Microsoft just patched a whole load of important security flaws, including
two critical issues - so update now
Date:
Wed, 13 Mar 2024 14:02:48 +0000
Description:
This month's Microsoft Patch Tuesday brings fixes for 61 vulnerabilities, including two critical ones.
FULL STORY ======================================================================
The March 2024 edition of Microsofts Patch Tuesday is upon us, fixing dozens of vulnerabilities, including two critical severity issues which could result in remote code execution (RCE) and privilege escalation.
In its advisory, Microsoft announced addressing 61 CVEs, in addition to 17 Edge flaws fixed a few weeks prior. Of those 61 vulnerabilities, two are labeled critical, 58 important, and one low. The company said the flaws were not publicly known, or under active exploitation.
However, six were flagged as exploitation more likely, probably suggesting that they are relatively easy to discover and abuse, and that it was only a matter of time before a threat actor finds them. Hyper-V flaws addressed
That being said, the two critical severity vulnerabilities are tracked as CVE-2024-21334 and CVE-2024-21400. The former has a severity score of 9.8,
and is described as an Open Management Infrastructure (OMI) Remote Code Execution Vulnerability. The latter, on the other hand, has a severity score of 9.0, and is described as an Azure Kubernetes Service Confidential
Container Elevation of Privilege Vulnerability.
Besides the two, other notable mentions include CVE-2024-21407, and CVE-2024-21408, two flaws affecting Hyper-V, and allowing threat actors not only to run RCE, but also denial-of-service (DoS) attacks.
This months Patch Tuesday also fixes a number of vulnerabilities discovered
in products from other vendors, such as Adobe, AMD, Citrix, Chrome, NVIDIA, and many others. The full list of vulnerabilities serviced this month can be found on this link .
Every second Tuesday in a month, Microsoft releases cumulative updates, addressing as many vulnerabilities as it can (aside from critical updates which are released as soon as theyre available, and are usually known as out-of-bands patches). This is a longstanding practice in the IT industry that's been picked up by many companies, including Adobe, and Oracle, and formalized in late 2003 by Microsoft. More from TechRadar Pro The first Microsoft Patch Tuesday of 2023 includes some rather important fixes Here's a list of the best firewalls around today These are the best endpoint security tools right now
======================================================================
Link to news story:
https://www.techradar.com/pro/security/microsoft-just-patched-a-whole-load-of- important-security-flaws-so-update-now
--- Mystic BBS v1.12 A47 (Linux/64)
* Origin: tqwNet Technology News (1337:1/100)