Microsoft Security Bulletin Coverage for March 2024
Overview
Microsoft’s March 2024 Patch Tuesday has 59 vulnerabilities – 26 of which are Elevation of Privilege. SonicWall Capture Labs threat research team has analyzed and addressed Microsoft’s security advisories for the month of March 2024 and has produced coverage for 7 of the reported vulnerabilities.
Vulnerabilities with Detections
CVE | CVE Title | Signature |
CVE-2024-21330 | Azure Open Management Infrastructure (OMI) Elevation of Privilege Vulnerability | ASPY 546 Exploit-py py.MP_4 |
CVE-2024-21433 | Windows Print Spooler Elevation of Privilege Vulnerability | ASPY 549 Exploit-exe exe.MP_372
IPS 1134 GetCMD.dll File Download (SMB) |
CVE-2024-21437 | Windows Graphics Component Elevation of Privilege Vulnerability | ASPY 547 Exploit-exe exe.MP_370 |
CVE-2024-26160 | Windows Cloud Files Mini Filter Driver Information Disclosure Vulnerability | ASPY 548 Exploit-exe exe.MP_371 |
CVE-2024-26170 | Windows Composite Image File System (CimFS) Elevation of Privilege Vulnerability | ASPY 552 Exploit-exe exe.MP_374 |
CVE-2024-26182 | Windows Kernel Elevation of Privilege Vulnerability | ASPY 551 Exploit-exe exe.MP_373 |
CVE-2024-26185 | Windows Compressed Folder Tampering Vulnerability | ASPY 550 Malformed-7z 7z.MP_1 |
Release Breakdown
The vulnerabilities can be classified into the following categories:
For March there are 57 critical, 2 important and zero moderate vulnerabilities.
2024 Patch Tuesday Monthly Comparison
Microsoft tracks vulnerabilities that are being actively exploited at the time of discovery as well as those that have been disclosed publicly before the Patch Tuesday release for each month. The chart above displays these metrics as seen each month.
Release Detailed Breakdown
Denial of Service Vulnerabilities
CVE-2024-21392 | .NET and Visual Studio Denial of Service Vulnerability |
CVE-2024-21408 | Windows Hyper-V Denial of Service Vulnerability |
CVE-2024-21438 | Microsoft AllJoyn API Denial of Service Vulnerability |
CVE-2024-26181 | Windows Kernel Denial of Service Vulnerability |
CVE-2024-26190 | Microsoft QUIC Denial of Service Vulnerability |
CVE-2024-26197 | Windows Standards-Based Storage Management Service Denial of Service Vulnerability |
Elevation of Privilege Vulnerabilities
CVE-2024-21330 | Open Management Infrastructure (OMI) Elevation of Privilege Vulnerability |
CVE-2024-21390 | Microsoft Authenticator Elevation of Privilege Vulnerability |
CVE-2024-21400 | Microsoft Azure Kubernetes Service Confidential Container Elevation of Privilege Vulnerability |
CVE-2024-21418 | Software for Open Networking in the Cloud (SONiC) Elevation of Privilege Vulnerability |
CVE-2024-21427 | Windows Kerberos Security Feature Bypass Vulnerability |
CVE-2024-21431 | Hypervisor-Protected Code Integrity (HVCI) Security Feature Bypass Vulnerability |
CVE-2024-21432 | Windows Update Stack Elevation of Privilege Vulnerability |
CVE-2024-21433 | Windows Print Spooler Elevation of Privilege Vulnerability |
CVE-2024-21434 | Microsoft Windows SCSI Class System File Elevation of Privilege Vulnerability |
CVE-2024-21436 | Windows Installer Elevation of Privilege Vulnerability |
CVE-2024-21437 | Windows Graphics Component Elevation of Privilege Vulnerability |
CVE-2024-21439 | Windows Telephony Server Elevation of Privilege Vulnerability |
CVE-2024-21442 | Windows USB Print Driver Elevation of Privilege Vulnerability |
CVE-2024-21443 | Windows Kernel Elevation of Privilege Vulnerability |
CVE-2024-21445 | Windows USB Print Driver Elevation of Privilege Vulnerability |
CVE-2024-21446 | NTFS Elevation of Privilege Vulnerability |
CVE-2024-26165 | Visual Studio Code Elevation of Privilege Vulnerability |
CVE-2024-26169 | Windows Error Reporting Service Elevation of Privilege Vulnerability |
CVE-2024-26170 | Windows Composite Image File System (CimFS) Elevation of Privilege Vulnerability |
CVE-2024-26173 | Windows Kernel Elevation of Privilege Vulnerability |
CVE-2024-26176 | Windows Kernel Elevation of Privilege Vulnerability |
CVE-2024-26178 | Windows Kernel Elevation of Privilege Vulnerability |
CVE-2024-26182 | Windows Kernel Elevation of Privilege Vulnerability |
CVE-2024-26199 | Microsoft Office Elevation of Privilege Vulnerability |
CVE-2024-26201 | Microsoft Intune Linux Agent Elevation of Privilege Vulnerability |
CVE-2024-26203 | Azure Data Studio Elevation of Privilege Vulnerability |
Information Disclosure Vulnerabilities
CVE-2024-21448 | Microsoft Teams for Android Information Disclosure Vulnerability |
CVE-2024-26160 | Windows Cloud Files Mini Filter Driver Information Disclosure Vulnerability |
CVE-2024-26174 | Windows Kernel Information Disclosure Vulnerability |
CVE-2024-26177 | Windows Kernel Information Disclosure Vulnerability |
CVE-2024-26204 | Outlook for Android Information Disclosure Vulnerability |
Remote Code Execution Vulnerabilities
CVE-2024-21334 | Open Management Infrastructure (OMI) Remote Code Execution Vulnerability |
CVE-2024-21407 | Windows Hyper-V Remote Code Execution Vulnerability |
CVE-2024-21411 | Skype for Consumer Remote Code Execution Vulnerability |
CVE-2024-21426 | Microsoft SharePoint Server Remote Code Execution Vulnerability |
CVE-2024-21429 | Windows USB Hub Driver Remote Code Execution Vulnerability |
CVE-2024-21430 | Windows USB Attached SCSI (UAS) Protocol Remote Code Execution Vulnerability |
CVE-2024-21435 | Windows OLE Remote Code Execution Vulnerability |
CVE-2024-21440 | Microsoft ODBC Driver Remote Code Execution Vulnerability |
CVE-2024-21441 | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability |
CVE-2024-21444 | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability |
CVE-2024-21450 | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability |
CVE-2024-21451 | Microsoft ODBC Driver Remote Code Execution Vulnerability |
CVE-2024-26159 | Microsoft ODBC Driver Remote Code Execution Vulnerability |
CVE-2024-26161 | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability |
CVE-2024-26162 | Microsoft ODBC Driver Remote Code Execution Vulnerability |
CVE-2024-26164 | Microsoft Django Backend for SQL Server Remote Code Execution Vulnerability |
CVE-2024-26166 | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability |
CVE-2024-26198 | Microsoft Exchange Server Remote Code Execution Vulnerability |
Security Feature Bypass Vulnerabilities
CVE-2024-20671 | Microsoft Defender Security Feature Bypass Vulnerability |
Spoofing Vulnerabilities
CVE-2024-21419 | Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability |
CVE-2024-21421 | Azure SDK Spoofing Vulnerability |
Tampering Vulnerabilities
CVE-2024-26185 | Windows Compressed Folder Tampering Vulnerability |