Security Update Review for March 2024's Patch Tuesday from Microsoft and Adobe
Adobe and Microsoft have released their monthly security updates, known as Patch Tuesday, to address a total of 64 vulnerabilities. Among these, eight were given critical severity ratings.
Adobe's updates address vulnerabilities in Adobe Experience Manager, Adobe Premiere Pro, Adobe ColdFusion, Adobe Bridge, Adobe Lightroom, and Adobe Animate. These updates fix several types of flaws, including Denial of Service (DoS), Elevation of Privilege (EoP), Information Disclosure, Remote Code Execution (RCE), Security Feature Bypass, and Spoofing.
Microsoft's Patch Tuesday for March 2024 addressed 64 vulnerabilities, including 2 critical and 58 important severity vulnerabilities. Notable vulnerabilities include CVE-2024-21437, an elevation of privilege vulnerability in the Windows Graphics Component, which, upon successful exploitation, could grant an attacker SYSTEM privilege. Another critical vulnerability is CVE-2024-26182, an elevation of privilege vulnerability in the Windows Kernel, which also could lead to SYSTEM privilege upon successful exploitation.
In addition, four vulnerabilities in Microsoft Edge (Chromium-based) were patched earlier this month. Notably, CVE-2024-21407 is a Windows Hyper-V Remote Code Execution Vulnerability, where an authenticated attacker on a guest VM can perform remote code execution on the host server. CVE-2024-21433 is an elevation of privilege vulnerability in Windows Print Spooler, and upon successful exploitation, an attacker could gain SYSTEM privilege.
The next Patch Tuesday falls on April 9. To help customers address these key vulnerabilities, Qualys hosts a monthly webinar series. During these webcasts, they discuss high-impact vulnerabilities, including those that are a part of this month's Patch Tuesday alert.
Qualys' Vulnerability Management Detection Response (VMDR) automatically detects new Patch Tuesday vulnerabilities using continuous updates to its Knowledgebase (KB). To see all your impacted hosts by these vulnerabilities, you can use the following QQL query:
For missing patches for this Patch Tuesday, you can use the following QQL:
VMDR remediates Windows hosts by deploying the most relevant and applicable per-technology version patches. Qualys hosts a monthly webinar series to help customers leverage the integration between Qualys VMDR and Qualys Patch Management. They walk customers through the necessary steps to address the key vulnerabilities using Qualys VMDR and Qualys Patch Management.
Remember, no zero-day vulnerabilities known to be exploited in the wild were addressed in this month's updates. Stay vigilant and keep your systems updated to protect against potential threats.
Read also:
- Indian Oil Corporation's Panipat Refinery secures India's inaugural ISCC CORSIA accreditation for Sustainable Aviation Fuel production
- Ford Bets on an Affordable Electric Pickup Revolution with a $30,000 Design
- Rapid Charging Stations for Electric Vehicles Avoiding Grid Overload
- Volkwagen achieves profitability in electric small vehicles with innovative technology and cost efficiency benefits
