Security News

Microsoft Security Bulletin Coverage for March 2024

By

Overview
Microsoft’s March 2024 Patch Tuesday has 59 vulnerabilities – 26 of which are Elevation of Privilege. SonicWall Capture Labs threat research team has analyzed and addressed Microsoft’s security advisories for the month of March 2024 and has produced coverage for 7 of the reported vulnerabilities.

Vulnerabilities with Detections

CVE CVE Title Signature
CVE-2024-21330 Azure Open Management Infrastructure (OMI) Elevation of Privilege Vulnerability ASPY 546 Exploit-py py.MP_4
CVE-2024-21433 Windows Print Spooler Elevation of Privilege Vulnerability ASPY 549 Exploit-exe exe.MP_372

IPS 1134 GetCMD.dll File Download (SMB)
CVE-2024-21437 Windows Graphics Component Elevation of Privilege Vulnerability ASPY 547 Exploit-exe exe.MP_370
CVE-2024-26160 Windows Cloud Files Mini Filter Driver Information Disclosure Vulnerability ASPY 548 Exploit-exe exe.MP_371
CVE-2024-26170 Windows Composite Image File System (CimFS) Elevation of Privilege Vulnerability ASPY 552 Exploit-exe exe.MP_374
CVE-2024-26182 Windows Kernel Elevation of Privilege Vulnerability ASPY 551 Exploit-exe exe.MP_373
CVE-2024-26185 Windows Compressed Folder Tampering Vulnerability ASPY 550 Malformed-7z 7z.MP_1

 

Release Breakdown

The vulnerabilities can be classified into the following categories:

For March there are 57 critical, 2 important and zero moderate vulnerabilities.

2024 Patch Tuesday Monthly Comparison

Microsoft tracks vulnerabilities that are being actively exploited at the time of discovery as well as those that have been disclosed publicly before the Patch Tuesday release for each month. The chart above displays these metrics as seen each month.

Release Detailed Breakdown

Denial of Service Vulnerabilities

CVE-2024-21392 .NET and Visual Studio Denial of Service Vulnerability
CVE-2024-21408 Windows Hyper-V Denial of Service Vulnerability
CVE-2024-21438 Microsoft AllJoyn API Denial of Service Vulnerability
CVE-2024-26181 Windows Kernel Denial of Service Vulnerability
CVE-2024-26190 Microsoft QUIC Denial of Service Vulnerability
CVE-2024-26197 Windows Standards-Based Storage Management Service Denial of Service Vulnerability

 

Elevation of Privilege Vulnerabilities

CVE-2024-21330 Open Management Infrastructure (OMI) Elevation of Privilege Vulnerability
CVE-2024-21390 Microsoft Authenticator Elevation of Privilege Vulnerability
CVE-2024-21400 Microsoft Azure Kubernetes Service Confidential Container Elevation of Privilege Vulnerability
CVE-2024-21418 Software for Open Networking in the Cloud (SONiC) Elevation of Privilege Vulnerability
CVE-2024-21427 Windows Kerberos Security Feature Bypass Vulnerability
CVE-2024-21431 Hypervisor-Protected Code Integrity (HVCI) Security Feature Bypass Vulnerability
CVE-2024-21432 Windows Update Stack Elevation of Privilege Vulnerability
CVE-2024-21433 Windows Print Spooler Elevation of Privilege Vulnerability
CVE-2024-21434 Microsoft Windows SCSI Class System File Elevation of Privilege Vulnerability
CVE-2024-21436 Windows Installer Elevation of Privilege Vulnerability
CVE-2024-21437 Windows Graphics Component Elevation of Privilege Vulnerability
CVE-2024-21439 Windows Telephony Server Elevation of Privilege Vulnerability
CVE-2024-21442 Windows USB Print Driver Elevation of Privilege Vulnerability
CVE-2024-21443 Windows Kernel Elevation of Privilege Vulnerability
CVE-2024-21445 Windows USB Print Driver Elevation of Privilege Vulnerability
CVE-2024-21446 NTFS Elevation of Privilege Vulnerability
CVE-2024-26165 Visual Studio Code Elevation of Privilege Vulnerability
CVE-2024-26169 Windows Error Reporting Service Elevation of Privilege Vulnerability
CVE-2024-26170 Windows Composite Image File System (CimFS) Elevation of Privilege Vulnerability
CVE-2024-26173 Windows Kernel Elevation of Privilege Vulnerability
CVE-2024-26176 Windows Kernel Elevation of Privilege Vulnerability
CVE-2024-26178 Windows Kernel Elevation of Privilege Vulnerability
CVE-2024-26182 Windows Kernel Elevation of Privilege Vulnerability
CVE-2024-26199 Microsoft Office Elevation of Privilege Vulnerability
CVE-2024-26201 Microsoft Intune Linux Agent Elevation of Privilege Vulnerability
CVE-2024-26203 Azure Data Studio Elevation of Privilege Vulnerability

