Microsoft patched 59 CVEs in its March 2024 Patch Tuesday release, with 2 rated critical and 57 rated as important.
Elevation of privilege vulnerabilities accounted for 40.7% of the vulnerabilities patched this month, followed by Remote code execution at 30.5%.
Updates that requires attention
Open Management Infrastructure (OMI) Remote Code Execution Vulnerability
CVE-2024-21334 is a RCE affecting the open-source Open Management Infrastructure (OMI) management server, with a CVSSv3 score of 9.8. To exploit this vulnerability, a remote unauthenticated attacker could use a specially crafted request to trigger a use-after-free vulnerability. In addition, OMI received another patch this month, CVE-2024-21330 to address an EoP vulnerability.
In previous years, Microsoft patched two EoP flaws in OMI (CVE-2022-33640 and CVE-2022-29149), as well as an information disclosure vulnerability (CVE-2023-36043) in November 2023. This RCE is a first for OMI and despite the critical CVSS score, Microsoft rates this vulnerability as Exploitation Less Likely
Windows Hyper-V Remote Code Execution Vulnerability
CVE-2024-21407 is a RCE vulnerability in Windows Hyper-V that has a CVSSv3 score of 8.1. Successful exploitation of this vulnerability requires that an attacker be authenticated and gather information about the target environment to craft their exploit. While the attack complexity is high, exploitation could result in code execution on the host server.
Including this month, nine RCE vulnerabilities affecting Windows Hyper-V have been disclosed since 2022, with seven of them rated as Critical. While these flaws are more difficult to exploit, successfully breaking out of a VM and executing code on the host is a significant risk and these flaws should be remediated quickly to avoid any potential misuse.
Windows Print Spooler Elevation of Privilege Vulnerability
CVE-2024-21433 is an EoP vulnerability in Windows Print Spooler that has a CVSSv3 score of 7.0 and rated as Exploitation More Likely. Exploitation of this vulnerability would require an attacker to win a race condition which could grant the attacker SYSTEM privileges.
CVE-2021-34527, the original PrintNightmare vulnerability and the torrent of Print Spooler vulnerabilities that followed. In 2023, there were only four Print Spooler related bugs patched, including CVE-2023-35325, an information disclosure vulnerability in Print Spooler disclosed in July 2023, as well as three Print Spooler EoP vulnerabilities disclosed in January 2023. In 2022, there were 35 Print Spooler related vulnerabilities patched as part of Patch Tuesday, with the biggest concentration of disclosures occurring in April 2022, with 15 Print Spooler vulnerabilities patched.
Windows Kernel Elevation of Privilege Vulnerability
CVE-2024-21443, CVE-2024-26173, CVE-2024-26176, CVE-2024-26178 and CVE-2024-26182 are EoP vulnerabilities affecting the Windows Kernel that has a CVSSv3 score of 7.8 except for CVE-2024-21443 which was scored as 7.3. CVE-2024-26182 was the only Windows Kernel EoP rated as Exploitation More Likely. Successful exploitation of these vulnerabilities could lead to an attacker gaining SYSTEM privileges.
Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
CVE-2024-21441, CVE-2024-21444, CVE-2024-21450, CVE-2024-26161 and CVE-2024-26166 are RCE vulnerabilities affecting the Microsoft WDAC OLE DB provider for SQL Server that has a CVSSV3 scores of 8.8 Successful exploitation requires an authenticated user to be enticed to connect to a malicious SQL database. Once a connection is made, specially crafted replies can be sent to the client to exploit the vulnerability and allow the execution of arbitrary code.
