March 2024 Patch Tuesday: 10 Critical Vulnerabilities Amid 60 CVEs
Published on Mar 12, 2024 • Last updated on Nov 15, 2024
March 2024 Risk Analysis
No attribution of threat actors available at the moment.
Critical Vulnerabilities
CVE-2024-21334
Open Management Infrastructure (OMI) Remote Code Execution Vulnerability
Exploit
A critical use-after-free vulnerability in Microsoft's Open Management Infrastructure (OMI) enables unauthenticated remote code execution through specially crafted network requests to exposed instances, requiring no user interaction. The vulnerability allows attackers to achieve complete system compromise with high impacts on confidentiality, integrity, and availability, particularly affecting System Center Operations Manager (SCOM) deployments. Given the public availability of proof-of-concept exploits and the low attack complexity, this vulnerability poses an immediate risk to internet-exposed OMI instances.
CVE-2024-21400
Microsoft Azure Kubernetes Service Confidential Container Elevation of Privilege Vulnerability
Exploit
A critical elevation of privilege vulnerability in Azure Kubernetes Service Confidential Container enables unauthenticated attackers to compromise confidential guests and containers by relocating workloads to attacker-controlled machines, despite requiring complex target environment preparation. The vulnerability allows attackers to breach security boundaries and steal credentials through access to untrusted AKS Kubernetes nodes, effectively undermining the fundamental security isolation guarantees of the platform. This is particularly severe as it permits attackers to affect resources beyond the AKSCC security scope, potentially compromising entire Kubernetes clusters and sensitive data stored in confidential containers.
CVE-2024-21411
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Skype. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.<br/>The specific flaw exists within the implementation of the Today tab. The issue results from the lack of context isolation. An attacker can leverage this vulnerability to execute code in the context of the current process.<br/> Microsoft has issued an update to correct this vulnerability. More details can be found at: <br/><a href="https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21411">https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21411</a> <br/></td>
A critical remote code execution vulnerability in Skype's Today tab implementation allows attackers to execute arbitrary code by exploiting improper context isolation when users interact with malicious links or files delivered through instant messages. Upon successful exploitation, attackers can gain elevated privileges with complete read, write, and delete capabilities, potentially compromising system confidentiality, integrity, and availability. This vulnerability is particularly concerning due to its low attack complexity and the existence of public proof-of-concept exploits, combined with Skype's widespread enterprise usage and the high-impact potential for data breaches and system manipulation.
CVE-2024-21444
Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
A critical remote code execution vulnerability in Microsoft's WDAC OLE DB provider for SQL Server enables attackers to execute arbitrary code by tricking authenticated users into connecting to a malicious SQL database server, exploiting an integer overflow condition through crafted network packets. The vulnerability requires no special privileges and allows attackers to gain complete control over the client application with the same permissions as the authenticated user, potentially compromising system confidentiality, integrity, and availability. Given the low complexity of exploitation and the widespread use of SQL Server in enterprise environments, this vulnerability poses a significant risk to organizations, particularly as it can be triggered through social engineering tactics.
CVE-2024-21441
Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
A remote code execution vulnerability in Microsoft's WDAC OLE DB provider for SQL Server can be exploited when an authenticated user connects to a malicious SQL database server, allowing attackers to execute arbitrary code within the context of the user's SQL client application through specially crafted server responses. The vulnerability is particularly concerning due to its low attack complexity and potential to compromise system confidentiality, integrity, and availability in enterprise environments where SQL client applications are commonly used, despite requiring user interaction. Given the widespread use of SQL clients in business environments and the potential for complete control over affected applications, this vulnerability poses a significant risk to organizational security.
CVE-2024-21435
Windows OLE Remote Code Execution Vulnerability
A critical Windows OLE vulnerability enables remote code execution through a malicious DLL loading mechanism when users open specially crafted files from network locations or online directories, requiring no authentication for exploitation. The vulnerability leverages untrusted search paths to achieve system compromise, allowing attackers to execute arbitrary code with high impact on system confidentiality, integrity, and availability. Given the low attack complexity and the potential for exploitation through social engineering tactics, this vulnerability poses a significant risk to organizations, particularly since it can be executed by unauthenticated attackers through network-based attacks.
