Microsoft’s February 2024 Patch Tuesday Addresses 2 Zero-Days and 73 Vulnerabilities
2024-3-14 01:13:45 Author: securityboulevard.com(查看原文) 阅读量:8 收藏

Microsoft’s Patch Tuesday for March 2024 has once again highlighted the importance of regular updates in maintaining the security of digital environments. This month, Microsoft addressed a significant number of vulnerabilities, including two critical flaws that demand immediate attention. Read on to learn more.  

What are the zero-days mentioned in Microsoft’s February 2024 Patch Tuesday?  

Microsoft’s latest Patch Tuesday saw the release of updates aimed at fixing 60 vulnerabilities – including two critical flaws – across a variety of products. These updates cover a range of issues, notably 18 remote code execution (RCE) vulnerabilities, but do not address any zero-day vulnerabilities. Critical vulnerabilities that were fixed include a Hyper-V remote code execution and a denial-of-service flaw. Other categories of fixed vulnerabilities include elevation of privilege, security feature bypass, information disclosure, denial of service and spoofing. It’s important to note that Microsoft also patched four flaws in Microsoft Edge earlier in March. 

Among the key vulnerabilities patched include:

  • CVE-2024-21407: Hyper-V Remote Code Execution vulnerability. 
  • CVE-2024-21708: Hyper-V Denial of Service vulnerability. 
  • CVE-2024-21400: An elevation of privilege flaw in Microsoft Azure Kubernetes Service, allowing attackers to steal credentials. 
  • CVE-2024-26199: A Microsoft Office vulnerability enabling authenticated users to gain SYSTEM privileges. 
  • CVE-2024-20671: A security feature bypass in Microsoft Defender that could prevent the antivirus from starting. 
  • CVE-2024-21411: A Skype for Consumer RCE vulnerability that could be exploited through malicious links or images. 

What is Nuspire doing? 

In response to these updates, Nuspire has taken immediate action by applying the patches as recommended by the vendor. In addition to patching, Nuspire’s security team is actively threat hunting within client environments to detect any signs of compromise that might indicate the exploitation of these vulnerabilities. 

What should I do? 

For individuals and organizations using Microsoft products, it is crucial to apply these updates as soon as possible. Delaying the installation of these patches could leave systems vulnerable to exploitation by cybercriminals. Here are some steps to ensure your systems are protected: 

  • Apply Patch Tuesday Updates: Ensure all Microsoft software is updated with the March 2024 patches to mitigate the vulnerabilities addressed. 
  • Stay Informed: Keep abreast of any additional updates or advisories from Microsoft regarding new vulnerabilities or patches. 
  • Leverage Expertise: Consider partnering with a managed security service provider like Nuspire to streamline your patch management process and enhance your overall cybersecurity posture. 

Microsoft’s March 2024 Patch Tuesday serves as a critical reminder of the importance of regular software updates in safeguarding digital assets. By addressing vulnerabilities promptly and leveraging the expertise of cybersecurity professionals, individuals and organizations can significantly reduce their risk of falling victim to cyber threats. As cybercriminals continue to evolve their tactics, staying vigilant and proactive in applying security updates is more important than ever.

The post Microsoft’s February 2024 Patch Tuesday Addresses 2 Zero-Days and 73 Vulnerabilities appeared first on Nuspire.

*** This is a Security Bloggers Network syndicated blog from Nuspire authored by Team Nuspire. Read the original post at: https://www.nuspire.com/blog/microsofts-february-2024-patch-tuesday-addresses-2-zero-days-and-73-vulnerabilities-2/


文章来源: https://securityboulevard.com/2024/03/microsofts-february-2024-patch-tuesday-addresses-2-zero-days-and-73-vulnerabilities-2/
如有侵权请联系:admin#unsafe.sh