Microsoft just patched a whole load of important security flaws, including two critical issues - so update now

Fingertip pressing keyboard key with Windows logo on it
Är du ute efter bästa VPN för Windows 10 och Windwos 11? Här är våra favoriter just nu. (Image credit: Shutterstock)

The March 2024 edition of Microsoft’s Patch Tuesday is upon us, fixing dozens of vulnerabilities, including two critical severity issues which could result in remote code execution (RCE) and privilege escalation.

In its advisory, Microsoft announced addressing 61 CVEs, in addition to 17 Edge flaws fixed a few weeks prior. Of those 61 vulnerabilities, two are labeled critical, 58 important, and one low. The company said the flaws were not publicly known, or under active exploitation. 

However, six were flagged as “exploitation more likely”, probably suggesting that they are relatively easy to discover and abuse, and that it was only a matter of time before a threat actor finds them.

Hyper-V flaws addressed

That being said, the two critical severity vulnerabilities are tracked as CVE-2024-21334 and CVE-2024-21400. The former has a severity score of 9.8, and is described as an Open Management Infrastructure (OMI) Remote Code Execution Vulnerability. The latter, on the other hand, has a severity score of 9.0, and is described as an Azure Kubernetes Service Confidential Container Elevation of Privilege Vulnerability.

Besides the two, other notable mentions include CVE-2024-21407, and CVE-2024-21408, two flaws affecting Hyper-V, and allowing threat actors not only to run RCE, but also denial-of-service (DoS) attacks. 

This month’s Patch Tuesday also fixes a number of vulnerabilities discovered in products from other vendors, such as Adobe, AMD, Citrix, Chrome, NVIDIA, and many others. The full list of vulnerabilities serviced this month can be found on this link

Every second Tuesday in a month, Microsoft releases cumulative updates, addressing as many vulnerabilities as it can (aside from critical updates which are released as soon as they’re available, and are usually known as out-of-bands patches). This is a longstanding practice in the IT industry that's been picked up by many companies, including Adobe, and Oracle, and formalized in late 2003 by Microsoft.

More from TechRadar Pro

TOPICS

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.