www.darkreading.com Open in urlscan Pro
2606:4700::6812:6f2f  Public Scan

Form analysis
0 forms found in the DOM

Text Content

Dark Reading is part of the Informa Tech Division of Informa PLC
Informa PLC|ABOUT US|INVESTOR RELATIONS|TALENT
This site is operated by a business or businesses owned by Informa PLC and all
copyright resides with them. Informa PLC's registered office is 5 Howick Place,
London SW1P 1WG. Registered in England and Wales and Scotlan. Number 8860726.

Black Hat NewsOmdia Cybersecurity

Newsletter Sign-Up

Newsletter Sign-Up

Cybersecurity Topics

RELATED TOPICS

 * Application Security
 * Cybersecurity Careers
 * Cloud Security
 * Cyber Risk
 * Cyberattacks & Data Breaches
 * Cybersecurity Analytics
 * Cybersecurity Operations
 * Data Privacy
 * Endpoint Security
 * ICS/OT Security

 * Identity & Access Mgmt Security
 * Insider Threats
 * IoT
 * Mobile Security
 * Perimeter
 * Physical Security
 * Remote Workforce
 * Threat Intelligence
 * Vulnerabilities & Threats


World

RELATED TOPICS

 * DR Global

 * Middle East & Africa

See All
The Edge
DR Technology
Events

RELATED TOPICS

 * Upcoming Events

 * Webinars

SEE ALL
Resources

RELATED TOPICS

 * Library
 * Newsletters
 * Reports
 * Videos
 * Webinars
 * Whitepapers

 * 
 * 
 * 
 * 
 * Partner Perspectives:
 * > Microsoft

SEE ALL


Sponsored By

 * Vulnerabilities & Threats
 * Threat Intelligence


MICROSOFT DISCLOSES CRITICAL HYPER-V FLAWS IN LOW-VOLUME PATCH UPDATE

Microsoft has disclosed fewer flaws and zero-days in the first three months of
2024 compared with the first quarter of the prior four years.

Jai Vijayan, Contributing Writer

March 12, 2024

5 Min Read
Shutterstock: Wachiwit via Shutterstock


Microsoft issued patches for 60 unique CVEs in its Patch Tuesday security update
for March, only two of which are rated as "critical" and needing priority
attention. Both affect the Windows Hyper-V virtualization technology:
CVE-2024-21407, a remote code execution (RCE) bug; and CVE-2024-21408, which is
a denial-of-service (DoS) vulnerability. 

The update includes fixes for a total of 18 RCE flaws and two dozen
elevation-of-privilege vulnerabilities, some of which allow threat actors to
gain administrative control of affected systems.



Notably, several vulnerabilities that Microsoft assesses as being only of
"important" severity and less likely to be exploited still have severity scores
of more than 9.0 out of 10 on the CVSS vulnerability-severity scale because of
their potential impact, if abused.

"This month's Patch Tuesday presents a reduction in fixed vulnerabilities from
Microsoft, totaling 60, a decrease from last month's 74 updates," Mike Walters,
president and co-founder of Action1, wrote in emailed comments. "Notably absent
this month are any zero-day vulnerabilities or proofs of concept (PoCs),
underscoring a moment of relative calm."




CRITICAL RCE, DOS HYPER-V VULNERABILITIES

The RCE bug in Hyper-V gives attackers a way to take complete control of
affected systems and potentially compromise virtual machines housed on the
Hyper-V server, says Sarah Jones, cyber threat intelligence research analyst at
Critical Start.

The DoS vulnerability, meanwhile, allows an adversary to crash the Hyper-V
service, rendering it unusable.



"This could prevent users from accessing virtual machines (VMs) hosted on the
Hyper-V server, potentially causing significant disruption to critical business
operations," Jones notes. "If you use Hyper-V, it is crucial to install the
security updates immediately to address these critical vulnerabilities and
protect your systems."


A FLURRY OF MICROSOFT PRIVILEGE-ESCALATION BUGS

Microsoft identified six of the vulnerabilities it disclosed this week as flaws
that threat actors are more likely to exploit in future. Most of these were
elevation-of-privilege vulnerabilities. They included CVE-2024-26170 in the
Windows Composite Image File System; CVE-2024-26182 in Windows Kernel;
CVE-2024-21433 in Windows Print Spooler; and CVE-2024-21437 in the Windows
Graphics Component.



Satnam Narang, senior staff researcher at Tenable, described the
privilege-escalation flaws as likely to be of more interest in a post-exploit
scenario to advanced persistent threat (APT) actors, rather than for ransomware
groups and other financially motivated actors.

"An APT group's objective is typically espionage related," Narang explained in
an emailed statement. "APT groups prefer to stay under the radar as much as
possible, while a ransomware affiliate is focused on more of a smash-and-grab
approach because their object is financial gain."

