CYBER SYRUP
Delivering the sweetest insights on cybersecurity.

Microsoft Patches 61 Vulnerabilities

Microsoft released its monthly security update on Tuesday, addressing 61 different security flaws across its software. This includes two critical issues impacting Windows Hyper-V that could lead to denial-of-service (DoS) and remote code execution.

Of the 61 vulnerabilities, two are rated Critical, 58 are rated Important, and one is rated Low in severity. While none of the flaws are listed as publicly known or under active attack at the time of release, six of them have been tagged with an "Exploitation More Likely" assessment.

These fixes come in addition to 17 security flaws patched in the company's Chromium-based Edge browser since the February 2024 Patch Tuesday updates.

Topping the list of critical shortcomings are CVE-2024-21407 and CVE-2024-21408, affecting Hyper-V, which could result in remote code execution and a DoS condition, respectively.

Microsoft's update also addresses privilege escalation flaws in the Azure Kubernetes Service Confidential Container, Windows Composite Image File System, and Authenticator.

Another notable vulnerability is a privilege escalation bug in the Print Spooler component that could permit an attacker to obtain SYSTEM privileges, albeit upon winning a race condition.

The update also plugs a remote code execution flaw in Exchange Server that an unauthenticated threat actor could abuse.

Microsoft's March 2024 security update addresses critical vulnerabilities across its software ecosystem, emphasizing the importance of promptly applying patches to ensure system security.