CVE-2024-26159
Microsoft ODBC Driver Remote Code Execution Vulnerability
A heap-based buffer overflow vulnerability in Microsoft ODBC Driver enables remote code execution when authenticated users are socially engineered to connect to a malicious SQL database, requiring no special privileges for exploitation. The vulnerability allows attackers to execute arbitrary code within the context of the victim's SQL client application through specially crafted server responses, potentially leading to complete compromise of the client system including unauthorized data access and manipulation of database contents. This presents a significant risk particularly to database administrators and developers who regularly establish database connections, as successful exploitation grants attackers full control over the affected client system with high impact on confidentiality, integrity, and availability.
CVE-2024-21450
Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
A remote code execution vulnerability in Microsoft's WDAC OLE DB provider for SQL Server enables attackers to execute arbitrary code by tricking authenticated users into connecting to a malicious SQL server, requiring only network access and user interaction to exploit. The vulnerability leverages specially crafted network packets during SQL connection attempts, allowing attackers to gain full control over affected systems with the same privileges as the SQL client application user, posing significant risks to system confidentiality, integrity, and availability. Given the low attack complexity and high potential impact, including the ability to execute unauthorized code and potentially compromise entire systems, this vulnerability represents a critical security risk for organizations using affected Microsoft SQL components.
CVE-2024-21440
Microsoft ODBC Driver Remote Code Execution Vulnerability
A remote code execution vulnerability in Microsoft's ODBC Driver allows an unauthenticated attacker to execute arbitrary code when an authenticated user connects to a malicious SQL database server, exploiting a numeric truncation error through specially crafted server responses. While the attack requires user interaction to establish the initial database connection, successful exploitation grants the attacker code execution privileges within the context of the SQL client application, potentially leading to complete system compromise with high impact on confidentiality, integrity, and availability. The severity of this vulnerability is heightened by its low attack complexity and the fact that it requires no privileges to exploit, making it an attractive target for attackers despite the need for social engineering.
CVE-2024-21451
Microsoft ODBC Driver Remote Code Execution Vulnerability
A remote code execution vulnerability in Microsoft's ODBC Driver enables attackers to execute arbitrary code by tricking authenticated users into connecting to a malicious SQL database server that sends specially crafted responses, exploiting a numeric truncation error. The attack requires minimal complexity and no special privileges, potentially leading to complete compromise of system confidentiality, integrity, and availability within the SQL client application context. Given the widespread deployment of ODBC drivers in enterprise environments and the relatively simple exploitation requirements, this vulnerability presents a significant risk to organizations relying on database connectivity.
All vulnerabilities
CVE ID | CVSS Score | Product | Trend | Exploit |
|---|---|---|---|---|
CVE-2024-26204Outlook for Android Information Disclosure Vulnerability | CVSS 7.5 | - | - | |
CVE-2024-26203Azure Data Studio Elevation of Privilege Vulnerability | CVSS 7.3 | - | - | |
CVE-2024-26201Microsoft Intune Linux Agent Elevation of Privilege Vulnerability | CVSS 6.6 | - | - | |
CVE-2024-26199This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Office. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.<br/>The specific flaw exists within the Office Performance Monitor executable. By creating a symbolic link, an attacker can abuse the process to delete arbitrary files. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM.<br/> Microsoft has issued an update to correct this vulnerability. More details can be found at: <br/><a href="https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26199">https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26199</a> <br/></td> | CVSS 7.8 | office | - | |
