It is being reported that Microsoft fixed 60 vulnerabilities in this month’s Patch Tuesday security update round. This includes two critical bugs CVE-2024-21407 that enables attackers to escape from a Hyper-V guest virtual machine and achieve remote code execution on the Hyper-V host, and CVE-2024-21408, a denial of service vulnerability in Windows Hyper-V.
Melvin Lammerts, Hacking Lead at cybersecurity firm Hadrian had this comment:
This Patch Tuesday underscores the critical importance of timely system patching. The Hyper-V vulnerabilities are particularly concerning, as they could enable attackers to execute arbitrary code on the Hyper-V host or cause a complete system crash. Administrators relying on Hyper-V should prioritise these patches without delay.Furthermore, the Microsoft Defender bypass vulnerability serves as a reminder that no single security solution is foolproof. A robust defence-in-depth strategy is essential, incorporating patching, firewalls, intrusion detection systems, and reliable endpoint protection.Finally, staying informed through resources like the Microsoft Security Bulletins is the best way to stay on top of the latest threats and helps you maintain a strong security posture.
This highlights what I tell every client that I have. Which is patch everything the second it becomes available as it’s an easy way to protect yourself.
Like this:
Like Loading...
Related
This entry was posted on March 13, 2024 at 10:00 am and is filed under Commentary with tags Microsoft. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
RCE Bugs Feature Among 60 CVEs In March Patch Tuesday
It is being reported that Microsoft fixed 60 vulnerabilities in this month’s Patch Tuesday security update round. This includes two critical bugs CVE-2024-21407 that enables attackers to escape from a Hyper-V guest virtual machine and achieve remote code execution on the Hyper-V host, and CVE-2024-21408, a denial of service vulnerability in Windows Hyper-V.
Melvin Lammerts, Hacking Lead at cybersecurity firm Hadrian had this comment:
This Patch Tuesday underscores the critical importance of timely system patching. The Hyper-V vulnerabilities are particularly concerning, as they could enable attackers to execute arbitrary code on the Hyper-V host or cause a complete system crash. Administrators relying on Hyper-V should prioritise these patches without delay.Furthermore, the Microsoft Defender bypass vulnerability serves as a reminder that no single security solution is foolproof. A robust defence-in-depth strategy is essential, incorporating patching, firewalls, intrusion detection systems, and reliable endpoint protection.Finally, staying informed through resources like the Microsoft Security Bulletins is the best way to stay on top of the latest threats and helps you maintain a strong security posture.
This highlights what I tell every client that I have. Which is patch everything the second it becomes available as it’s an easy way to protect yourself.
Share this:
Like this:
Related
This entry was posted on March 13, 2024 at 10:00 am and is filed under Commentary with tags Microsoft. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.