Patch Tuesday Banner Image Patch Tuesday March Feature

March 15, 2024

Patch Tuesday Update - March 2024

Ti Saunders
9 min read | Security Posture

The March 2024 Patch Tuesday, released on March 12th, addressed a critical wave of security vulnerabilities across various Microsoft products. Let’s dissect this update in detail, exploring the specific threats addressed, updates for different Windows versions, and the importance of staying vigilant.

Addressing Critical Vulnerabilities:

  • 60 Patched Microsoft Flaws: This Patch Tuesday tackled a total of 60 vulnerabilities, with a strong emphasis on those classified as “Critical” or “Important” in severity. These vulnerabilities could potentially allow attackers to gain unauthorized access to systems, steal sensitive data, or disrupt critical operations. Additionally, Microsoft also re-published one Intel processor related, and three browser (Chromium) related vulnerabilities this month.
  • Hyper-V Under Attack: Two of the most critical vulnerabilities targeted Microsoft’s Hyper-V, a virtualization platform that allows users to run multiple operating systems on a single machine. These vulnerabilities, classified as CVE-2024-21407 and CVE-2024-21408, could potentially be exploited by an attacker with access to a guest virtual machine to execute malicious code on the host machine. This could lead to a complete system crash, impacting all virtual machines running on the host.
  • Microsoft Exchange RCE: CVE-2024-26198 has an 8.8 CVSS score and tracks a vulnerability where an unauthenticated attacker could place a malicious file in a directory or network location and then trick a user to open it, which can load a malicious DLL leading to remote code execution.
  • AKS Confidential Containers: Microsoft introduced confidential containers on Azure Kubernetes Service (AKS) recently, a technology leveraging the open source Kata project. One of the vulnerabilities (CVE-2024-21400) allows attackers to potentially steal credentials and access resources beyond the scope of Azure Kubernetes Service Confidential Containers (AKSCC).

Breakdown of Windows Updates:

  • Windows 11 Divergence: Microsoft offered separate updates for Windows 11 versions 21H2 and 22H2 (including the new 23H2 preview). This catered to the specific needs of each version:
    • Windows 11 21H2 (KB5035854): This update prioritized security fixes, patching the 64 vulnerabilities mentioned earlier. This ensures your system is protected against the latest exploits and malware threats.
    • Windows 11 22H2 (KB5035853): This update provided a broader scope. It not only addressed security vulnerabilities but also included quality improvements for a more stable and efficient user experience. These improvements could encompass bug fixes, performance enhancements, and driver updates.
  • Limited Support for Home/Pro (Important Note): It’s crucial to be aware that Windows 11 Home and Pro editions will only receive full security updates, including bug fixes and new threat protections, until June 26, 2024. Afterward, these editions will only get cumulative monthly security updates, potentially missing out on broader improvements and vulnerability fixes released outside the monthly cycle. Upgrading to Windows 11 Pro Plus or Enterprise Edition is recommended for users who require ongoing comprehensive security support.

Updates for Other Operating Systems:

  • Windows 10: Security updates were also available for various Windows 10 versions, ensuring continued protection for users who haven’t yet upgraded to Windows 11. However, it’s important to remember that Microsoft will eventually stop providing security updates for older Windows 10 versions. The next milestone is June 11, 2024 which marks the end of support for Windows 10 21H2. Upgrading to a supported version is vital for long-term security.
  • Windows 8.1 (End of Support Reminder): While updates were offered for Windows 8.1 in March 2024, it’s important to remember that Microsoft officially ended support for this operating system in the same month. This means Windows 8.1 users will no longer receive security updates, leaving their systems highly vulnerable to known and emerging threats. Upgrading to a supported version of Windows is essential for continued security and access to new features.
  • Windows 2008: Even though Microsoft made this update available for Windows 2008 and 2008 R2, only customers with the “Extended Security Update” subscription receive such security updates after January 10, 2023.
  • Azure Stack HCI: Updates were available for Azure Stack HCI, a hyperconverged infrastructure solution for deploying Azure services on-premises. However, Microsoft strongly advises users to upgrade to the latest version (23H2) to guarantee continued security updates. Version 22H2 will reach its end of service in May 2024, leaving un-upgraded systems vulnerable.

Taking Action for Improved Security:

Installing the March 2024 security update is paramount to safeguarding your Microsoft products from the latest security threats. Here’s a detailed action plan:

  1. Identify Your Windows Version(s): The specific update you need depends on your Windows version (e.g., Windows 11 Home 22H2, Windows 10 Pro version 21H2). Knowing your version helps you locate the appropriate update on the Microsoft website.
  2. Enable Automatic Updates: Enabling automatic updates in your system settings ensures you receive future security patches promptly. This eliminates the need to manually check for and install updates, reducing the risk window between vulnerability discovery and patching.
  3. Manual Updates (For Advanced Users): If you prefer manual updates, you can check the Microsoft Security Response Center website periodically for the latest releases. The website provides detailed information about each update, including the vulnerabilities addressed and KB numbers.

Taking Action for Improved Security (Continued):

  1. Stay Informed: Security threats are constantly evolving. Subscribing to security advisories from Microsoft can keep you informed about the latest vulnerabilities and recommended actions. The Microsoft Security Response Center website is a valuable resource for staying up-to-date on security threats and updates for Microsoft products.
  2. Consider Additional Security Measures:  While Patch Tuesday updates are crucial, they are not a silver bullet. Here are some additional security measures you can take to further protect your systems:
    • Use Strong Passwords and Multi-Factor Authentication (MFA): Strong, unique passwords for each online account and enabling MFA add significant layers of security, making it much harder for attackers to gain unauthorized access.
    • Be Wary of Phishing Attacks: Phishing emails and websites are a common tactic used by attackers to steal credentials or infect systems with malware. Be cautious of suspicious emails, don’t click on unknown links, and verify the legitimacy of websites before entering any personal information.
    • Keep Software Up-to-Date: Security updates are not limited to operating systems. Update your web browser, applications, and firmware regularly to ensure they have the latest security patches.
    • Use Endpoint Security Solution: A reputable endpoint security software such as an Endpoint Detection and Response (EDR) solution can help detect and block malicious software before it can harm your system.

Conclusion:

The March 2024 Patch Tuesday was a critical update for Microsoft users. By understanding the addressed vulnerabilities, the updates available for different operating systems, and the importance of ongoing vigilance, you can take necessary steps to safeguard your systems and data. Remember, security is an ongoing process, not a one-time fix. By implementing the recommended actions and staying informed about emerging threats, you can significantly enhance the security posture of your Microsoft products.