Security News

Microsoft Security Bulletin Coverage for March 2024

By

Overview
Microsoft’s March 2024 Patch Tuesday has 59 vulnerabilities – 26 of which are Elevation of Privilege. SonicWall Capture Labs threat research team has analyzed and addressed Microsoft’s security advisories for the month of March 2024 and has produced coverage for 7 of the reported vulnerabilities.

Vulnerabilities with Detections

CVECVE TitleSignature
CVE-2024-21330Azure Open Management Infrastructure (OMI) Elevation of Privilege VulnerabilityASPY 546 Exploit-py py.MP_4
CVE-2024-21433Windows Print Spooler Elevation of Privilege VulnerabilityASPY 549 Exploit-exe exe.MP_372

IPS 1134 GetCMD.dll File Download (SMB)

CVE-2024-21437Windows Graphics Component Elevation of Privilege VulnerabilityASPY 547 Exploit-exe exe.MP_370
CVE-2024-26160Windows Cloud Files Mini Filter Driver Information Disclosure VulnerabilityASPY 548 Exploit-exe exe.MP_371
CVE-2024-26170Windows Composite Image File System (CimFS) Elevation of Privilege VulnerabilityASPY 552 Exploit-exe exe.MP_374
CVE-2024-26182Windows Kernel Elevation of Privilege VulnerabilityASPY 551 Exploit-exe exe.MP_373
CVE-2024-26185Windows Compressed Folder Tampering VulnerabilityASPY 550 Malformed-7z 7z.MP_1

 

Release Breakdown

The vulnerabilities can be classified into the following categories:

For March there are 57 critical, 2 important and zero moderate vulnerabilities.

2024 Patch Tuesday Monthly Comparison

Microsoft tracks vulnerabilities that are being actively exploited at the time of discovery as well as those that have been disclosed publicly before the Patch Tuesday release for each month. The chart above displays these metrics as seen each month.

Release Detailed Breakdown

Denial of Service Vulnerabilities

CVE-2024-21392.NET and Visual Studio Denial of Service Vulnerability
CVE-2024-21408Windows Hyper-V Denial of Service Vulnerability
CVE-2024-21438Microsoft AllJoyn API Denial of Service Vulnerability
CVE-2024-26181Windows Kernel Denial of Service Vulnerability
CVE-2024-26190Microsoft QUIC Denial of Service Vulnerability
CVE-2024-26197Windows Standards-Based Storage Management Service Denial of Service Vulnerability

 

Elevation of Privilege Vulnerabilities

CVE-2024-21330Open Management Infrastructure (OMI) Elevation of Privilege Vulnerability
CVE-2024-21390Microsoft Authenticator Elevation of Privilege Vulnerability
CVE-2024-21400Microsoft Azure Kubernetes Service Confidential Container Elevation of Privilege Vulnerability
CVE-2024-21418Software for Open Networking in the Cloud (SONiC) Elevation of Privilege Vulnerability
CVE-2024-21427Windows Kerberos Security Feature Bypass Vulnerability
CVE-2024-21431Hypervisor-Protected Code Integrity (HVCI) Security Feature Bypass Vulnerability
CVE-2024-21432Windows Update Stack Elevation of Privilege Vulnerability
CVE-2024-21433Windows Print Spooler Elevation of Privilege Vulnerability
CVE-2024-21434Microsoft Windows SCSI Class System File Elevation of Privilege Vulnerability
CVE-2024-21436Windows Installer Elevation of Privilege Vulnerability
CVE-2024-21437Windows Graphics Component Elevation of Privilege Vulnerability
CVE-2024-21439Windows Telephony Server Elevation of Privilege Vulnerability
CVE-2024-21442Windows USB Print Driver Elevation of Privilege Vulnerability
CVE-2024-21443Windows Kernel Elevation of Privilege Vulnerability
CVE-2024-21445Windows USB Print Driver Elevation of Privilege Vulnerability
CVE-2024-21446NTFS Elevation of Privilege Vulnerability
CVE-2024-26165Visual Studio Code Elevation of Privilege Vulnerability
CVE-2024-26169Windows Error Reporting Service Elevation of Privilege Vulnerability
CVE-2024-26170Windows Composite Image File System (CimFS) Elevation of Privilege Vulnerability
CVE-2024-26173Windows Kernel Elevation of Privilege Vulnerability
CVE-2024-26176Windows Kernel Elevation of Privilege Vulnerability
CVE-2024-26178Windows Kernel Elevation of Privilege Vulnerability
CVE-2024-26182Windows Kernel Elevation of Privilege Vulnerability
CVE-2024-26199Microsoft Office Elevation of Privilege Vulnerability
CVE-2024-26201Microsoft Intune Linux Agent Elevation of Privilege Vulnerability
CVE-2024-26203Azure Data Studio Elevation of Privilege Vulnerability