 

Information Disclosure Vulnerabilities

CVE-2024-21448 Microsoft Teams for Android Information Disclosure Vulnerability
CVE-2024-26160 Windows Cloud Files Mini Filter Driver Information Disclosure Vulnerability
CVE-2024-26174 Windows Kernel Information Disclosure Vulnerability
CVE-2024-26177 Windows Kernel Information Disclosure Vulnerability
CVE-2024-26204 Outlook for Android Information Disclosure Vulnerability

 

Remote Code Execution Vulnerabilities

CVE-2024-21334 Open Management Infrastructure (OMI) Remote Code Execution Vulnerability
CVE-2024-21407 Windows Hyper-V Remote Code Execution Vulnerability
CVE-2024-21411 Skype for Consumer Remote Code Execution Vulnerability
CVE-2024-21426 Microsoft SharePoint Server Remote Code Execution Vulnerability
CVE-2024-21429 Windows USB Hub Driver Remote Code Execution Vulnerability
CVE-2024-21430 Windows USB Attached SCSI (UAS) Protocol Remote Code Execution Vulnerability
CVE-2024-21435 Windows OLE Remote Code Execution Vulnerability
CVE-2024-21440 Microsoft ODBC Driver Remote Code Execution Vulnerability
CVE-2024-21441 Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
CVE-2024-21444 Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
CVE-2024-21450 Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
CVE-2024-21451 Microsoft ODBC Driver Remote Code Execution Vulnerability
CVE-2024-26159 Microsoft ODBC Driver Remote Code Execution Vulnerability
CVE-2024-26161 Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
CVE-2024-26162 Microsoft ODBC Driver Remote Code Execution Vulnerability
CVE-2024-26164 Microsoft Django Backend for SQL Server Remote Code Execution Vulnerability
CVE-2024-26166 Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
CVE-2024-26198 Microsoft Exchange Server Remote Code Execution Vulnerability

 

Security Feature Bypass Vulnerabilities

CVE-2024-20671 Microsoft Defender Security Feature Bypass Vulnerability

 

Spoofing Vulnerabilities

CVE-2024-21419 Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability
CVE-2024-21421 Azure SDK Spoofing Vulnerability

 

Tampering Vulnerabilities

CVE-2024-26185 Windows Compressed Folder Tampering Vulnerability

 

Security News
The SonicWall Capture Labs Threat Research Team gathers, analyzes and vets cross-vector threat information from the SonicWall Capture Threat network, consisting of global devices and resources, including more than 1 million security sensors in nearly 200 countries and territories. The research team identifies, analyzes, and mitigates critical vulnerabilities and malware daily through in-depth research, which drives protection for all SonicWall customers. In addition to safeguarding networks globally, the research team supports the larger threat intelligence community by releasing weekly deep technical analyses of the most critical threats to small businesses, providing critical knowledge that defenders need to protect their networks.
Recommended Cyber Security Stories
Internet Explorer Vulnerability CVE-2014-1776 Exploit Analysis(May 23, 2014)
Roaming Mantis attacks Android devices in Asia, likely behind OTP codes (May 8, 2018)
desuCrypt variant named InsaneCrypt spotted in the wild
Cancer Ransomware forgets how to ransomware (Feb 10, 2017)
Centreon SQL Injection Vulnerability
Microsoft Security Bulletin Coverage for December 2020
Laplas Clipper Strikes Again: With Anti Analysis Techniques
Adobe Flash Player memory corruption vulnerability CVE-2017-2930 (Jan 20, 2017)