Microsoft’s March 2024 security updates fix over 60 vulnerabilities

Microsoft’s March 2024 security updates fix over 60 vulnerabilities

Microsoft has issued its monthly batch of security updates designed to address more than 60 vulnerabilities across the company’s products.

While this month’s Patch Tuesday release doesn’t cover any actively exploited bugs, it contains fixes for a number of high-risk flaws that could lead to remote code execution or privilege escalation.

The list of the most noteworthy issues includes:

CVE-2024-21407 - Microsoft Windows Hyper-V remote code execution vulnerability.

The vulnerability exists due to insufficient validation of user-supplied input in Windows Hyper-V. A remote attacker can send specially crafted file operation requests and execute arbitrary code on the target system. The flaw affects Windows versions 10 - 11 23H2, Windows Server versions 2012 - 2022 23H2.

CVE-2024-21400 - Microsoft Azure Kubernetes Service Confidential Container elevation of privilege vulnerability.

The vulnerability exists due to the application does not properly impose security restrictions in the Microsoft Azure Kubernetes Service Confidential Container, which leads to security restriction bypass and privilege escalation. All versions of Azure Kubernetes Service Confidential Container are impacted.

CVE-2024-21390 - Microsoft Authenticator privilege escalation vulnerability.

The vulnerability exists due to the application does not properly impose security restrictions in the Microsoft Authenticator, which leads to security restrictions bypass and privilege escalation. The bug affects all versions of Microsoft Authenticator.

CVE-2024-21411 - Skype for Consumer remote code execution vulnerability.

The vulnerability exists due to insufficient validation of user-supplied input in Skype for Consumer. A remote attacker can trick a victim to click the specially crafted link or image and execute arbitrary code on the target system. All versions of Skype for Consumer are impacted.

Besides the above mentioned, Microsoft patched a slew of high-severity security issues affecting Microsoft Windows OLE, Microsoft Open Management Infrastructure (OMI), Microsoft WDAC OLE DB provider for SQL Server, Microsoft SharePoint Server, Microsoft ODBC Driver, Microsoft Exchange Server.

Back to the list

Latest Posts

Russia-linked Coldriver hackers deploy new espionage malware in targeted attacks

Russia-linked Coldriver hackers deploy new espionage malware in targeted attacks

LOSTKEYS is designed to steal sensitive files, harvest system information, and exfiltrate details about running processes.
8 May 2025
Russia-aligned operation manipulates audio and images to impersonate experts

Russia-aligned operation manipulates audio and images to impersonate experts

The operation primarily focused on undermining NATO support for Ukraine and spreading false narratives to disrupt domestic politics in EU member states.
7 May 2025
Global network of DDoS-for-hire services dismantled in international police op

Global network of DDoS-for-hire services dismantled in international police op

The suspects are believed to have administered six now-defunct websites, which operated as stresser or booter services.
7 May 2025
Popular Posts
Featured vulnerabilities
IBM Maximo Application Suite - IoT Component update for Netty
Medium Patched | 09 May, 2025
IBM Maximo Application Suite update for Python CPython
Medium Patched | 09 May, 2025
IBM Cloud Pak for Data System 1.0 update for Psf Requests
Low Patched | 09 May, 2025
IBM App Connect Enterprise Certified Container update for jsonpath-plus
Сritical Patched | 09 May, 2025
Password in Configuration File in IBM Sterling Partner Engagement Manager
High Patched | 08 May, 2025