Security News > 2024 > March > March 2024 Patch Tuesday: Microsoft fixes critical bugs in Windows Hyper-V
On this March 2024 Patch Tuesday, Microsoft has released fixes for 59 CVE-numbered vulnerabilities, but - welcome news! - none of them are currently publicly known or actively exploited.
One of the two - CVE-2024-21338, an elevation of privilege vulnerability affecting the Windows Kernel - had been reported to Microsoft by Avast researchers, who later shared that it had been leveraged by North Korean hackers for months before the patch was released.
Two critical Windows Hyper-V vulnerabilities have been fixed, one allowing remote code execution via a so-called guest-to-host escape, and the other denial of service.
Why a DoS vulnerability should be considered "Critical", Microsoft did not explain, but admins are advised to upgrade Windows systems running the hypervisor.
The patch is delivered via cumulative updates for Microsoft Exchange Server 2016 and 2019.
Satnam Narang, senior staff research engineer at Tenable, notes that only six vulnerabilities patched by Microsoft on this Patch Tuesday are considered "More likely" to be exploited.
News URL
https://www.helpnetsecurity.com/2024/03/12/march-2024-patch-tuesday/
Related news
- Microsoft January 2025 Patch Tuesday fixes 8 zero-days, 159 flaws (source)
- Microsoft fixes actively exploited Windows Hyper-V zero-day flaws (source)
- Windows Patch Tuesday hits snag with Citrix software, workarounds published (source)
- Microsoft February 2025 Patch Tuesday fixes 4 zero-days, 55 flaws (source)
- February's Patch Tuesday sees Microsoft offer just 63 fixes (source)
- Microsoft’s Patch Tuesday Fixes 63 Flaws, Including Two Under Active Exploitation (source)
- Patch Tuesday: Microsoft Patches Two Actively Exploited Zero-Day Flaws (source)
- Microsoft 365 apps crash on Windows Server after Office update (source)
- Microsoft fixes under-attack privilege-escalation holes in Hyper-V (source)
- Patch Tuesday: January 2025 Security Update Patches Exploited Elevation of Privilege Attacks (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-02-13 | CVE-2024-21338 | Unspecified vulnerability in Microsoft products Windows Kernel Elevation of Privilege Vulnerability | 0.0 |