CVE-2024-26198Microsoft Exchange Server Remote Code Execution Vulnerability | CVSS 8.8 | exchange_server | - | |
CVE-2024-26197Windows Standards-Based Storage Management Service Denial of Service Vulnerability | CVSS 6.5 | Windows | - | |
CVE-2024-26190Microsoft QUIC Denial of Service Vulnerability | CVSS 7.5 | - | - | |
CVE-2024-26185Windows Compressed Folder Tampering Vulnerability | CVSS 6.5 | windows | - | |
CVE-2024-26182Windows Kernel Elevation of Privilege Vulnerability | CVSS 7.8 | - | - | |
CVE-2024-26181Windows Kernel Denial of Service Vulnerability | CVSS 5.5 | windows | - | |
CVE-2024-26178Windows Kernel Elevation of Privilege Vulnerability | CVSS 7.8 | - | - | |
CVE-2024-26177Windows Kernel Information Disclosure Vulnerability | CVSS 5.5 | - | - | |
CVE-2024-26176Windows Kernel Elevation of Privilege Vulnerability | CVSS 7.8 | - | - | |
CVE-2024-26174Windows Kernel Information Disclosure Vulnerability | CVSS 5.5 | - | - | |
CVE-2024-26173Windows Kernel Elevation of Privilege Vulnerability | CVSS 7.8 | windows | - | |
CVE-2024-26170Windows Composite Image File System (CimFS) Elevation of Privilege Vulnerability | CVSS 7.8 | - | - | |
CVE-2024-26169Windows Error Reporting Service Elevation of Privilege Vulnerability | CVSS 7.8 | windows | Mar 30, 2024 | |
CVE-2024-26167Microsoft Edge for Android Spoofing Vulnerability | CVSS 4.3 | edge | Mar 12, 2024 | |
CVE-2024-26166Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | CVSS 8.8 | windows_data_access_components | - | |
CVE-2024-26165Visual Studio Code Elevation of Privilege Vulnerability | CVSS 8.8 | visual_studio_code | - | |
CVE-2024-26164Microsoft Django Backend for SQL Server Remote Code Execution Vulnerability | CVSS 8.8 | sql_server | - | |
CVE-2024-26162Microsoft ODBC Driver Remote Code Execution Vulnerability | CVSS 8.8 | odbc | - | |
CVE-2024-26161Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | CVSS 8.8 | windows_data_access_components | - | |
CVE-2024-26160Windows Cloud Files Mini Filter Driver Information Disclosure Vulnerability | CVSS 5.5 | windows | - | |
CVE-2024-26159Microsoft ODBC Driver Remote Code Execution Vulnerability | CVSS 8.8 | odbc | - | |
CVE-2024-21451Microsoft ODBC Driver Remote Code Execution Vulnerability | CVSS 8.8 | odbc | - | |
CVE-2024-21450Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | CVSS 8.8 | windows_data_access_components | - | |
CVE-2024-21448Microsoft Teams for Android Information Disclosure Vulnerability | CVSS 5 | teams | - | |
CVE-2024-21446NTFS Elevation of Privilege Vulnerability | CVSS 7.8 | - | - | |
CVE-2024-21445Windows USB Print Driver Elevation of Privilege Vulnerability | CVSS 7 | Windows | - | |
CVE-2024-21444Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | CVSS 8.8 | windows_data_access_components | - | |
CVE-2024-21443Windows Kernel Elevation of Privilege Vulnerability | CVSS 7.3 | - | - | |
CVE-2024-21442Windows USB Print Driver Elevation of Privilege Vulnerability | CVSS 7.8 | Windows | - | |
CVE-2024-21441Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | CVSS 8.8 | windows_data_access_components | - | |
CVE-2024-21440Microsoft ODBC Driver Remote Code Execution Vulnerability | CVSS 8.8 | odbc | - | |
CVE-2024-21439Windows Telephony Server Elevation of Privilege Vulnerability | CVSS 7 | - | - | |
CVE-2024-21438Microsoft AllJoyn API Denial of Service Vulnerability | CVSS 7.5 | - | - | |
CVE-2024-21437Windows Graphics Component Elevation of Privilege Vulnerability | CVSS 7.8 | windows | - | |
CVE-2024-21436Windows Installer Elevation of Privilege Vulnerability | CVSS 7.8 | - | - | |
CVE-2024-21435Windows OLE Remote Code Execution Vulnerability | CVSS 8.8 | - | - | |
CVE-2024-21434Microsoft Windows SCSI Class System File Elevation of Privilege Vulnerability | CVSS 7.8 | windows | - | |
CVE-2024-21433Windows Print Spooler Elevation of Privilege Vulnerability | CVSS 7 | windows | Mar 13, 2024 | |
CVE-2024-21432Windows Update Stack Elevation of Privilege Vulnerability | CVSS 7 | windows | - | |
