MS Family March 2024 Routine Security Update Advisory

Overview

 

Microsoft(https://www.microsoft.com) has released a security update that fixes vulnerabilities in products it has supplied. users of affected products are advised to update to the latest version.

 

Affected Products

 

 

Apps family

Intune Company Portal for Android

Microsoft Authenticator

Microsoft Outlook for Android

Skype for Consumer

 

Azure Family

Azure Automation

Azure Automation Update Management

Azure Data Studio

Azure Kubernetes Service Confidential Containers

Azure SDK

Azure Security Center

Azure Sentinel

Container Monitoring Solution

Log Analytics Agent

Open Management Infrastructure

Operations Management Suite Agent for Linux (OMS)

Software for Open Networking in the Cloud (SONiC) 201811

Software for Open Networking in the Cloud (SONiC) 201911

Software for Open Networking in the Cloud (SONiC) 202012

Software for Open Networking in the Cloud (SONiC) 202205

 

Developer Tools Suite

.NET 7.0

.NET 8.0

Microsoft Visual Studio 2022 version 17.4

Microsoft Visual Studio 2022 version 17.6

Microsoft Visual Studio 2022 version 17.8

Microsoft Visual Studio 2022 version 17.9

Visual Studio Code

 

ESU Family

Windows Server 2008 R2 for x64-based Systems Service Pack 1

Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)

Windows Server 2008 for 32-bit Systems Service Pack 2

Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)

Windows Server 2008 for x64-based Systems Service Pack 2

Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)

Windows Server 2012

Windows Server 2012 (Server Core installation)

Windows Server 2012 R2

Windows Server 2012 R2 (Server Core installation)

 

Exchange Server Family

Microsoft Exchange Server 2016 Cumulative Update 23

Microsoft Exchange Server 2019 Cumulative Update 13

Microsoft Exchange Server 2019 Cumulative Update 14

 

Microsoft Dynamics Suite

Microsoft Dynamics 365 (on-premises) version 9.1

 

Microsoft Office Suite

Microsoft 365 Apps for Enterprise for 64-bit Systems

Microsoft SharePoint Enterprise Server 2016

Microsoft SharePoint Server 2019

Microsoft SharePoint Server Subscription Edition

Microsoft Teams for Android

 

SQL Server 系列

SQL Server backend for Django

 

System Center Suite

System Center Operations Manager (SCOM) 2019

System Center Operations Manager (SCOM) 2022

Windows Defender Antimalware Platform

 

Windows 系列

Windows 10 Version 1607 for 32-bit Systems

Windows 10 Version 1607 for x64-based Systems

Windows 10 Version 1809 for 32-bit Systems

Windows 10 Version 1809 for ARM64-based Systems

Windows 10 Version 1809 for x64-based Systems

Windows 10 Version 21H2 for 32-bit Systems

Windows 10 Version 21H2 for ARM64-based Systems

Windows 10 Version 21H2 for x64-based Systems

Windows 10 Version 22H2 for 32-bit Systems

Windows 10 Version 22H2 for ARM64-based Systems

Windows 10 Version 22H2 for x64-based Systems

Windows 10 for 32-bit Systems

Windows 10 for x64-based Systems

Windows 11 Version 22H2 for ARM64-based Systems

Windows 11 Version 22H2 for x64-based Systems

Windows 11 Version 23H2 for ARM64-based Systems

Windows 11 Version 23H2 for x64-based Systems

Windows 11 version 21H2 for ARM64-based Systems

Windows 11 version 21H2 for x64-based Systems

Windows Server 2016

Windows Server 2016 (Server Core installation)

Windows Server 2019

Windows Server 2019 (Server Core installation)

Windows Server 2022

Windows Server 2022 (Server Core installation)

Windows Server 2022, 23H2 Edition (Server Core installation)

 

Resolved Vulnerabilities

 

2 vulnerabilities rated Critical and 58 vulnerabilities rated Important were found.

