Microsoft Patch Tuesday

Published On: April 10, 2024Categories: Cyber Alerts

In today’s SensCy Cyber Brief, your SensCy team reviewed Microsoft’s latest series of patches released on Tuesday, March 9, 2024. This month Microsoft fixes 150 flaws.

What is Patch Tuesday?
Patch Tuesday is Microsoft’s initiative to release new security fixes for the Windows operating system and any other Microsoft software on a monthly basis. Your SensCy team will monitor such releases and provide you with our observations and recommendations.

Why is it important?
This month’s patch Tuesday is critical because it fixes critical vulnerabilities. The SensCy team recommends Microsoft users install those patches immediately.

This month’s patch Tuesday fixes three critical vulnerabilities:

CVE-2024-29053, CVE-2024-21323; CVE-2024-21322. All three critical vulnerabilities are “Microsoft Defender for IoT Remote Code Execution Vulnerability, where an authenticated attacker with access to the file upload feature could exploit this path traversal vulnerability by uploading malicious files to sensitive locations on the server, according to Microsoft.

Here is a breakdown of each vulnerability category:

  • 67 Remote Code Execution Vulnerabilities
  • 31 Elevation of Privilege Vulnerability
  • 29 Security Feature Bypass Vulnerabilities
  • 13 Information Disclosure Vulnerabilities
  • 7 Denial of Service Vulnerabilities
  • 3 Spoofing Vulnerabilities

For more information on vulnerabilities and the system that it affects, please refer to the full report from Microsoft linked here.

 

Related Posts