Microsoft Patch Tuesday March 2024

Summary

Microsoft has released a new patch Tuesday. This month there are a total of 60 vulnerabilities, there are 2 critical vulnerabilities marked by Microsoft and patched (CVE-2024-21407 and CVE-2024-21408).

CVE-2024-21407 (CVSS score: 8.1) – Windows Hyper-V remote code Exectuion, an authenticated attacker on a guest VM can send a crafted file operation requests on the virtual machine to the hardware resources on the virtual machine wich could result in remote code execution on the host.

CVE-2024-21408 (CVSS score 5.5) – A Denial Of Service attack can be performed on Hyper-V. The attack can only be performed locally by an attacker which therefore Microsoft deems the exploitation chance as low.

The main list of patches are:

•     24 Elevation of Privilege Vulnerabilities
•     3 Security Feature Bypass Vulnerabilities
•     18 Remote Code Execution Vulnerabilities
•     6 Information Disclosure Vulnerabilities
•     6 Denial of Service Vulnerabilities
•     2 Spoofing Vulnerabilities

More information can be found here.

Update 22/03/2024
Microsoft has released a statement regarding a LSASS memory leak after performing the updates from patch Tuesday. The issue labeled KB5035857 affects the domain controller part and affects

• Windows Server 2022
• Windows Server 2019
• Windows Server 2016
• Windows Server 2012 R2

Microsoft describes the symptom of this as follows:

“Following installation of this update, Local Security Authority Subsystem Service (LSASS) may experience a memory leak on domain controllers (DCs). This is observed when on-premises and cloud-based Active Directory Domain Controllers service Kerberos authentication requests.

Extreme memory leaks may cause LSASS to crash, which triggers an unscheduled reboot of underlying domain controllers (DCs).”

At the moment Microsoft hasn’t provided any workaround or patch for this issue. Microsoft states that they will provide an update in the coming days.