Skip to content

Microsoft’s March 2024 Patch Tuesday Update

Learn
| 1 minute read

This month’s Patch Tuesday has been released with security updates for 60 vulnerabilities, including 18 remote code execution flaws. This update focuses on just two critical vulnerabilities: Hyper-V remote code execution and denial of service flaws.

Below are the counts of bugs in each vulnerability category:

• 24 Elevation of Privilege Vulnerabilities

• 3 Security Feature Bypass Vulnerabilities

• 18 Remote Code Execution Vulnerabilities

• 6 Information Disclosure Vulnerabilities

• 6 Denial of Service Vulnerabilities

• 2 Spoofing Vulnerabilities

The total tally of 60 flaws excludes the 4 Microsoft Edge flaws resolved on March 7th. There were no zero-day disclosures in this month’s Patch Tuesday update.

Highlighted Vulnerabilities

While this month's Patch Tuesday doesn't address any zero-day vulnerabilities, it does include several noteworthy flaws, detailed below:

CVE-2024-21400 - Microsoft Azure Kubernetes Service Confidential Container Elevation of Privilege Vulnerability

Microsoft has addressed a vulnerability in Azure Kubernetes Service that could potentially enable attackers to elevate privileges and pilfer credentials.

"A successful exploitation of this vulnerability could lead to the theft of credentials and impact resources beyond the security confines managed by Azure Kubernetes Service Confidential Containers (AKSCC)," says a Microsoft security advisory.

CVE-2024-26199 - Microsoft Office Privilege Elevation Vulnerability

Microsoft has addressed a vulnerability in Microsoft Office that could enable any authenticated user to attain SYSTEM privileges.

"Any authenticated user could exploit this vulnerability without requiring admin or elevated privileges," Microsoft clarifies.

CVE-2024-20671 - Microsoft Defender Security Feature Bypass Vulnerability

Microsoft has patched a vulnerability in Microsoft Defender that could be exploited by an authenticated attacker.

However, this issue will be rectified by automatic updates to the Windows Defender Antimalware Platform, which are deployed to Windows devices.

This vulnerability has been resolved in version 4.18.24010.12 of the Antimalware Platform.

CVE-2024-21411 - Skype for Consumer Remote Code Execution Vulnerability

Microsoft has addressed a remote code execution vulnerability in Skype for Consumer, which could be triggered by a malicious link or image.

The full report

For a detailed list and descriptions of each vulnerability and the systems they impact, you can refer to the complete report available here.

Latest insights and articles

 
Blog
Learn

Vulnerability Management for Compliance: Aligning with NIST, Cyber Essentials & ISO 27001

As cyber threats evolve, businesses must protect sensitive data and maintain operational resilience.

 
Careers

Job Vacancy | Software Engineering Lead

As part of our ambitious growth plans, we are seeking an experienced Software Engineer Lead to enhance our...

 
News

Microsoft Patch Tuesday March 2025

This month’s Patch Tuesday brings critical updates to address 57 vulnerabilities, including seven zero-days...

The Future of Cyber Security.

Contact us