Share this article

Latest news

With KB5043178 to Release Preview Channel, Microsoft advises Windows 11 users to plug in when the battery is low

Copilot in Outlook will generate personalized themes for you to customize the app

Microsoft will raise the price of its 365 Suite to include AI capabilities

Death Stranding Director’s Cut is now Xbox X|S at a huge discount

Outlook will let users create custom account icons so they can tell their accounts apart easier

March 2024 Patch Tuesday: 60 flaws & 18 RCE bugs fixed

No Zero day fixes are included in the update

3 min. read

Published onMarch 14, 2024

published onMarch 14, 2024

Share this article

Read our disclosure page to find out how can you help Windows Report sustain the editorial teamRead more

The second Tuesday of March 2024 was the Patch Tuesday for the month, which brought security updates for 60 vulnerabilities, including 18 remote code execution issues.

Two critical vulnerabilities, named Hyper-V remote code execution and denial of service flaws, are also addressed.

There were 24 elevation of privilege vulnerabilities, 18 remote code execution vulnerabilities, 3 security feature bypass vulnerabilities, 6 denial of service vulnerabilities, 6 information disclosure vulnerabilities, and 2 spoofing vulnerabilities.

This list doesn’t include 4 Microsoft Edge flaws that were fixed on March 7, 2024. Also, these updates mentioned by Microsoft do not include zero-day fixes.

Here are some important flaws addressed:

CVE-2024-21400– Microsoft Azure Kubernetes Service Confidential Container Elevation of Privilege Vulnerability

This flaw could enable attackers to get admin rights and steal credentials in Azure Kubernetes Service. It was first reported by Yuval Avrahami, and Microsoft has now fixed it. Microsoft security updates page mentions:

An attacker who successfully exploited this vulnerability could steal credentials and affect resources beyond the security scope managed by Azure Kubernetes Service Confidential Containers (AKSCC)

CVE-2024-20671– Microsoft Defender Security Feature Bypass Vulnerability

This flaw was discovered by Manuel Feifel with Infoguard (Vurex) and was fixed by Windows Defender Antimalware Platform updates. Version 4.18.24010.12 of the Antimalware platform addressed this flaw.

Microsoft explained how this Defender vulnerability could harm:

An authenticated attacker who successfully exploited this vulnerability could prevent Microsoft Defender from starting.

CVE-2024-26199– Microsoft Office Elevation of Privilege Vulnerability

An Office vulnerability allows any verified user to get system privileges, but it was fixed this Patch Tuesday. The flaw was first pointed out by Ivan Almuina from Hacking Corporation Sarl. According to Microsoft, this flaw means:

Any authenticated user could trigger this vulnerability. It does not require admin or other elevated privileges.

CVE-2024-21411– Skype for Consumer Remote Code Execution Vulnerability

This remote code execution vulnerability can be triggered by a malicious image or link. It was first pointed out by Nicole Armua and Hector Peralta, who are working with the Trend Micro Zero Day Initiative. Microsoft explains:

An attacker could exploit the vulnerability by sending the user a malicious link or a malicious image via Instant Message and then convincing the user to click the link or image.

CVE-2024-26201–Microsoft Intune Linux Agent Elevation of Privilege Vulnerability

Microsoft explains how this vulnerability works:

This vulnerability could allow an attacker to view potentially restricted information inside of a custom compliance script and tamper with the results of the scripts, but does not allow the attacker to make any other parts of the Intune service unavailable.

You can check outMicrosoft’s release notesto learn about other security updates.March Patch Tuesdayalso brought some changes to Windows 11 and 10, which you can read in this detailed guide.

Have you installed the latest Windows updates? Share your thoughts on the improvements and changes introduced.

More about the topics:Windows 11

Srishti Sisodia

Windows Software Expert

Srishti Sisodia is an electronics engineer and writer with a passion for technology. She has extensive experience exploring the latest technological advancements and sharing her insights through informative blogs.

Her diverse interests bring a unique perspective to her work, and she approaches everything with commitment, enthusiasm, and a willingness to learn. That’s why she’s part of Windows Report’s Reviewers team, always willing to share the real-life experience with any software or hardware product. She’s also specialized in Azure, cloud computing, and AI.

User forum

0 messages

Sort by:LatestOldestMost Votes

Comment*

Name*

Email*

Commenting as.Not you?

Save information for future comments

Comment

Δ

Srishti Sisodia

Windows Software Expert

She is an electronics engineer and writer with a passion for technology. Srishti is specialized in Azure, cloud computing, and AI.