Get all your news in one place.
100’s of premium titles.
One app.
Start reading
TechRadar
TechRadar
Sead Fadilpašić

Microsoft just patched a whole load of important security flaws, including two critical issues - so update now

Fingertip pressing keyboard key with Windows logo on it.

The March 2024 edition of Microsoft’s Patch Tuesday is upon us, fixing dozens of vulnerabilities, including two critical severity issues which could result in remote code execution (RCE) and privilege escalation.

In its advisory, Microsoft announced addressing 61 CVEs, in addition to 17 Edge flaws fixed a few weeks prior. Of those 61 vulnerabilities, two are labeled critical, 58 important, and one low. The company said the flaws were not publicly known, or under active exploitation. 

However, six were flagged as “exploitation more likely”, probably suggesting that they are relatively easy to discover and abuse, and that it was only a matter of time before a threat actor finds them.

Hyper-V flaws addressed

That being said, the two critical severity vulnerabilities are tracked as CVE-2024-21334 and CVE-2024-21400. The former has a severity score of 9.8, and is described as an Open Management Infrastructure (OMI) Remote Code Execution Vulnerability. The latter, on the other hand, has a severity score of 9.0, and is described as an Azure Kubernetes Service Confidential Container Elevation of Privilege Vulnerability.

Besides the two, other notable mentions include CVE-2024-21407, and CVE-2024-21408, two flaws affecting Hyper-V, and allowing threat actors not only to run RCE, but also denial-of-service (DoS) attacks. 

This month’s Patch Tuesday also fixes a number of vulnerabilities discovered in products from other vendors, such as Adobe, AMD, Citrix, Chrome, NVIDIA, and many others. The full list of vulnerabilities serviced this month can be found on this link

Every second Tuesday in a month, Microsoft releases cumulative updates, addressing as many vulnerabilities as it can (aside from critical updates which are released as soon as they’re available, and are usually known as out-of-bands patches). This is a longstanding practice in the IT industry that's been picked up by many companies, including Adobe, and Oracle, and formalized in late 2003 by Microsoft.

More from TechRadar Pro

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
One subscription that gives you access to news from hundreds of sites
Already a member? Sign in here
Our Picks
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.