REDLEGG BLOG
96 Bravo Logo, Critical Security Bulletin

Patch Tuesday - March 2024

3/12/24 4:22 PM  |  by RedLegg Blog

*Important note: These are not the only vulnerabilities that were recently released; however, these are the vulnerabilities RedLegg has identified as critical and require immediate attention.

VULNERABILITIES

Open Management Infrastructure (OMI) Remote Code Execution Vulnerability

Identifier: CVE-2024-21334
Exploit or POC: No
Update: CVE-2024-21334 – Security Update Guide
Description: CVE-2024-21334 allows for remote code execution. Authentication and user interaction are not required to exploit this vulnerability. Successful exploitation could allow an adversary the ability to access the OMI instance from the Internet and send specially crafted requests to allow a use-after-free vulnerability.
Mitigation recommendation: Mitigation steps listed here: CVE-2024-21334 – Security Update Guide

 

Microsoft Azure Kubernetes Service Confidential Container Elevation of Privilege Vulnerability

Identifier: CVE-2024-21400
Exploit or POC: No
Update: CVE-2024-21400 – Security Update Guide
Description: CVE-2024-21400 allows for elevation of privileges. Authentication and user interaction are not required for successful exploitation. This vulnerability could allow an adversary to access the untrusted AKS Kubernetes node and the AKS Confidential Container to take over confidential containers and guests beyond the network stack.
Mitigation recommendation: Patching is currently the only method of mitigation. Update to the latest software versions mentioned in the CVE-2024-21400 – Security Update Guide.

 

Microsoft Exchange Server Remote Code Execution Vulnerability

Identifier: CVE-2024-26198
Exploit or POC: No
Update: CVE-2024-26198 – Security Update Guide
Description: CVE-2024-26198 allows for remote code execution. Successful exploitation of this vulnerability requires user interaction. This vulnerability could allow an unauthenticated adversary the ability to place a specially crafted file on an online directory or inside a local network and then employ social engineering techniques to convince an unwitting user to open the malicious file. Subsequently, loading the malicious DLL and initiating arbitrary code execution.
Mitigation recommendation: Patching is currently the only method of mitigation. Update to the latest software versions mentioned in the CVE-2024-26198 – Security Update Guide.

 

Skype for Consumer Remote Code Execution Vulnerability

Identifier: CVE-2024-21411
Exploit or POC: No
Update: CVE-2024-21411 – Security Update Guide
Description: CVE-2024-21411 allows for remote code execution. Successful exploitation of this vulnerability requires user interaction. This vulnerability could allow an adversary the ability to send a target user a malicious link or image and entice the user to click the link or image.
Mitigation recommendation: Patching is currently the only method of mitigation. Update to the latest software versions mentioned in the CVE-2024-21411 – Security Update Guide.

 

Microsoft ODBC Driver Remote Code Execution Vulnerability

Identifier: CVE-2024-21440, CVE-2024-21451, CVE-2024-26159,
CVE-2024-26162
Exploit or POC: No
Update: CVE-2024-21440 – Security Update GuideCVE-2024-21451 – Security Update GuideCVE-2024-26159 – Security Update GuideCVE-2024-26162 – Security Update Guide
Description: CVE-2024-21440, CVE-2024-21451, CVE-2024-26159, and CVE-2024-26162 allow for remote code execution. Authentication and user interaction are both required to successfully exploit this vulnerability. Successful exploitation could allow an adversary to employ social engineering techniques to convince an authenticated user to make a network connection to a malicious SQL database using their SQL client application. The established connection would allow the server to send specially crafted replies to the compromised client allowing for remote code execution.
Mitigation recommendation: Patching is currently the only method of mitigation. Update to the latest software versions mentioned in the CVE-2024-21440 – Security Update GuideCVE-2024-21451 – Security Update GuideCVE-2024-26159 – Security Update Guide, and CVE-2024-26162 – Security Update Guide

 

Windows OLE Remote Code Execution Vulnerability

Identifier: CVE-2024-21435
Exploit or POC: No
Update: CVE-2024-21435 – Security Update Guide
Description: CVE-2024-21435 allows for remote code execution. Authentication and user interaction are not required to successfully exploit this vulnerability. This vulnerability could allow an unauthenticated adversary the ability to place a specially crafted file on an online directory or inside a local network and then employ social engineering techniques to convince an unwitting user to open the malformed file. Subsequently, loading the malicious DLL and initiating arbitrary code execution.
Mitigation recommendation: Patching is currently the only method of mitigation. Update to the latest software versions mentioned in the CVE-2024-21435 – Security Update Guide.

 

Windows Hyper-V Remote Code Execution Vulnerability

Identifier: CVE-2024-21407
Exploit or POC: No
Update: CVE-2024-21407 – Security Update Guide
Description: CVE-2024-21407 allows for remote code execution. User interaction is not required to successfully exploit this vulnerability. Successful exploitation would allow an authenticated adversary to send specially crafted file operation requests on the VM to hardware resources on the VM.
Mitigation recommendation: Patching is currently the only method of mitigation. Update to the latest software versions mentioned in the CVE-2024-21407 – Security Update Guide.

 

Microsoft Office Elevation of Privilege Vulnerability

Identifier: CVE-2024-26199
Exploit or POC: No
Update: CVE-2024-26199 – Security Update Guide
Description: CVE-2024-26199 allows for elevation of privileges. User interaction is not required to successfully exploit this vulnerability. Successful exploitation could allow an authenticated adversary the ability to achieve SYSTEM level privileges.
Mitigation recommendation: Patching is currently the only method of mitigation. Update to the latest software versions mentioned in the  CVE-2024-26199 – Security Update Guide

Get Blog Updates

Related Articles

Emergency Security Bulletin - PAN-OS GLOBALPROTECT GATEWAY VULNERABILITY Bulletin, Vulnerability Bulletins

Emergency Security Bulletin - PAN-OS GLOBALPROTECT GATEWAY VULNERABILITY

About: RedLegg will occasionally communicate vulnerabilities released outside the usual release schedule to provide ...
Patch Tuesday - April 2024 Bulletin, Vulnerability Bulletins

Patch Tuesday - April 2024

*Important note: These are not the only vulnerabilities that were recently released; however, these are the ...
Critical Security Vulnerabilities Bulletin