Microsoft regularly releases an anticipated batch of security patches and updates for various products and services on every second Tuesday of the month. And keep this tradition today Microsoft addresses 61 security bugs in its March 2024 Patch Tuesday update. Two vulnerabilities fixed today were classified as Critical as they enable attackers to achieve remote code execution, privilege elevation, or spoofing, and 59 are rated Important or moderate in severity.
Two Critical Severity Vulnerabilities:
- CVE-2024-21407 (CVSS score: 8.1) – Windows Hyper-V Remote Code Execution Vulnerability
- CVE-2024-21408 (CVSS score: 5.5) – Windows Hyper-V Denial of Service Vulnerability
Microsoft addresses 61 CVEs in its March 2024 Patch Tuesday update including Two rated as critical.
Microsoft Patch Tuesday for March 2024
March 2024 Microsoft Patch Tuesday, various products and components received updates to address vulnerabilities. These include Microsoft Office, .NET frameworks, Azure services, and more. The updates address issues like Denial of Service, Elevation of Privilege, Remote Code Execution, and more, contributing to a more secure software environment.
- 24 Elevation of privilege (EoP) bugs, (Important 24)
- 18 Remote code execution (RCE) vulnerabilities, (Important 17 Critical 1)
- 6 Information disclosure bugs, (important 6)
- 6 denial of service bugs, (Important 5, Critical 1)
- 2 spoofing Vulnerability (Important 2)
- 3 Security Feature Bypass Vulnerability (Important 3)
Two Critical vulnerabilities addressed
CVE-2024-21407 Windows Hyper-V Remote Code Execution Vulnerability:
- Severity and Base Score: The severity of this vulnerability is marked as critical by Microsoft, with a base score of 8.1 according to the Common Vulnerability Scoring System (CVSS) 3.1.
- Description of Vulnerability: This vulnerability requires an authenticated attacker on a guest virtual machine (VM) to send specially crafted file operation requests to hardware resources on the VM. If successful, this could lead to remote code execution on the host server.
- Exploitation Status: As of now, there have been no reports of this vulnerability being publicly disclosed or actively exploited.
CVE-2024-21408 Windows Hyper-V Denial of Service Vulnerability:
- Severity and Base Score: Microsoft also rates this vulnerability as critical, although its CVSS 3.1 base score is 5.5, which is lower than the previous vulnerability.
- Description of Vulnerability: Details about this vulnerability are not extensively provided. However, Microsoft’s exploitability assessment suggests that it is less likely to be exploited.
- Exploitation Status: There is no indication at the moment of this vulnerability being publicly disclosed or actively exploited.
Both vulnerabilities are critical according to Microsoft, but they differ in their nature and potential impact. The first vulnerability allows for remote code execution on the host server and has a higher base score, while the second vulnerability involves denial of service and is considered less likely to be exploited according to Microsoft’s assessment.
Windows security updates
In addition to the security fixes, Microsoft has also published an update for the Windows Update service to improve its reliability and performance.
- KB5035853 for Windows 11 version 23H2 (OS build 22631.3296) and 22H2 (OS Build 22621.3296)
- KB5035854 for Windows 11 version 21H1 (OS Build 22000.2836)
- KB5035845 for windows 10 version 22H2 (OS build 19045.4170)
- KB5035849 for Windows 10 version 1809 (OS Build 17763.5576)
- KB5035855 for Windows 10 version 1607 (OS Build 14393.6796)
Windows 11 KB5035853 and Windows 10 KB5035845 address the following vulnerabilities.
- Windows Hyper-V Remote Code Execution Vulnerability New — CVE-2024-21407
- Windows Hyper-V Denial of Service Vulnerability New — CVE-2024-21408
Windows 10 KB5035845 Adds third-party share functionality in Windows Share. Includes improvements such as retaining game installations on secondary drives and the removal of the unsupported Windows Backup app from the UI. Also addresses a range of issues to enhance the overall performance and usability of Windows 10. Some notable fixes include resolving delays in Azure Virtual Desktop sessions, preventing random restarts of virtual machines, and addressing Windows Hello for Business authentication errors
Windows 11 KB5035853 includes crucial security fixes to safeguard users against potential threats and vulnerabilities. Added Support for USB 80Gbps, doubling the bandwidth of USB 40Gbps. It addresses various issues such as Notepad opening issues for standard users, enables opening 8 Zip archives in File Explorer, resolves Azure Virtual Desktop random restarts and stop errors, corrects Microsoft Edge UI issues and more
In addition to this Windows 11 KB5035853 brings Moment 5 feature on devices enabled “Get the latest updates as soon as they’re available”, toggle on Windows update settings.
Windows 7 and Windows 8.1 reached the End of support from Microsoft, which means the company no longer provides frequent updates or security patches for these operating systems. For more information please visit the Microsoft lifecycle page at https://learn.microsoft.com/en-us/lifecycle/end-of-support/end-of-support-2023
Download the Windows 10 update
All these security updates are automatically downloaded and installed via Windows update. Or you can force Windows update from settings, update & security check for updates to install March 2024 patch updates immediately on your device.
If you are Looking for Windows 10 22H2 Update ISO image click here Or check How to Upgrade to Windows 10 version 22H2 Using the media creation tool.
If you face any difficulty while installing these updates, Check the Windows 10 Update troubleshooting guide to fix the Windows 10 Cumulative update stuck downloading, failed to install with different errors, etc.
What time do Patch Tuesday patches come out?
- Microsoft schedules the release of security updates on “Patch Tuesday,” the second Tuesday of each month at 10:00 AM PST.
Is Patch Tuesday weekly or monthly?
- Patch Tuesday falls on the second Tuesday of each month. The upcoming Patch Tuesday is on April 9, 2024.
Why did the second Tuesday of every month called Patch Tuesday?
- The second Tuesday of the month is referred to as “Patch Tuesday” because Microsoft attempts to combine the largest updates into this maintenance window.
What is the latest update for Windows 11 March 2024?
- The latest Windows 11 KB5035853 for version 22H2 and 23H2 and KB5035845 for Windows 10 version 22H/21H2.
What is the zero-day patch?
- The term “Zero-Day” is used when security teams are unaware of their software vulnerability, and they’ve had “0” days to work on a security patch or an update to fix the issue.
Also read:
- How to Setup And Configure an FTP Server on Windows 10 step by step Guide
- Fix the “Critical Process Died” Stop Code 0x000000EF in Windows 10
- How to fix Laptop Touch screen not working on Windows 10
- Fix System Idle Process high CPU usage on Windows 10
- iTunes Not Working on Windows 10? Here 5 Different iTunes problems and solutions