability Windows Error Reporting Important 7.8 Elevation of Privilege No No
CVE-2024-26170 Windows Composite Image File System (CimFS) Elevation of Privilege Vulnerability Windows Composite Image File System Important 7.8 Elevation of Privilege No No
CVE-2024-26173 Windows Kernel Elevation of Privilege Vulnerability Windows Kernel Important 7.8 Elevation of Privilege No No
CVE-2024-26174 Windows Kernel Information Disclosure Vulnerability Windows Kernel Important 5.5 Information Disclosure No No
CVE-2024-26176 Windows Kernel Elevation of Privilege Vulnerability Windows Kernel Important 7.8 Elevation of Privilege No No
CVE-2024-26177 Windows Kernel Information Disclosure Vulnerability Windows Kernel Important 5.5 Information Disclosure No No
CVE-2024-26178 Windows Kernel Elevation of Privilege Vulnerability Windows Kernel Important 7.8 Elevation of Privilege No No
CVE-2024-26181 Windows Kernel Denial of Service Vulnerability Windows Kernel Important 5.5 Denial of Service No No
CVE-2024-26182 Windows Kernel Elevation of Privilege Vulnerability Windows Kernel Important 7.8 Elevation of Privilege No No
CVE-2024-26185 Windows Compressed Folder Tampering Vulnerability Windows Compressed Folder Important 6.5 Tampering No No
CVE-2023-28746 Intel: CVE-2023-28746 Register File Data Sampling (RFDS) Intel Important N/A Information Disclosure No No
CVE-2024-26204 Outlook for Android Information Disclosure Vulnerability Outlook for Android Important 7.5 Information Disclosure No No
CVE-2024-26165 Visual Studio Code Elevation of Privilege Vulnerability Visual Studio Code Important 8.8 Elevation of Privilege No No

Quickly Find and Fix Your Most At-Risk Weaknesses

Watch this demo to see how Frontline VM can help.

WATCH THE VIDEO

The post Patch Tuesday Update – March 2024 appeared first on Digital Defense.

*** This is a Security Bloggers Network syndicated blog from Digital Defense authored by Digital Defense by Fortra. Read the original post at: https://www.digitaldefense.com/vulnerability-research/patch-tuesday-update-march-2024/


文章来源: https://securityboulevard.com/2024/03/patch-tuesday-update-march-2024/
如有侵权请联系:admin#unsafe.sh