 

Information Disclosure Vulnerabilities

CVE-2024-21448Microsoft Teams for Android Information Disclosure Vulnerability
CVE-2024-26160Windows Cloud Files Mini Filter Driver Information Disclosure Vulnerability
CVE-2024-26174Windows Kernel Information Disclosure Vulnerability
CVE-2024-26177Windows Kernel Information Disclosure Vulnerability
CVE-2024-26204Outlook for Android Information Disclosure Vulnerability

 

Remote Code Execution Vulnerabilities

CVE-2024-21334Open Management Infrastructure (OMI) Remote Code Execution Vulnerability
CVE-2024-21407Windows Hyper-V Remote Code Execution Vulnerability
CVE-2024-21411Skype for Consumer Remote Code Execution Vulnerability
CVE-2024-21426Microsoft SharePoint Server Remote Code Execution Vulnerability
CVE-2024-21429Windows USB Hub Driver Remote Code Execution Vulnerability
CVE-2024-21430Windows USB Attached SCSI (UAS) Protocol Remote Code Execution Vulnerability
CVE-2024-21435Windows OLE Remote Code Execution Vulnerability
CVE-2024-21440Microsoft ODBC Driver Remote Code Execution Vulnerability
CVE-2024-21441Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
CVE-2024-21444Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
CVE-2024-21450Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
CVE-2024-21451Microsoft ODBC Driver Remote Code Execution Vulnerability
CVE-2024-26159Microsoft ODBC Driver Remote Code Execution Vulnerability
CVE-2024-26161Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
CVE-2024-26162Microsoft ODBC Driver Remote Code Execution Vulnerability
CVE-2024-26164Microsoft Django Backend for SQL Server Remote Code Execution Vulnerability
CVE-2024-26166Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
CVE-2024-26198Microsoft Exchange Server Remote Code Execution Vulnerability

 

Security Feature Bypass Vulnerabilities

CVE-2024-20671Microsoft Defender Security Feature Bypass Vulnerability

 

Spoofing Vulnerabilities

CVE-2024-21419Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability
CVE-2024-21421Azure SDK Spoofing Vulnerability

 

Tampering Vulnerabilities

CVE-2024-26185Windows Compressed Folder Tampering Vulnerability

 

Security News
The SonicWall Capture Labs Threat Research Team gathers, analyzes and vets cross-vector threat information from the SonicWall Capture Threat network, consisting of global devices and resources, including more than 1 million security sensors in nearly 200 countries and territories. The research team identifies, analyzes, and mitigates critical vulnerabilities and malware daily through in-depth research, which drives protection for all SonicWall customers. In addition to safeguarding networks globally, the research team supports the larger threat intelligence community by releasing weekly deep technical analyses of the most critical threats to small businesses, providing critical knowledge that defenders need to protect their networks.
Recommended Cyber Security Stories
Fake Aarogya Setu Android apps harbor spyware capabilities
Fake McAfee E-mail protection tool - Banker Trojan (Apr 15, 2010)
An Android stealer with a multitude of spyware capabilities
8t_Dropper, RoyalRoad
Microsoft Security Advisory Coverage (March 24, 2014)
Phishing campaigns are facile to steal credential
Microsoft Security Bulletin Coverage (Feb 10, 2015)
Cisco Secure Desktop Vulnerability (March 31, 2011)