60 security holes closed as part of the next Patch Tuesday

[Teacher]

Microsoft has tried to keep hackers out of your systems. Will you be updated?

As part of a monthly security update known as Patch Tuesday, Microsoft released patches for 60 vulnerabilities, including 18 remote code execution vulnerabilities. Special attention was also paid to fixing two critical bugs related to remote code execution and denial of service in Hyper-V.

The number of patched vulnerabilities in each category is listed below

• 24 privilege escalation vulnerabilities;
• 3 security bypass vulnerabilities;
• 18 remote code execution vulnerabilities;
• 6 disclosure vulnerabilities;
• 6 denial of service vulnerabilities;
• 2 data spoofing vulnerabilities.

Note that this time the company did not report on the elimination of zero-day vulnerabilities. In addition, the fix does not include 4 vulnerabilities in Microsoft Edge that were fixed earlier, on March 7.

However, from the general list of vulnerabilities, it is worth highlighting the following:

• CVE-2024-21400: a vulnerability in the Azure Kubernetes Service that allows attackers to increase their privileges and steal credentials.
• CVE-2024-26199: a vulnerability in Microsoft Office that allows any authenticated user to gain SYSTEM privileges.
• CVE-2024-20671: a vulnerability in Microsoft Defender that allows you to bypass the security feature and prevent Defender from launching.
• CVE-2024-21411: a vulnerability in Skype for Consumer that allows remote code execution via a fraudulent link or image.

In addition to Microsoft, other major vendors, including AnyCubic, Apple, Cisco, Fortinet, Google, Intel, QNAP, SAP, and VMware, also released security updates in March 2024, fixing a variety of vulnerabilities, from zero-day to critical.

In the meantime, a full list of fixed vulnerabilities and their descriptions can be found on this page.