Security News > 2024 > March > March 2024 Patch Tuesday: Microsoft fixes critical bugs in Windows Hyper-V

On this March 2024 Patch Tuesday, Microsoft has released fixes for 59 CVE-numbered vulnerabilities, but - welcome news! - none of them are currently publicly known or actively exploited.

One of the two - CVE-2024-21338, an elevation of privilege vulnerability affecting the Windows Kernel - had been reported to Microsoft by Avast researchers, who later shared that it had been leveraged by North Korean hackers for months before the patch was released.

Two critical Windows Hyper-V vulnerabilities have been fixed, one allowing remote code execution via a so-called guest-to-host escape, and the other denial of service.

Why a DoS vulnerability should be considered "Critical", Microsoft did not explain, but admins are advised to upgrade Windows systems running the hypervisor.

The patch is delivered via cumulative updates for Microsoft Exchange Server 2016 and 2019.

Satnam Narang, senior staff research engineer at Tenable, notes that only six vulnerabilities patched by Microsoft on this Patch Tuesday are considered "More likely" to be exploited.

News URL

https://www.helpnetsecurity.com/2024/03/12/march-2024-patch-tuesday/