 

Apps family

Critical elevation of privilege vulnerability in Microsoft Authenticator (CVE-2024-21390)

Critical elevation of privilege vulnerability in Microsoft Intune (CVE-2024-26201)

Critical information disclosure vulnerability in Outlook for Android (CVE-2024-26204)

Critical remote code execution vulnerability in Skype for Consumer (CVE-2024-21411)

 

Azure family of products

Critical elevation of privilege vulnerability in Azure Data Studio (CVE-2024-26203)

Critical spoofing vulnerability in Azure SDK (CVE-2024-21421)

Critical elevation of privilege vulnerability in Microsoft Azure Kubernetes Service (CVE-2024-21400)

Critical elevation of privilege vulnerability in Software for Open Networking in the Cloud (SONiC) (CVE-2024-21418)

 

Developer Tools Suite

Critical Denial of Service Vulnerability in .NET (CVE-2024-21392)

Critical denial of service vulnerability in Microsoft QUIC (CVE-2024-26190)

Critical elevation of privilege vulnerability in Visual Studio Code (CVE-2024-26165)

 

Exchange Server Suite

Critical remote code execution vulnerability in Microsoft Exchange Server (CVE-2024-26198)

 

Microsoft Dynamics Suite

Critical spoofing vulnerability in Microsoft Dynamics (CVE-2024-21419)

 

Microsoft Office Suite

Critical remote code execution vulnerability in Microsoft Office SharePoint (CVE-2024-21426)

Critical elevation of privilege vulnerability in Microsoft Office (CVE-2024-26199)

Critical information disclosure vulnerability in Microsoft Teams for Android (CVE-2024-21448)

 

SQL Server Family

Critical remote code execution vulnerability in Microsoft Django Backend for SQL Server (CVE-2024-26164)

 

System Center Family

Critical elevation of privilege vulnerability in Open Management Infrastructure (CVE-2024-21330)

Critical remote code execution vulnerability in Open Management Infrastructure (CVE-2024-21334)

Critical security feature bypass vulnerability in Windows Defender (CVE-2024-20671)

 

Windows Family

Critical information disclosure vulnerability in Intel (CVE-2023-28746)

Critical elevation of privilege vulnerability in Microsoft Graphics Component (CVE-2024-21437)

Critical remote code execution vulnerability in the Microsoft WDAC ODBC Driver (CVE-2024-21451)

Critical remote code execution vulnerabilities in Microsoft WDAC OLE DB provider for SQL (CVE-2024-21441, CVE-2024-21444, CVE-2024-21450, CVE-2024-26161, CVE-2024-26166)

Critical elevation of privilege vulnerability in Microsoft Windows SCSI Class System File (CVE-2024-21434)

Role: Urgent-grade Denial of Service Vulnerability in Windows Hyper-V (CVE-2024-21408)

Role: Urgent Critical Remote Code Execution Vulnerability in Windows Hyper-V (CVE-2024-21407)

Critical-grade denial-of-service vulnerability in the Windows AllJoyn API (CVE-2024-21438)

Critical information disclosure vulnerability in the Windows Cloud Files Mini Filter Driver (CVE-2024-26160)

Critical elevation of privilege vulnerability in Windows Composite Image File System (CVE-2024-26170)

Critical Tampering Vulnerability in Windows Compressed Folder (CVE-2024-26185)

Critical elevation of privilege vulnerability in Windows Error Reporting (CVE-2024-26169)

Critical security feature bypass vulnerability in Windows Hypervisor-Protected Code Integrity (CVE-2024-21431)

Critical elevation of privilege vulnerability in Windows Installer (CVE-2024-21436)

Critical security feature bypass vulnerability in Windows Kerberos (CVE-2024-21427)

Critical elevation of privilege vulnerabilities in Windows Kernel (CVE-2024-21443, CVE-2024-26173, CVE-2024-26176, CVE-2024-26178, CVE-2024-26182)

Critical-grade denial-of-service vulnerability in the Windows Kernel (CVE-2024-26181)

Critical information disclosure vulnerabilities in Windows Kernel (CVE-2024-26174, CVE-2024-26177)

Critical elevation of privilege vulnerability in Windows NTFS (CVE-2024-21446)

Critical remote code execution vulnerabilities in Windows ODBC Driver (CVE-2024-26159, CVE-2024-21440, CVE-2024-26162)

Critical remote code execution vulnerability in Windows OLE (CVE-2024-21435)

Critical elevation of privilege vulnerability in Windows Print Spooler Components (CVE-2024-21433)

Critical denial of service vulnerability in Windows Standards-Based Storage Management Service (CVE-2024-26197)

Critical elevation of privilege vulnerability in Windows Telephony Server (CVE-2024-21439)

Critical remote code execution vulnerability in the Windows USB Hub Driver (CVE-2024-21429)

Critical elevation of privilege vulnerability in the Windows USB Print Driver (CVE-2024-21442, CVE-2024-21445)

Critical remote code execution vulnerability in the Windows USB Serial Driver (CVE-2024-21430)

Critical elevation of privilege vulnerability in the Windows Update Stack (CVE-2024-21432)

 

Vulnerability Patches

 

The March 12, 2024 Update provided the following product-specific vulnerability patches Please use the Windows Update feature for automatic installation or refer to the URLs in the product information below to download and install.

