Description:
Microsoft has released security updates addressing multiple vulnerabilities which affect several Microsoft products or components. The list of security updates can be found at:
https://msrc.microsoft.com/update-guide/releaseNote/2024-Mar
Reports indicated that the vulnerabilities (CVE-2024-21407 and CVE-2024-21408) in Microsoft Windows and Server are at a high risk of exploitation. System administrators and users are advised to take immediate action to patch your affected systems to mitigate the elevated risk of cyber attacks.
Affected Systems:
- Microsoft Windows 10, 11
- Microsoft Windows Server 2008, 2008 R2, 2012, 2012 R2, 2016, 2019, 2022, 2022, 23H2 Edition
- Microsoft Exchange Server 2016, 2019
- Microsoft Outlook for Android
- Microsoft SharePoint Enterprise Server 2016
- Microsoft SharePoint Server 2019, Subscription Edition
- Microsoft 365 Apps for Enterprise
- Microsoft Dynamics 365 (on-premises) version 9.1
- Microsoft Teams for Android
- Skype for Consumer
- Microsoft Authenticator
- Microsoft Visual Studio 2022
- Visual Studio Code
- .NET 7.0, 8.0
- SQL Server backend for Django
- Windows Defender Antimalware Platform
- Azure Automation, Automation Update Management, Data Studio, Kubernetes Service Confidential Containers, SDK, Security Center, Sentinel
Impact:
Successful exploitation of the vulnerabilities could lead to remote code execution, denial of service, elevation of privilege, information disclosure, security feature bypass, spoofing or tampering on an affected system.
Recommendation:
Patches for affected systems are available from the Windows Update / Microsoft Update Catalog. System administrators and users of affected systems should follow the recommendations provided by the vendor and take immediate actions to mitigate the risk.
More Information:
- https://msrc.microsoft.com/update-guide/releaseNote/2024-Mar
- https://www.hkcert.org/security-bulletin/microsoft-monthly-security-update-march-2024
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28746
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20671
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21330
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21334
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21390
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21392
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21400
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21407 (to CVE-2024-21408)
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21411
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21418 (to CVE-2024-21419)
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21421
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21426 (to CVE-2024-21427)
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21429 (to CVE-2024-21446)
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21448
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21450 (to CVE-2024-21451)
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26159 (to CVE-2024-26162)
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26164 (to CVE-2024-26166)
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26169 (to CVE-2024-26170)
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26173 (to CVE-2024-26174)
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26176 (to CVE-2024-26178)
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26181 (to CVE-2024-26182)
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26185
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26190
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26197 (to CVE-2024-26199)
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26201
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26203 (to CVE-2024-26204)