- IT 리더가 지목한 AI 가치 실현의 최대 걸림돌은 ‘비용 관리’
- Los CIO consideran que la gestión de costes puede acabar con el valor de la IA
- 칼럼 | AI 에이전트, 지금까지의 어떤 기술과도 다르다
- The $23 Echo Dot deal is a great deal to upgrade your smart home this Black Friday
- Amazon's Echo Spot smart alarm clock is almost half off this Black Friday
Microsoft’s March 2024 Patch Tuesday Addresses 59 CVEs (CVE-2024-21407)
Microsoft addresses 59 CVEs in its March 2024 Patch Tuesday release with no zero-day or publicly disclosed vulnerabilities.
Microsoft patched 59 CVEs in its March 2024 Patch Tuesday release, with 2 rated critical and 57 rated as important.
Elevation of privilege (EoP) vulnerabilities accounted for 40.7% of the vulnerabilities patched this month, followed by Remote code execution (RCE) at 30.5%.
CVE-2024-21334 | Open Management Infrastructure (OMI) Remote Code Execution Vulnerability
CVE-2024-21334 is a RCE affecting the open-source Open Management Infrastructure (OMI) management server. It was assigned a CVSSv3 score of 9.8 and is rated important. To exploit this vulnerability, a remote unauthenticated attacker could use a specially crafted request to trigger a use-after-free vulnerability. In addition, OMI received another patch this month, CVE-2024-21330 to address an EoP vulnerability.
In 2022, Microsoft patched two EoP flaws in OMI (CVE-2022-33640 and CVE-2022-29149), as well as an information disclosure vulnerability (CVE-2023-36043) in November 2023. This RCE is a first for OMI and despite the critical CVSS score, Microsoft rates this vulnerability as “Exploitation Less Likely” according to the Microsoft Exploitability Index.
CVE-2024-21407 | Windows Hyper-V Remote Code Execution Vulnerability
CVE-2024-21407 is a RCE vulnerability in Windows Hyper-V. This vulnerability was assigned a CVSSv3 score of 8.1 and is rated critical. Successful exploitation of this vulnerability requires that an attacker be authenticated and gather information about the target environment in order to craft their exploit. While the attack complexity is high, exploitation could result in code execution on the host server.
Including this month, nine RCE vulnerabilities affecting Windows Hyper-V have been disclosed since 2022, with seven of them rated as Critical. While these flaws generally are more difficult to exploit, successfully breaking out of a VM and executing code on the host is a significant risk and these flaws should be remediated quickly to avoid any potential misuse.
CVE-2024-21433 | Windows Print Spooler Elevation of Privilege Vulnerability
CVE-2024-21433 is an EoP vulnerability in Windows Print Spooler. This vulnerability is rated as ”Exploitation More Likely,” and was assigned a CVSSv3 score of 7.0. Exploitation of this vulnerability would require an attacker to win a race condition which could grant the attacker SYSTEM privileges.
Over the last few years, we’ve seen a sharp decline in the number of Print Spooler related vulnerabilities patched as part of Patch Tuesday since the disclosure of CVE-2021-34527, the original PrintNightmare vulnerability and the torrent of Print Spooler vulnerabilities that followed. In 2023, there were only four Print Spooler related bugs patched, including CVE-2023-35325, an information disclosure vulnerability in Print Spooler disclosed in July 2023, as well as three Print Spooler EoP vulnerabilities disclosed in January 2023. In 2022, there were 35 Print Spooler related vulnerabilities patched as part of Patch Tuesday, with the biggest concentration of disclosures occurring in April 2022, with 15 Print Spooler vulnerabilities patched.
CVE-2024-21443, CVE-2024-26173, CVE-2024-26176, CVE-2024-26178 and CVE-2024-26182 | Windows Kernel Elevation of Privilege Vulnerability
CVE-2024-21443, CVE-2024-26173, CVE-2024-26176, CVE-2024-26178 and CVE-2024-26182 are EoP vulnerabilities affecting the Windows Kernel. These vulnerabilities are all rated as important, and each was assigned a CVSSv3 score of 7.8 with the exception of CVE-2024-21443 which was scored as 7.3. CVE-2024-26182 was the only Windows Kernel EoP rated as “Exploitation More Likely.” Successful exploitation of these vulnerabilities could lead to an attacker gaining SYSTEM privileges.
CVE-2024-21441, CVE-2024-21444, CVE-2024-21450, CVE-2024-26161 and CVE-2024-26166 | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
CVE-2024-21441, CVE-2024-21444, CVE-2024-21450, CVE-2024-26161 and CVE-2024-26166 are RCE vulnerabilities affecting the Microsoft WDAC OLE DB provider for SQL Server. These vulnerabilities are rated as important, and were assigned CVSSV3 scores of 8.8. Successful exploitation requires an authenticated user to be enticed to connect to a malicious SQL database. Once a connection is made, specially crafted replies can be sent to the client in order to exploit the vulnerability and allow the execution of arbitrary code.
A list of all the plugins released for Tenable’s March 2024 Patch Tuesday update can be found here. As always, we recommend patching systems as soon as possible and regularly scanning your environment to identify those systems yet to be patched.