VERT Threat Alert: March 2024 Patch Tuesday Analysis
Today’s VERT Alert addresses Microsoft’s March 2024 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1097 as soon as coverage is completed.
In-The-Wild & Disclosed CVEs
There were no in-the-wild or disclosed CVEs included in the March Patch Tuesday release.
CVE Breakdown by Tag
While historical Microsoft Security Bulletin groupings are gone, Microsoft vulnerabilities are tagged with an identifier. This list provides a breakdown of the CVEs on a per-tag basis. Vulnerabilities are also color-coded to aid in identifying key issues.
- Traditional Software
- Mobile Software
- Cloud or Cloud Adjacent
- Vulnerabilities that are being exploited or that have been disclosed will be highlighted.
Tag |
CVE Count |
CVEs |
Windows Defender |
1 |
CVE-2024-20671 |
.NET |
1 |
CVE-2024-21392 |
Skype for Consumer |
1 |
CVE-2024-21411 |
Software for Open Networking in the Cloud (SONiC) |
1 |
CVE-2024-21418 |
Azure SDK |
1 |
CVE-2024-21421 |
Microsoft Office SharePoint |
1 |
CVE-2024-21426 |
Windows USB Hub Driver |
1 |
CVE-2024-21429 |
Windows USB Serial Driver |
1 |
CVE-2024-21430 |
Windows AllJoyn API |
1 |
CVE-2024-21438 |
Windows Telephony Server |
1 |
CVE-2024-21439 |
Microsoft WDAC OLE DB provider for SQL |
5 |
CVE-2024-21441, CVE-2024-21444, CVE-2024-21450, CVE-2024-26161, CVE-2024-26166 |
Windows USB Print Driver |
2 |
CVE-2024-21442, CVE-2024-21445 |
Windows Kernel |
8 |
CVE-2024-21443, CVE-2024-26173, CVE-2024-26174, CVE-2024-26176, CVE-2024-26177, CVE-2024-26178, CVE-2024-26181, CVE-2024-26182 |
Windows NTFS |
1 |
CVE-2024-21446 |
Microsoft WDAC ODBC Driver |
1 |
CVE-2024-21451 |
Windows Standards-Based Storage Management Service |
1 |
CVE-2024-26197 |
Windows ODBC Driver |
3 |
CVE-2024-26159, CVE-2024-21440, CVE-2024-26162 |
Microsoft QUIC |
1 |
CVE-2024-26190 |
Microsoft Exchange Server |
1 |
CVE-2024-26198 |
Microsoft Office |
1 |
CVE-2024-26199 |
Microsoft Intune |
1 |
CVE-2024-26201 |
Azure Data Studio |
1 |
CVE-2024-26203 |
Microsoft Django Backend for SQL Server |
1 |
CVE-2024-26164 |
Open Management Infrastructure |
2 |
CVE-2024-21330, CVE-2024-21334 |
Microsoft Authenticator |
1 |
CVE-2024-21390 |
Microsoft Azure Kubernetes Service |
1 |
CVE-2024-21400 |
Role: Windows Hyper-V |
2 |
CVE-2024-21407, CVE-2024-21408 |
Microsoft Dynamics |
1 |
CVE-2024-21419 |
Windows Kerberos |
1 |
CVE-2024-21427 |
Windows Hypervisor-Protected Code Integrity |
1 |
CVE-2024-21431 |
Windows Update Stack |
1 |
CVE-2024-21432 |
Windows Print Spooler Components |
1 |
CVE-2024-21433 |
Microsoft Windows SCSI Class System File |
1 |
CVE-2024-21434 |
Windows OLE |
1 |
CVE-2024-21435 |
Windows Installer |
1 |
CVE-2024-21436 |
Microsoft Graphics Component |
1 |
CVE-2024-21437 |
Microsoft Teams for Android |
1 |
CVE-2024-21448 |
Windows Cloud Files Mini Filter Driver |
1 |
CVE-2024-26160 |
Windows Error Reporting |
1 |
CVE-2024-26169 |
Windows Composite Image File System |
1 |
CVE-2024-26170 |
Windows Compressed Folder |
1 |
CVE-2024-26185 |
Intel |
1 |
CVE-2023-28746 |
Outlook for Android |
1 |
CVE-2024-26204 |
Visual Studio Code |
1 |
CVE-2024-26165 |
Microsoft Edge for Android |
1 |
CVE-2024-26167 |
Microsoft Edge (Chromium-based) |
3 |
CVE-2024-2173, CVE-2024-2174, CVE-2024-2176 |
Other Information
At the time of publication, no new advisories were included with the March Security Guidance.