Summary
| CVE ID | CVE Title | Severity |
| CVE-2024-21407 | Windows Hyper-V Remote Code Execution Vulnerability | Critical |
| CVE-2024-21408 | Windows Hyper-V Denial of Service Vulnerability | Critical |
| CVE-2024-21392 | .NET and Visual Studio Denial of Service Vulnerability | Important |
| CVE-2024-26203 | Azure Data Studio Elevation of Privilege Vulnerability | Important |
| CVE-2024-21421 | Azure SDK Spoofing Vulnerability | Important |
| CVE-2023-28746 | Intel: CVE-2023-28746 Register File Data Sampling (RFDS) | Important |
| CVE-2024-21390 | Microsoft Authenticator Elevation of Privilege Vulnerability | Important |
| CVE-2024-21400 | Microsoft Azure Kubernetes Service Confidential Container Elevation of Privilege Vulnerability | Important |
| CVE-2024-26164 | Microsoft Django Backend for SQL Server Remote Code Execution Vulnerability | Important |
| CVE-2024-21419 | Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | Important |
| CVE-2024-26198 | Microsoft Exchange Server Remote Code Execution Vulnerability | Important |
| CVE-2024-21437 | Windows Graphics Component Elevation of Privilege Vulnerability | Important |
| CVE-2024-26201 | Microsoft Intune Linux Agent Elevation of Privilege Vulnerability | Important |
| CVE-2024-26199 | Microsoft Office Elevation of Privilege Vulnerability | Important |
| CVE-2024-21426 | Microsoft SharePoint Server Remote Code Execution Vulnerability | Important |
| CVE-2024-26190 | Microsoft QUIC Denial of Service Vulnerability | Important |
| CVE-2024-21448 | Microsoft Teams for Android Information Disclosure Vulnerability | Important |
| CVE-2024-21451 | Microsoft ODBC Driver Remote Code Execution Vulnerability | Important |
| CVE-2024-21441 | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | Important |
| CVE-2024-26161 | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | Important |
| CVE-2024-26166 | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | Important |
| CVE-2024-21444 | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | Important |
| CVE-2024-21450 | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | Important |
| CVE-2024-21434 | Microsoft Windows SCSI Class System File Elevation of Privilege Vulnerability | Important |
| CVE-2024-21330 | Open Management Infrastructure (OMI) Elevation of Privilege Vulnerability | Important |
| CVE-2024-21334 | Open Management Infrastructure (OMI) Remote Code Execution Vulnerability | Important |
| CVE-2024-26204 | Outlook for Android Information Disclosure Vulnerability | Important |
| CVE-2024-21411 | Skype for Consumer Remote Code Execution Vulnerability | Important |
| CVE-2024-21418 | Software for Open Networking in the Cloud (SONiC) Elevation of Privilege Vulnerability | Important |
| CVE-2024-26165 | Visual Studio Code Elevation of Privilege Vulnerability | Important |
| CVE-2024-21438 | Microsoft AllJoyn API Denial of Service Vulnerability | Important |
| CVE-2024-26160 | Windows Cloud Files Mini Filter Driver Information Disclosure Vulnerability | Important |
| CVE-2024-26170 | Windows Composite Image File System (CimFS) Elevation of Privilege Vulnerability | Important |
| CVE-2024-26185 | Windows Compressed Folder Tampering Vulnerability | Important |
| CVE-2024-20671 | Microsoft Defender Security Feature Bypass Vulnerability | Important |
| CVE-2024-26169 | Windows Error Reporting Service Elevation of Privilege Vulnerability | Important |
| CVE-2024-21431 | Hypervisor-Protected Code Integrity (HVCI) Security Feature Bypass Vulnerability | Important |
| CVE-2024-21436 | Windows Installer Elevation of Privilege Vulnerability | Important |
| CVE-2024-21427 | Windows Kerberos Security Feature Bypass Vulnerability | Important |
| CVE-2024-26177 | Windows Kernel Information Disclosure Vulnerability | Important |
| CVE-2024-26176 | Windows Kernel Elevation of Privilege Vulnerability | Important |
| CVE-2024-26174 | Windows Kernel Information Disclosure Vulnerability | Important |
| CVE-2024-26182 | Windows Kernel Elevation of Privilege Vulnerability | Important |
| CVE-2024-26181 | Windows Kernel Denial of Service Vulnerability | Important |
| CVE-2024-26178 | Windows Kernel Elevation of Privilege Vulnerability | Important |
| CVE-2024-26173 | Windows Kernel Elevation of Privilege Vulnerability | Important |
| CVE-2024-21443 | Windows Kernel Elevation of Privilege Vulnerability | Important |
| CVE-2024-21446 | NTFS Elevation of Privilege Vulnerability | Important |
| CVE-2024-21440 | Microsoft ODBC Driver Remote Code Execution Vulnerability | Important |
| CVE-2024-26162 | Microsoft ODBC Driver Remote Code Execution Vulnerability | Important |
| CVE-2024-26159 | Microsoft ODBC Driver Remote Code Execution Vulnerability | Important |
| CVE-2024-21435 | Windows OLE Remote Code Execution Vulnerability | Important |
| CVE-2024-21433 | Windows Print Spooler Elevation of Privilege Vulnerability | Important |
| CVE-2024-26197 | Windows Standards-Based Storage Management Service Denial of Service Vulnerability | Important |
| CVE-2024-21439 | Windows Telephony Server Elevation of Privilege Vulnerability | Important |
| CVE-2024-21432 | Windows Update Stack Elevation of Privilege Vulnerability | Important |
| CVE-2024-21429 | Windows USB Hub Driver Remote Code Execution Vulnerability | Important |
| CVE-2024-21442 | Windows USB Print Driver Elevation of Privilege Vulnerability | Important |
| CVE-2024-21445 | Windows USB Print Driver Elevation of Privilege Vulnerability | Important |
| CVE-2024-21430 | Windows USB Attached SCSI (UAS) Protocol Remote Code Execution Vulnerability | Important |