In an emailed comment, Ben McCarthy, lead cybersecurity engineer at Immersive
Labs, pointed to the Windows Kernel elevation of privilege vulnerability
(CVE-2024-26182) as something an attacker would be able to exploit only if they
already gained access to an affected system. But once successful, the bug would
allow an attacker to gain complete system-level privileges.  

"This sort of vulnerability is normally used to completely take over an
important machine in a network, such as an Active Directory or an important
Windows Server," McCarthy said.


MICROSOFT BUGS: IMPORTANT, BUT HIGH PRIORITY

One high-severity bug that Microsoft only rated as "important" was
CVE-2024-21334, a 9.8-rated RCE vulnerability in Open Management Infrastructure
(OMI). Saeed Abbasi, manager of vulnerability research at Qualys' threat
research unit, identifies the bug as one that should be high on the patch
priority list because of that score.



"This vulnerability allows remote, unauthenticated attackers to execute
arbitrary code on exposed OMI instances via the Internet by sending specially
crafted requests that exploit a use-after-free error," Abbasi says. "Given OMI's
role in managing IT environments, the potential impact is vast, affecting
potentially numerous systems accessible online."

While Microsoft considers exploitation less likely, the simplicity of the attack
vector — a use-after-free (UAF) bug — against a critical component suggests that
the threat level should not be underestimated, he cautions. In the past, bugs
such as the OMIGOD set of OMI vulnerabilities in 2021 have been of high interest
to attackers.

CVE-2024-20671, a Microsoft Defender security feature bypass flaw, and
CVE-2024-21421, a spoofing vulnerability in Azure SDK, are two other flaws that
merit higher attention than their "important" ratings would suggest, according
to some security experts.

"While these specific vulnerabilities have workarounds or patches, the increased
focus of threat actors in these directions is concerning," Tyler Reguly, senior
manager of security at Fortra, said in prepared comments.

He also pointed to an elevation-of-privilege bug in Microsoft Authenticator
(CVE-2024-21390) as something that administrators should pay attention to.
"Successful exploitation of the vulnerability could allow the attacker to gain
access to the users' multifactor authentication [MFA] codes," Reguly said.
"Microsoft has rated this with a CVSS score of 7.1 and indicated that user
interaction is required as the victim would need to close and then reopen the
application."

Overall, for administrators used to dealing with large Microsoft patch volumes,
the past three months have been something of a break from the usual. For
instance, this is the second straight month that Microsoft has not disclosed a
zero-day bug in its monthly security update. So far, in the first quarter of the
year, Microsoft has issued patches for a total of 181 CVEs, which is
substantially lower than its first-quarter average of 237 patches in each of the
previous four years, Tenable's Narang noted.



"The average number of CVEs patched in March over the last four years was 86,"
Narang said. "This month, only 60 CVEs were patched."




ABOUT THE AUTHOR(S)

Jai Vijayan, Contributing Writer



Jai Vijayan is a seasoned technology reporter with over 20 years of experience
in IT trade journalism. He was most recently a Senior Editor at Computerworld,
where he covered information security and data privacy issues for the
publication. Over the course of his 20-year career at Computerworld, Jai also
covered a variety of other technology topics, including big data, Hadoop,
Internet of Things, e-voting, and data analytics. Prior to Computerworld, Jai
covered technology issues for The Economic Times in Bangalore, India. Jai has a
Master's degree in Statistics and lives in Naperville, Ill.

See more from Jai Vijayan, Contributing Writer
Keep up with the latest cybersecurity threats, newly discovered vulnerabilities,
data breach information, and emerging trends. Delivered daily or weekly right to
your email inbox.

Subscribe

You May Also Like

--------------------------------------------------------------------------------

Vulnerabilities & Threats

AlphaLock' Hacker Organization Launches Pen-Testing Training Group
Vulnerabilities & Threats

Virtual Alarm: VMware Issues Major Security Advisory
Vulnerabilities & Threats

Researchers Develop Exploit Code for Critical Fortinet VPN Bug
Vulnerabilities & Threats

Generative AI Projects Pose Major Cybersecurity Risk to Enterprises
More Insights
Webinars

 * Assessing Your Critical Applications' Cyber Defenses
   
   Mar 13, 2024

 * Unleash the Power of Gen AI for Application Development, Securely
   
   Mar 19, 2024

 * The Anatomy of a Ransomware Attack, Revealed
   
   Mar 20, 2024

 * How To Optimize and Accelerate Cybersecurity Initiatives for Your Business
   
   Mar 26, 2024

 * Building a Modern Endpoint Strategy for 2024 and Beyond
   
   Mar 27, 2024

More Webinars
Events

 * Cybersecurity's Hottest New Technologies - Dark Reading March 21 Event
   
   Mar 21, 2024

 * Black Hat Asia - April 16-19 - Learn More
   
   Apr 16, 2024

More Events



EDITOR'S CHOICE

Republican elephant and democrat donkey
Cybersecurity Operations
How CISA Fights Cyber Threats During Election Primary SeasonHow CISA Fights
Cyber Threats During Election Primary Season
byDavid Strom
Mar 7, 2024
6 Min Read

