Security News > 2024 > March > March 2024 Patch Tuesday: Microsoft fixes critical bugs in Windows Hyper-V
On this March 2024 Patch Tuesday, Microsoft has released fixes for 59 CVE-numbered vulnerabilities, but - welcome news! - none of them are currently publicly known or actively exploited.
One of the two - CVE-2024-21338, an elevation of privilege vulnerability affecting the Windows Kernel - had been reported to Microsoft by Avast researchers, who later shared that it had been leveraged by North Korean hackers for months before the patch was released.
Two critical Windows Hyper-V vulnerabilities have been fixed, one allowing remote code execution via a so-called guest-to-host escape, and the other denial of service.
Why a DoS vulnerability should be considered "Critical", Microsoft did not explain, but admins are advised to upgrade Windows systems running the hypervisor.
The patch is delivered via cumulative updates for Microsoft Exchange Server 2016 and 2019.
Satnam Narang, senior staff research engineer at Tenable, notes that only six vulnerabilities patched by Microsoft on this Patch Tuesday are considered "More likely" to be exploited.
News URL
https://www.helpnetsecurity.com/2024/03/12/march-2024-patch-tuesday/
Related news
- Microsoft March 2024 Patch Tuesday fixes 60 flaws, 18 RCE bugs (source)
- March Patch Tuesday sees Hyper-V join the guest-host escape club (source)
- Microsoft's March Updates Fix 61 Vulnerabilities, Including Critical Hyper-V Flaws (source)
- April 2024 Patch Tuesday forecast: New and old from Microsoft (source)
- Microsoft April 2024 Patch Tuesday fixes 150 security flaws, 67 RCEs (source)
- Microsoft: Windows 11 “invites” coming to more Windows 10 Pro PCs (source)
- Critical vulnerabilities in TeamCity JetBrains fixed, release of technical details imminent, patch quickly! (CVE-2024-27198, CVE-2024-27199) (source)
- Exploit available for new critical TeamCity auth bypass bug, patch now (source)
- Microsoft is killing off the Android apps in Windows 11 feature (source)
- March 2024 Patch Tuesday forecast: A popular framework updated (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-02-13 | CVE-2024-21338 | Unspecified vulnerability in Microsoft products Windows Kernel Elevation of Privilege Vulnerability | 7.8 |