VERT Threat Alert: March 2024 Patch Tuesday Analysis


Today’s VERT Alert addresses Microsoft’s March 2024 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1097 as soon as coverage is completed.

In-The-Wild & Disclosed CVEs

There were no in-the-wild or disclosed CVEs included in the March Patch Tuesday release.

CVE Breakdown by Tag

While historical Microsoft Security Bulletin groupings are gone, Microsoft vulnerabilities are tagged with an identifier. This list provides a breakdown of the CVEs on a per-tag basis. Vulnerabilities are also color-coded to aid in identifying key issues.

  • Traditional Software
  • Mobile Software
  • Cloud or Cloud Adjacent
  • Vulnerabilities that are being exploited or that have been disclosed will be highlighted.

Tag

CVE Count

CVEs

Windows Defender

1

CVE-2024-20671

.NET

1

CVE-2024-21392

Skype for Consumer

1

CVE-2024-21411

Software for Open Networking in the Cloud (SONiC)

1

CVE-2024-21418

Azure SDK

1

CVE-2024-21421

Microsoft Office SharePoint

1

CVE-2024-21426

Windows USB Hub Driver

1

CVE-2024-21429

Windows USB Serial Driver

1

CVE-2024-21430

Windows AllJoyn API

1

CVE-2024-21438

Windows Telephony Server

1

CVE-2024-21439

Microsoft WDAC OLE DB provider for SQL

5

CVE-2024-21441, CVE-2024-21444, CVE-2024-21450, CVE-2024-26161, CVE-2024-26166

Windows USB Print Driver

2

CVE-2024-21442, CVE-2024-21445

Windows Kernel

8

CVE-2024-21443, CVE-2024-26173, CVE-2024-26174, CVE-2024-26176, CVE-2024-26177, CVE-2024-26178, CVE-2024-26181, CVE-2024-26182

Windows NTFS

1

CVE-2024-21446

Microsoft WDAC ODBC Driver

1

CVE-2024-21451

Windows Standards-Based Storage Management Service

1

CVE-2024-26197

Windows ODBC Driver

3

CVE-2024-26159, CVE-2024-21440, CVE-2024-26162

Microsoft QUIC

1

CVE-2024-26190

Microsoft Exchange Server

1

CVE-2024-26198

Microsoft Office

1

CVE-2024-26199

Microsoft Intune

1

CVE-2024-26201

Azure Data Studio

1

CVE-2024-26203

Microsoft Django Backend for SQL Server

1

CVE-2024-26164

Open Management Infrastructure

2

CVE-2024-21330, CVE-2024-21334

Microsoft Authenticator

1

CVE-2024-21390

Microsoft Azure Kubernetes Service

1

CVE-2024-21400

Role: Windows Hyper-V

2

CVE-2024-21407, CVE-2024-21408

Microsoft Dynamics

1

CVE-2024-21419

Windows Kerberos

1

CVE-2024-21427

Windows Hypervisor-Protected Code Integrity

1

CVE-2024-21431

Windows Update Stack

1

CVE-2024-21432

Windows Print Spooler Components

1

CVE-2024-21433

Microsoft Windows SCSI Class System File

1

CVE-2024-21434

Windows OLE

1

CVE-2024-21435

Windows Installer

1

CVE-2024-21436

Microsoft Graphics Component

1

CVE-2024-21437

Microsoft Teams for Android

1

CVE-2024-21448

Windows Cloud Files Mini Filter Driver

1

CVE-2024-26160

Windows Error Reporting

1

CVE-2024-26169

Windows Composite Image File System

1

CVE-2024-26170

Windows Compressed Folder

1

CVE-2024-26185

Intel

1

CVE-2023-28746

Outlook for Android

1

CVE-2024-26204

Visual Studio Code

1

CVE-2024-26165

Microsoft Edge for Android

1

CVE-2024-26167

Microsoft Edge (Chromium-based)

3

CVE-2024-2173, CVE-2024-2174, CVE-2024-2176

 

Other Information

At the time of publication, no new advisories were included with the March Security Guidance.

 



Source link