.NET 7.0 versions

https://dotnet.microsoft.com/en-us/download/dotnet/7.0

.NET 8.0 versions

https://dotnet.microsoft.com/en-us/download/dotnet/8.0

Azure Automation version

Azure Automation Update Management version

Azure Data Studio version

Azure Kubernetes Service Confidential Containers version

Azure SDK version

Azure Security Center version

Azure Sentinel version

Container Monitoring Solution version

Intune Company Portal for Android version

Log Analytics Agent version

https://msrc.microsoft.com/update-guide/

Microsoft 365 Apps for Enterprise version

https://msrc.microsoft.com/update-guide/

Microsoft Authenticator version

https://msrc.microsoft.com/update-guide/

Microsoft Dynamics 365 (on-premises) version 9.1 version

https://www.microsoft.com/download/details.aspx?familyid=874932d3-755c-4667-be9e-f7bc847eb8e9

Microsoft Exchange Server 2016 Cumulative Update 23 version

https://www.microsoft.com/download/details.aspx?familyid=348cb3fe-a4fb-45aa-b6d0-51b72e1712b1

Microsoft Exchange Server 2019 Cumulative Update 13 version

https://www.microsoft.com/download/details.aspx?familyid=4f2f59b7-96f6-4d6d-bda0-7954871c1c1c

Microsoft Exchange Server 2019 Cumulative Update 14 version

https://www.microsoft.com/download/details.aspx?familyid=f0a4b6f8-fabe-4d45-bff1-af8be4743181

Microsoft Outlook for Android version

https://msrc.microsoft.com/update-guide/

Microsoft SharePoint Enterprise Server 2016 version

https://www.microsoft.com/download/details.aspx?familyid=332a33f5-8d03-4ca9-b652-5828321d4a94

Microsoft SharePoint Server 2019 version

https://www.microsoft.com/download/details.aspx?familyid=2d65c041-a750-42d6-8af0-1fa765aa4a3f

Microsoft SharePoint Server Subscription Edition version

https://www.microsoft.com/download/details.aspx?familyid=6215f691-2621-421f-a643-760e222f37b0

Microsoft Teams for Android version

Microsoft Visual Studio 2022 version 17.4 version

Microsoft Visual Studio 2022 version 17.6

Microsoft Visual Studio 2022 version 17.8

Microsoft Visual Studio 2022 version 17.9

Open Management Infrastructure version

Operations Management Suite Agent for Linux (OMS) version

SQL Server backend for Django version

Skype for Consumer version

Software for Open Networking in the Cloud (SONiC) 201811 version

Software for Open Networking in the Cloud (SONiC) 201911 version

Software for Open Networking in the Cloud (SONiC) 202012 version

Software for Open Networking in the Cloud (SONiC) 202205 version

System Center Operations Manager (SCOM) 2019 version

System Center Operations Manager (SCOM) 2022 version

Visual Studio Code version

https://msrc.microsoft.com/update-guide/

Windows 10 version

https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035858

Windows 10 Version 1607 Version

https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035855

Windows 10 Version 1809

https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035849

Windows 10 Version 21H2

Windows 10 Version 22H2

https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035845

Windows 11 Version 22H2

Windows 11 Version 23H2

https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035853

Windows 11 Version 21H2

https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035854

Windows Defender Antimalware Platform version

https://msrc.microsoft.com/update-guide/

Windows Server 2008 R2 Service Pack 1 version

https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035888

https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035919

Windows Server 2008 Service Pack 2 version

https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035920

https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035933

Windows Server 2012 editions

https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035930

Windows Server 2012 R2 editions

https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035885

Windows Server 2016 editions

https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035855

Windows Server 2019 editions

https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035849

Windows Server 2022 editions

https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035857

https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035959

Windows Server 2022, 23H2 Edition version

https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5035856