March 2024 Patch Tuesday: Microsoft fixes critical bugs in Windows Hyper-V

2024-03-12 19:55

On this March 2024 Patch Tuesday, Microsoft has released fixes for 59 CVE-numbered vulnerabilities, but - welcome news! - none of them are currently publicly known or actively exploited.

One of the two - CVE-2024-21338, an elevation of privilege vulnerability affecting the Windows Kernel - had been reported to Microsoft by Avast researchers, who later shared that it had been leveraged by North Korean hackers for months before the patch was released.

Two critical Windows Hyper-V vulnerabilities have been fixed, one allowing remote code execution via a so-called guest-to-host escape, and the other denial of service.

Why a DoS vulnerability should be considered "Critical", Microsoft did not explain, but admins are advised to upgrade Windows systems running the hypervisor.

The patch is delivered via cumulative updates for Microsoft Exchange Server 2016 and 2019.

Satnam Narang, senior staff research engineer at Tenable, notes that only six vulnerabilities patched by Microsoft on this Patch Tuesday are considered "More likely" to be exploited.

News URL

https://www.helpnetsecurity.com/2024/03/12/march-2024-patch-tuesday/

#critical #hyperv #microsoft #patch #patchtuesday #windows #CVE-2024-21338

Related Vulnerability

DATE	CVE	VULNERABILITY TITLE	RISK
2024-02-13	CVE-2024-21338	Unspecified vulnerability in Microsoft products Windows Kernel Elevation of Privilege Vulnerability microsoft	0.0

Related vendor

VENDOR	LAST 12M	#/PRODUCTS	LOW	MEDIUM	HIGH	CRITICAL	TOTAL VULNS
Microsoft		369	51	1396	2857	168	4472

News URL

Related news

Related Vulnerability

Related vendor