Microsoft fixed 61 security vulnerabilities in its software on Tuesday when it delivered its monthly security update. Among these were two serious problems with Windows Hyper-V that may result in remote code execution and Denial-of-Service (DoS).

Two of the 61 vulnerabilities have a severity rating of Critical, 58 of them are rated Important, and one is rated Low. While six of the vulnerabilities have been assigned an “Exploitation More Likely” evaluation, none of them are stated as being publicly known or actively targeted at the time of the release.

These patches come on top of the 17 security holes that have been patched in the company's Edge browser, which runs on Chromium, since the February 2024 Patch Tuesday releases. The most security flaws are CVE-2024-21407 & CVE-2024-21408, which harm Hyper-V and can cause a DoS attack or remote code execution, respectively.

Microsoft's update also addresses the privilege escalation vulnerabilities related to the Azure Kubernetes Service Confidential Container (CVE-2024-21400, CVSS score: 9.0), Windows Composite Image File System (CVE-2024-26170, CVSS score: 7.8), and Authenticator (CVE-2024-21390, CVSS score: 7.1).

For CVE-2024-21390 to be successfully exploited, the attacker must be present locally on the device, either through malware or a malicious program that has been placed on the device through another method. The victim must additionally close and reopen the Authenticator app.

“Exploitation of this vulnerability could allow an attacker to gain access to multi-factor authentication codes for the victim's accounts, as well as modify or delete accounts in the authenticator app but not prevent the app from launching or running,” Microsoft said in an advisory.

“While exploitation of this flaw is considered less likely, we know that attackers are keen to find ways to bypass multi-factor authentication. Having access to a target device is bad enough as they can monitor keystrokes, steal data, and redirect users to phishing websites.” Satnam Narang, Tenable’s senior staff research engineer said in a statement.

He further stated “But if the goal is to remain stealth, they could maintain this access and steal multi-factor authentication codes to log into sensitive accounts, steal data or hijack the accounts altogether by changing passwords and replacing the multi-factor authentication device, effectively locking the user out of their accounts.”

A privilege escalation problem in the Print Spooler component (CVE-2024-21433, CVSS score: 7.0) is another noteworthy vulnerability that could allow an attacker to gain SYSTEM privileges, but only if they succeed in a race circumstance.

Additionally, the update fixes a vulnerability in Exchange Server that allows for remote code execution (CVE-2024-26198, CVSS score: 8.8). This vulnerability could be exploited by an unauthenticated threat actor by tricking a victim into opening a malicious DLL file by placing a specially crafted file on an online directory.

CVE-2024-21334 (CVSS score: 9.8), which affects the Open Management Infrastructure (OMI) via remote code execution, is the vulnerability with the highest CVSS rating.

“A remote unauthenticated attacker could access the OMI instance from the Internet and send specially crafted requests to trigger a use-after-free vulnerability. The first quarter of Patch Tuesday in 2024 has been quieter compared to the last four years. On average, there were 237 CVEs patched in the first quarter from 2020 through 2023. In the first quarter of 2024, Microsoft only patched 181 CVEs. The average number of CVEs patched in March over the last four years was 86.” Redmond said.

Security Updates from Other Companies

Apart from Microsoft, other companies also released certain security updates over the past few weeks to fix their software vulnerabilities, such as the following —

Did you find this post interesting? Join our TTB Community on LinkedIn for more exclusive content.