{"id":24152,"date":"2024-03-13T08:10:09","date_gmt":"2024-03-13T16:10:09","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2024\/03\/13\/news-17882\/"},"modified":"2024-03-13T08:10:09","modified_gmt":"2024-03-13T16:10:09","slug":"news-17882","status":"publish","type":"post","link":"http:\/\/www.palada.net\/index.php\/2024\/03\/13\/news-17882\/","title":{"rendered":"Microsoft Patch Tuesday March 2024 includes critical Hyper-V flaws"},"content":{"rendered":"\n

The March 2024 Patch Tuesday update includes patches for 61 Microsoft vulnerabilities<\/a>. Only two of the vulnerabilities are rated critical and both of these are found in Windows Hyper-V.<\/p>\n

Hyper-V is a hardware virtualization product that allows you to run multiple operating systems as virtual machines (VMs) on Windows. A virtual machine is a computer program that emulates a physical computer. A physical \u201chost\u201d computer can run multiple separate \u201cguest\u201d VMs that are isolated from each other, and from the host. The physical resources of the host are allocated to the VMs by a software layer called the hypervisor, which acts an intermediary between the host and guests.<\/p>\n

The Common Vulnerabilities and Exposures (CVE) database lists publicly disclosed computer security flaws. The Hyper-V CVEs patched in this round of updates are:<\/p>\n

CVE-2024-21407<\/a> is a Windows Hyper-V Remote Code Execution (RCE) vulnerability with a CVSS score<\/a> of 8.1 out of 10. Microsoft says exploitation is less likely since this vulnerability would require an authenticated attacker on a guest to send specially crafted file operation requests to hardware resources on the VM which could result in remote code execution on the host server.<\/p>\n

This means the attacker would need a good deal of information about the specific environment, and to take additional actions prior to exploitation to prepare the target environment.<\/p>\n

CVE-2024-21408<\/a> is a Windows Hyper-V Denial of Service (DOS) vulnerability with a CVSS score of 5.5 out of 10. This means an attacker could target a host machine from a guest and cause it to crash or stop functioning. However, Microsoft did not provide any additional details on how this DOS could occur.<\/p>\n

The attention for Hyper-V is remarkable since only a week earlier, VMware\u00a0released security updates<\/a>\u00a0to fix critical sandbox escape vulnerabilities in VMware ESXi, Workstation, Fusion, and Cloud Foundation. VMware ESXi and Hyper-V are both designed to handle large-scale virtualization deployments.<\/p>\n

Another vulnerability worth mentioning is CVE-2024-21334<\/a>, which has a CVSS score of 9.8 out of 10. It’s an Open Management Infrastructure (OMI) RCE vulnerability that affects System Center Operations Manager (SCOM). SCOM is a set of tools in Microsoft’s System Center for infrastructure monitoring and application performance management. A remote, unauthenticated attacker could exploit this vulnerability by accessing the OMI instance from the internet and sending specially crafted requests to trigger a use-after-free vulnerability.<\/p>\n

OMI is an open source technology for environment management software products for Linux and Unix-based systems. The OMI project was set up to implement standards-based management so that every device in the world can be managed in a clear, consistent, and coherent way.<\/p>\n

Use-after-free vulnerabilities are the result of the incorrect use of dynamic memory during a program\u2019s operation. If, after freeing a memory location, a program does not clear the pointer to that memory, an attacker can exploit the error to manipulate the program. Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code.<\/p>\n

Microsoft states that if the Linux machines do not need network listening, OMI incoming ports can be disabled. In other cases, customers running affected versions of SCOM (System Center Operations Manager 2019 and 2022) should update to OMI version 1.8.1-0.<\/p>\n

Other vendors<\/h2>\n

Other vendors have synchronized their periodic updates with Microsoft. Here are few major ones that you may find in your environment.<\/p>\n

Adobe<\/strong> has released security updates to address vulnerabilities in several products:<\/p>\n