The keynote stage at Check Point's CPX conference
ICS/OT Security
'The Weirdest Trend in Cybersecurity': Nation-States Returning to USBs'The
Weirdest Trend in Cybersecurity': Nation-States Returning to USBs
byNate Nelson, Contributing Writer
Mar 7, 2024
3 Min Read
Fidelity Investments signage on a building
Cyberattacks & Data Breaches
First BofA, Now Fidelity: Same Vendor Behind Third-Party BreachesFirst BofA, Now
Fidelity: Same Vendor Behind Third-Party Breaches
byDark Reading Staff
Mar 6, 2024
2 Min Read

Worm exiting a fresh apple
ICS/OT Security
Patch Now: Apple Zero-Day Exploits Bypass Kernel SecurityPatch Now: Apple
Zero-Day Exploits Bypass Kernel Security
byTara Seals, Managing Editor, News, Dark Reading
Mar 6, 2024
2 Min Read
Reports

 * Industrial Networks in the Age of Digitalization

 * Zero-Trust Adoption Driven by Data Protection

 * How Enterprises Assess Their Cyber-Risk

 * AI-Driven Testing: Bridging the Software Automation Gap

 * Forrester Report: The Total Economic Impact Of Bizagi's Low-Code Intelligent
   Process Automation Platform

More Reports
White Papers

 * Cheat Sheet - 5 Strategic Security Checkpoints

 * 2023 Work-from-Anywhere Global Study

 * Threat Intelligence: Data, People and Processes

 * Global Perspectives on Threat Intelligence

 * Migrations Playbook for Saving Money with Snyk + AWS

More Whitepapers
Events

 * Cybersecurity's Hottest New Technologies - Dark Reading March 21 Event
   
   Mar 21, 2024

 * Black Hat Asia - April 16-19 - Learn More
   
   Apr 16, 2024

More Events





DISCOVER MORE WITH INFORMA TECH

Black HatOmdia

WORKING WITH US

About UsAdvertiseReprints

JOIN US


Newsletter Sign-Up

FOLLOW US



Copyright © 2024 Informa PLC Informa UK Limited is a company registered in
England and Wales with company number 1072954 whose registered office is 5
Howick Place, London, SW1P 1WG.

Home|Cookie Policy|Privacy|Terms of Use

Cookies Button


ABOUT COOKIES ON THIS SITE

We and our partners use cookies to enhance your website experience, learn how
our site is used, offer personalised features, measure the effectiveness of our
services, and tailor content and ads to your interests while you navigate on the
web or interact with us across devices. You can choose to accept all of these
cookies or only essential cookies. To learn more or manage your preferences,
click “Settings”. For further information about the data we collect from you,
please see our Privacy Policy

Accept All
Settings



COOKIE PREFERENCE CENTER

When you visit any website, it may store or retrieve information on your
browser, mostly in the form of cookies. This information might be about you,
your preferences or your device and is mostly used to make the site work as you
expect it to. The information does not usually directly identify you, but it can
give you a more personalized web experience. Because we respect your right to
privacy, you can choose not to allow some types of cookies. Click on the
different category headings to find out more and change our default settings.
However, blocking some types of cookies may impact your experience of the site
and the services we are able to offer.
More information
Allow All


MANAGE CONSENT PREFERENCES

STRICTLY NECESSARY COOKIES

Always Active

These cookies are necessary for the website to function and cannot be switched
off in our systems. They are usually only set in response to actions made by you
which amount to a request for services, such as setting your privacy
preferences, logging in or filling in forms.    You can set your browser to
block or alert you about these cookies, but some parts of the site will not then
work. These cookies do not store any personally identifiable information.

Cookies Details‎

PERFORMANCE COOKIES

Performance Cookies

These cookies allow us to count visits and traffic sources so we can measure and
improve the performance of our site. They help us to know which pages are the
most and least popular and see how visitors move around the site.    All
information these cookies collect is aggregated and therefore anonymous. If you
do not allow these cookies we will not know when you have visited our site, and
will not be able to monitor its performance.

Cookies Details‎

FUNCTIONAL COOKIES

Functional Cookies

These cookies enable the website to provide enhanced functionality and
personalisation. They may be set by us or by third party providers whose
services we have added to our pages.    If you do not allow these cookies then
some or all of these services may not function properly.

Cookies Details‎

TARGETING COOKIES

Targeting Cookies

These cookies may be set through our site by our advertising partners. They may
be used by those companies to build a profile of your interests and show you
relevant adverts on other sites.    They do not store directly personal
information, but are based on uniquely identifying your browser and internet
device. If you do not allow these cookies, you will experience less targeted
advertising.

Cookies Details‎
Back Button


BACK



Search Icon
Filter Icon

Clear
checkbox label label
Apply Cancel
Consent Leg.Interest
checkbox label label
checkbox label label
checkbox label label

 * 
   
   View Cookies
   
    * Name
      cookie name

Confirm My Choices