March 2024 Patch Tuesday: 60 flaws & 18 RCE bugs fixed

The second Tuesday of March 2024 was the Patch Tuesday for the month, which brought security updates for 60 vulnerabilities, including 18 remote code execution issues.

Two critical vulnerabilities, named Hyper-V remote code execution and denial of service flaws, are also addressed.

There were 24 elevation of privilege vulnerabilities, 18 remote code execution vulnerabilities, 3 security feature bypass vulnerabilities, 6 denial of service vulnerabilities, 6 information disclosure vulnerabilities, and 2 spoofing vulnerabilities.

This list doesn’t include 4 Microsoft Edge flaws that were fixed on March 7, 2024. Also, these updates mentioned by Microsoft do not include zero-day fixes.

Here are some important flaws addressed:

CVE-2024-21400 – Microsoft Azure Kubernetes Service Confidential Container Elevation of Privilege Vulnerability

This flaw could enable attackers to get admin rights and steal credentials in Azure Kubernetes Service. It was first reported by Yuval Avrahami, and Microsoft has now fixed it. Microsoft security updates page mentions:

An attacker who successfully exploited this vulnerability could steal credentials and affect resources beyond the security scope managed by Azure Kubernetes Service Confidential Containers (AKSCC)

CVE-2024-20671 – Microsoft Defender Security Feature Bypass Vulnerability

This flaw was discovered by Manuel Feifel with Infoguard (Vurex) and was fixed by Windows Defender Antimalware Platform updates. Version 4.18.24010.12 of the Antimalware platform addressed this flaw.

Microsoft explained how this Defender vulnerability could harm:

An authenticated attacker who successfully exploited this vulnerability could prevent Microsoft Defender from starting.

CVE-2024-26199 – Microsoft Office Elevation of Privilege Vulnerability

An Office vulnerability allows any verified user to get system privileges, but it was fixed this Patch Tuesday. The flaw was first pointed out by Ivan Almuina from Hacking Corporation Sarl. According to Microsoft, this flaw means:

Any authenticated user could trigger this vulnerability. It does not require admin or other elevated privileges.

CVE-2024-21411 – Skype for Consumer Remote Code Execution Vulnerability

This remote code execution vulnerability can be triggered by a malicious image or link. It was first pointed out by Nicole Armua and Hector Peralta, who are working with the Trend Micro Zero Day Initiative. Microsoft explains:

An attacker could exploit the vulnerability by sending the user a malicious link or a malicious image via Instant Message and then convincing the user to click the link or image.

CVE-2024-26201 – Microsoft Intune Linux Agent Elevation of Privilege Vulnerability 

Microsoft explains how this vulnerability works:

This vulnerability could allow an attacker to view potentially restricted information inside of a custom compliance script and tamper with the results of the scripts, but does not allow the attacker to make any other parts of the Intune service unavailable.

You can check out Microsoft’s release notes to learn about other security updates. March Patch Tuesday also brought some changes to Windows 11 and 10, which you can read in this detailed guide.

Have you installed the latest Windows updates? Share your thoughts on the improvements and changes introduced.