www.belgium.be Logo of the federal government


Advisory #2024-40
Affected software: 
Azure Data Studio
Azure SDK
Microsoft Authenticator
Microsoft Azure Kubernetes Service
Microsoft Dynamics
Microsoft Edge for Android
Microsoft Exchange Server
Microsoft Graphics Component
Microsoft Intune
Microsoft Office
Microsoft Office Sharepoint
Microsoft QUIC
Microsoft Teams for Android
Microsoft WDAC ODBC Driver
Microsoft WDAC OLE DB provider for SQL
Microsoft Windows SCSI Class System File
Open Management Infrastructure
Outlook for Android
Role: Windows Hyper-V
Skype for Consumer
Software for Open Networking in the Cloud (SONiC)
SQL Server
Visual Studio Code
Windows AllJoyn API
Windows Cloud Files Mini Filter Driver
Windows Composite Image File System
Windows Compressed Folder
Windows Defender
Windows Error Reporting
Windows Hypervisor-Protected Code Integrity
Windows Installer
Windows Kerberos
Windows Kernel
Windows NTFS
Windows ODBC Driver
Windows OLE
Windows Print Spooler Components
Windows Standards-Based Storage Management Service
Windows Telephony Server
Windows Update Stack
Windows USB Hub Driver
Windows USB Print Driver
Windows USB Serial Driver
Several types, ranging from Information Disclosure to Remote Code Execution and Privilege Escalation.

Microsoft patched 59 vulnerabilities in its March 2024 Patch Tuesday release, 2 rated as critical, 57 rated important.

Number of CVE by type:

  • 18 Remote Code Execution vulnerabilities
  • 24  Elevation of Privilege vulnerabilities
  • 5 Information Disclosure vulnerabilities
  • 2  Spoofing vulnerability
  • 6  Denial of Service vulnerabilities
  • 1  Tampering vulnerability


Microsoft - https://msrc.microsoft.com/update-guide/en-us/releaseNote/2024-Mar


Microsoft’s March 2024 Patch Tuesday includes 59 vulnerabilities (2 critical and 57 important), for a wide range of Microsoft products, impacting Microsoft Server and Workstations. Some vulnerabilities are likely to be exploited soon, therefore urgent patching is advised.


Microsoft has released multiple patches for vulnerabilities covering a range of their products. These monthly releases are called “Patch Tuesday” and contain security fixes for Microsoft devices and software.

The CCB would like to point your attention to following vulnerabilities:

CVE-2024-21407: Windows Hyper-V

Remote Code Execution vulnerability. This is one of the two Critical-rated bugs for this month with a CVSSv3 score of 8.1. The vulnerability would allow an authenticated attacker on a guest VM to send specially crafted file operation requests on the VM to hardware resources on the VM which could result in remote code execution on the host server. This is often referred to as a guest-to-host escape and could be used to impact other guest OSes on the server.

CVE-2024-21408: Windows Hyper-V

Denial of Service vulnerability. This is the other critical vulnerability published this month in Windows Hyper-V with a CVSSv3 score of 5.5. Successful exploitation of this vulnerability allows an attacker to target a Hyper-V guest virtual machine, which can affect the functionality of the Hyper-V host. Because this is a local DoS attack, Microsoft deems exploitation less likely.

CVE-2024-21400: Azure Kubernetes Service

Elevation of Privilege Vulnerability. Microsoft fixed a vulnerability in Azure Kubernetes Service that could allow attackers to gain elevated privileges and steal credentials. The vulnerability has received a CVSSv3 score of 9.0 and is rated important by Microsoft. This bug allows an unauthenticated attacker to access the untrusted AKS Kubernetes node and AKS Confidential Container to take over confidential guests and containers. Successful exploitation would allow the attacker to steal credentials and affect other resources.

CVE-2024-21334: Open Management Infrastructure (OMI) management server

Remote Code Execution vulnerability. It was assigned a CVSSv3 score of 9.8 and is rated important by Microsoft. To exploit this vulnerability, a remote unauthenticated attacker could use a specially crafted request to trigger a use-after-free vulnerability. It’s not clear how many of these systems are reachable through the Internet, but it’s likely a significant number.

In addition, OMI received another patch this month, CVE-2024-21330 to address an EoP vulnerability.

CVE-2024-21433: Windows Print Spooler

Elevation of Privilege vulnerability. This vulnerability is rated as ”Exploitation More Likely,” and was assigned a CVSSv3 score of 7.0. Exploitation of this vulnerability would require an attacker to win a race condition which could grant the attacker SYSTEM privileges.

CVE-2024-26198: Microsoft Exchange Server

Remote Code Execution vulnerability. This vulnerability is a classic DLL loading vulnerability with a score of 8.8 and rated important by Microsoft. An attacker can place a specially crafted file in a location they control. They then entice a user to open the file, which loads the crafted DLL and leads to code execution. Last month Microsoft also released a DLL loading vulnerability. Initially, the vulnerability wasn’t actively exploited. However, shortly after its disclosure, it began to be actively exploited.

Recommended Actions


The Centre for Cybersecurity Belgium strongly recommends installing updates for vulnerable devices with the highest priority, after thorough testing.


The CCB recommends organizations upscale monitoring and detection capabilities to identify any related suspicious activity, ensuring a swift response in case of an intrusion.

In case of an intrusion, you can report an incident via: https://cert.be/en/report-incident
While patching appliances or software to the newest version may provide safety from future exploitation, it does not remediate historic compromise.


The Register - https://www.theregister.com/2024/03/13/patch_tuesday_march_2024/

The Hacker News - https://thehackernews.com/2024/03/microsofts-march-updates-fix-61.html

Tenable - https://www.tenable.com/blog/microsofts-march-2024-patch-tuesday-address...

Zero Day Initiative - https://www.zerodayinitiative.com/blog/2024/3/12/the-march-2024-security...

Rapid7 - https://www.rapid7.com/blog/post/2024/03/12/patch-tuesday-march-2024/

CrowdStrike - https://www.crowdstrike.com/blog/patch-tuesday-analysis-march-2024/