CVE-2024-21431Hypervisor-Protected Code Integrity (HVCI) Security Feature Bypass Vulnerability | CVSS 7.8 | - | - | |
CVE-2024-21430Windows USB Attached SCSI (UAS) Protocol Remote Code Execution Vulnerability | CVSS 5.7 | windows | - | |
CVE-2024-21429Windows USB Hub Driver Remote Code Execution Vulnerability | CVSS 6.8 | windows | - | |
CVE-2024-21427Windows Kerberos Security Feature Bypass Vulnerability | CVSS 7.5 | windows | - | |
CVE-2024-21426Microsoft SharePoint Server Remote Code Execution Vulnerability | CVSS 7.8 | sharepoint_server | - | |
CVE-2024-21421Azure SDK Spoofing Vulnerability | CVSS 7.5 | - | - | |
CVE-2024-21419Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | CVSS 7.6 | dynamics_365 | - | |
CVE-2024-21418Software for Open Networking in the Cloud (SONiC) Elevation of Privilege Vulnerability | CVSS 7.8 | software_for_open_networking_in_the_cloud | - | |
CVE-2024-21411This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Skype. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.<br/>The specific flaw exists within the implementation of the Today tab. The issue results from the lack of context isolation. An attacker can leverage this vulnerability to execute code in the context of the current process.<br/> Microsoft has issued an update to correct this vulnerability. More details can be found at: <br/><a href="https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21411">https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21411</a> <br/></td> | CVSS 8.8 | skype | - | |
CVE-2024-21408Windows Hyper-V Denial of Service Vulnerability | CVSS 5.5 | windows_10_1507 | - | |
CVE-2024-21407CVE-2024-21407 is a critical remote code execution vulnerability in Windows Hyper-V, Microsoft's native hypervisor for creating virtual machines.<br>
Impact:<br>
The vulnerability allows an unauthenticated attacker to execute arbitrary code on the Hyper-V host over the network.
Successful exploitation requires a high degree of skill, but can lead to a complete compromise of the host's confidentiality, integrity, and availability.<br>
Exploitation:<br>
As of March 12, 2024, there are no reports of this vulnerability being exploited in the wild. However, given the prevalence of Hyper-V in enterprise environments and the potential impact of a successful attack, this vulnerability should be treated as a high priority. Attackers could potentially gain unauthorized access to virtual machines, steal sensitive data, disrupt operations, or use the compromised host as a beachhead for further attacks on the network.<br>
Patch:<br>
Microsoft has released a patch for this vulnerability, which should be applied as soon as possible to all affected systems.<br>
Mitigation:<br>
As a temporary mitigation until the patch can be applied, consider restricting network access to Hyper-V hosts and ensuring they are isolated from untrusted networks where possible. It is also recommended to review virtual machine security settings and ensure that critical VMs are properly isolated and secured. Continuously monitor Hyper-V hosts and guest VMs for signs of compromise or unusual activity. | CVSS 8.1 | windows_10_1507 | - | |
CVE-2024-21400Microsoft Azure Kubernetes Service Confidential Container Elevation of Privilege Vulnerability | CVSS 9 | azure_kubernetes_service | Mar 13, 2024 | |
CVE-2024-21392Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 7.0 and .NET 8.0 . This advisory also provides guidance on what developers can do to update their applications to address this vulnerability. A vulnerability exists in .NET where specially crafted requests may cause a resource leak, leading to a Denial of Service | CVSS 7.5 | .net | - | |
CVE-2024-21390Microsoft Authenticator Elevation of Privilege Vulnerability | CVSS 7.1 | authenticator | - | |
CVE-2024-21334Open Management Infrastructure (OMI) Remote Code Execution Vulnerability | CVSS 9.8 | open_management_infrastructure | Apr 30, 2024 | |
CVE-2024-21330Open Management Infrastructure (OMI) Elevation of Privilege Vulnerability | CVSS 7.8 | open_management_infrastructure | Mar 13, 2024 | |
CVE-2024-20671Microsoft Defender Security Feature Bypass Vulnerability | CVSS 5.5 | - | - |
