Monthly Security Updates Released by Microsoft and Adobe in March 2024: A Review
In the latest Patch Tuesday release by Microsoft, several vulnerabilities have been addressed, including those discovered by researchers from Microsoft, Google Project Zero, and independent security experts. Here's a rundown of what you need to know.
Microsoft Patch Tuesday March 2024
The March 2024 edition of Patch Tuesday addressed 64 vulnerabilities, including 2 critical and 58 important severity vulnerabilities. Notably, Microsoft has not addressed any zero-day vulnerabilities known to be exploited in the wild in this release.
Microsoft 365 Hyper-V Vulnerabilities
Two Microsoft 365 Hyper-V vulnerabilities, CVE-2024-21407 and CVE-2024-21408, have been addressed. CVE-2024-21407 is a Remote Code Execution (RCE) vulnerability, where an authenticated attacker on a guest VM must send specially crafted file operation requests to hardware resources to perform remote code execution on the host server. Microsoft has not published any information about CVE-2024-21408.
Other Microsoft Product Vulnerabilities
The release also includes updates for vulnerabilities in various Microsoft products, such as Microsoft Office and Components, SQL Server, Visual Studio Code, .NET, Microsoft Azure Kubernetes Service, Microsoft 365 Hyper-V, Windows OLE, Windows Installer, Microsoft Graphics Component, and more.
One elevation of privilege vulnerability, CVE-2024-21433, was found in Windows Print Spooler. To exploit this vulnerability, an attacker needs to win a race condition, potentially allowing them to gain SYSTEM privilege. Another elevation of privilege vulnerability, CVE-2024-21437, was discovered in the Windows Graphics Component, also allowing an attacker to gain SYSTEM privilege upon successful exploitation.
Adobe Security Updates
Adobe has released six security advisories to address 58 vulnerabilities in Adobe Experience Manager, Adobe Premiere Pro, Adobe ColdFusion, Adobe Bridge, Adobe Lightroom, and Adobe Animate. Eight of these vulnerabilities were given critical severity ratings.
Qualys VMDR and Patch Management
Qualys VMDR automatically detects new Patch Tuesday vulnerabilities using continuous updates to its Knowledgebase (KB). The Qualys VMDR can help you see all your impacted hosts by Patch Tuesday vulnerabilities using a specific QQL query. VMDR rapidly remediates Microsoft 365 hosts by deploying the most relevant and applicable per-technology version patches.
Qualys hosts a monthly webinar series to help customers leverage the integration between Qualys Vulnerability Management Detection Response (VMDR) and Qualys Patch Management. The webcast walks customers through the necessary steps to address the key vulnerabilities using Qualys VMDR and Qualys Patch Management. During the webcast, they discuss this month's high-impact vulnerabilities, including those that are a part of this month's Patch Tuesday alert.
Upcoming Patch Tuesday
Remember, the next Patch Tuesday falls on April 9. Customers can register for the webinar titled "This Month in Vulnerabilities & Patches" to stay informed about the latest security updates.
In addition to the Patch Tuesday updates, Microsoft has patched four vulnerabilities in Microsoft Edge (Chromium-based) earlier in March 2024. Stay vigilant and keep your systems updated to ensure the best possible security posture.
