Microsoft’s March 2024 Patch Tuesday Update

This month’s Patch Tuesday has been released with security updates for 60 vulnerabilities, including 18 remote code execution flaws. This update focuses on just two critical vulnerabilities: Hyper-V remote code execution and denial of service flaws.

Below are the counts of bugs in each vulnerability category:

• 24 Elevation of Privilege Vulnerabilities

• 3 Security Feature Bypass Vulnerabilities

• 18 Remote Code Execution Vulnerabilities

• 6 Information Disclosure Vulnerabilities

• 6 Denial of Service Vulnerabilities

• 2 Spoofing Vulnerabilities

The total tally of 60 flaws excludes the 4 Microsoft Edge flaws resolved on March 7th. There were no zero-day disclosures in this month’s Patch Tuesday update.

Highlighted Vulnerabilities

While this month's Patch Tuesday doesn't address any zero-day vulnerabilities, it does include several noteworthy flaws, detailed below:

CVE-2024-21400 - Microsoft Azure Kubernetes Service Confidential Container Elevation of Privilege Vulnerability

Microsoft has addressed a vulnerability in Azure Kubernetes Service that could potentially enable attackers to elevate privileges and pilfer credentials.

"A successful exploitation of this vulnerability could lead to the theft of credentials and impact resources beyond the security confines managed by Azure Kubernetes Service Confidential Containers (AKSCC)," says a Microsoft security advisory.

CVE-2024-26199 - Microsoft Office Privilege Elevation Vulnerability

Microsoft has addressed a vulnerability in Microsoft Office that could enable any authenticated user to attain SYSTEM privileges.

"Any authenticated user could exploit this vulnerability without requiring admin or elevated privileges," Microsoft clarifies.

CVE-2024-20671 - Microsoft Defender Security Feature Bypass Vulnerability

Microsoft has patched a vulnerability in Microsoft Defender that could be exploited by an authenticated attacker.

However, this issue will be rectified by automatic updates to the Windows Defender Antimalware Platform, which are deployed to Windows devices.

This vulnerability has been resolved in version 4.18.24010.12 of the Antimalware Platform.

CVE-2024-21411 - Skype for Consumer Remote Code Execution Vulnerability

Microsoft has addressed a remote code execution vulnerability in Skype for Consumer, which could be triggered by a malicious link or image.

The full report

For a detailed list and descriptions of each vulnerability and the systems they impact, you can refer to the complete report available here.

Latest insights and articles

We're exhibiting at the MSP Show in London on May 14th & 15th 2025.

We are looking for a candidate with excellent sales skills and an understanding of how technology can meet...

This month’s Patch Tuesday addresses a total of 134 vulnerabilities —including a zero-day vulnerability that...

The Future of Cyber Security.