Skip to main content

Microsoft Releases March 2024 Security Updates

Scheduled updates for Microsoft products, including security updates for 61 vulnerabilities with 2 rated as critical

Threat ID:
CC-4466
Threat Severity:
Medium
Published:
14 March 2024 12:51 PM
Report a cyber attack: call 0300 303 5222 or email [email protected]

Summary

Scheduled updates for Microsoft products, including security updates for 61 vulnerabilities with 2 rated as critical

Affected platforms

The following platforms are known to be affected:

Microsoft Azure Kubernetes Service

Microsoft Office Sharepoint

The following platforms are also known to be affected:

  • .NET
  • Azure Data Studio
  • Azure SDK
  • Microsoft Authenticator
  • Microsoft Azure Kubernetes Service
  • Microsoft Dynamics
  • Microsoft Edge for Android
  • Microsoft Exchange Server
  • Microsoft Graphics Component
  • Microsoft Intune
  • Microsoft Office
  • Microsoft Office SharePoint
  • Microsoft QUIC
  • Microsoft Teams for Android
  • Microsoft WDAC ODBC Driver
  • Microsoft WDAC OLE DB provider for SQL
  • Microsoft Windows SCSI Class System File
  • Open Management Infrastructure
  • Outlook for Android
  • Role: Windows Hyper-V
  • Skype for Consumer
  • Software for Open Networking in the Cloud (SONiC)
  • SQL Server
  • Visual Studio Code
  • Windows AllJoyn API
  • Windows Cloud Files Mini Filter Driver
  • Windows Composite Image File System
  • Windows Compressed Folder
  • Windows Defender
  • Windows Error Reporting
  • Windows Hypervisor-Protected Code Integrity
  • Windows Installer
  • Windows Kerberos
  • Windows Kernel
  • Windows NTFS
  • Windows ODBC Driver
  • Windows OLE
  • Windows Print Spooler Components
  • Windows Standards-Based Storage Management Service
  • Windows Telephony Server
  • Windows Update Stack
  • Windows USB Hub Driver
  • Windows USB Print Driver
  • Windows USB Serial Driver

Threat details

Introduction

Microsoft has released security updates to address 61 vulnerabilities, including two that are critical, which are highlighted in the vulnerability details below.

Vulnerability details

  • CVE-2024-21334 

remote code execution vulnerability affecting Open Management Infrastructure (OMI), with a CVSSv3 score of 9.8, could allow a remote unauthenticated attacker to access the OMI instance from the Internet and send specially crafted requests to trigger a use-after-free vulnerability. 

  • CVE-2024-21400

privilege escalation vulnerability impacting Microsoft Azure Kubernetes Service Confidential Container, with a CVSSv3 score of 9.0, could allow an attacker to exploit this vulnerability to steal credentials and affect resources beyond the security scope managed by Azure Kubernetes Service Confidential Containers (AKSCC). 

  • CVE-2024-21407

A remote code execution vulnerability affecting Windows Hyper-V, with a CVSSv3 score of 8.1, could allow an authenticated attacker on a guest VM to send specially crafted file operation requests on the VM to hardware resources on the VM which could result in remote code execution on the host server.

  • CVE-2024-21426 

A remote code execution vulnerability affecting Microsoft SharePoint, with a CVSSv3 score of 7.8, could allow an attacker to perform a remote attack that could enable access to the victim's information and the ability to alter information, if they convince a user to open a malicious file. 

Remediation advice

Affected organisations are encouraged to review Microsoft’s March 2024 Security Update Summary and apply the relevant updates.

Last edited: 14 March 2024 12:51 pm