Patch Tuesday March 2024: Two Low-Impact Zero Days and a Third High Impact Exchange Vulnerability

Lower number of patches and no zero-days means no panicked patching of Windows vulnerabilities this Patch Tuesday. The lower total number of vulnerabilities should make it an easy month to catch up on patching as there were some complications with an update that highlights the need to have alternative options in place to push patches to systems.

Microsoft Vulnerabilities

Microsoft addressed 60 vulnerabilities this month, only two marked critical and seven as Exploitation More Likely. The two critical vulnerabilities are for Windows Hyper-V on multiple Windows Server versions from 2012 to 2022, Windows 10, and Windows 11. This wide footprint of affected systems and one of the critical vulnerabilities—CVE2024-21407—being a remote execution vulnerability that can escape the guest VM and run remote code on the host server, should make this a priority item to patch this month.

When Normal Patch Routines Fail

This month did bring some complications with KB5035849 for Windows Server 2019 and Windows 10. Their were early reports on Patch Tuesday of Windows Server 2019 updates failing with Error 0xd0000034, with the suggested workaround being to manually download and install the update from the Windows Update catalog. There was also a known issue with this particular update that caused a memory leak with Local Security Authority Subsystem Service (LSASS) that had not yet been addressed by Microsoft at the time of writing (10 days later). This may cause situations where LSASS crashes, causing a reboot of a domain controller.

The fact that the workaround was a manual install from the Windows Update catalog does highlight the need to have pre-planned and scalable ways of applying emergency patches when your normal method is not available. If you don’t have a way of currently handling a situation where your primary way of applying a patch isn’t available, it’s worth having a look at how you can deal with this scenario. Our Automation Cookbook has one potential PowerShell script that can help you deal with this scenario… Click here to find out more and download the script.

Microsoft Patch Tuesday Vulnerability Prioritization

Addressing vulnerabilities effectively requires a mix of adhering to established best practices and leveraging informed judgment. While it’s a natural instinct to rank vulnerabilities with critical severity ratings higher on the list of things that need to be addressed, relying on severity ratings alone can be limiting. An often-overlooked component is temporal metrics, which provide a measure of the window of vulnerability—the time from initial vulnerability discovery to the availability and application of the patch. This is essential as the longer a vulnerability exists without a fix, the greater the potential for exploitation. By integrating temporal metrics into the risk evaluation process, organizations can gain a more comprehensive understanding of the threat landscape and potential attack vectors, ensuring that they don’t leave themselves open to unnecessary risks.

Table Key: Severity: C = Critical, I = Important, M = Moderate, R = Re-issue; Status: EML = Exploitation More Likely, ELL = Exploitation Less Likely, ED = Exploitation Detected, EU = Exploitation Unlikely, N/A = Not Available

Summary

As always make sure you have established patching processes for evaluation, testing and pushing into production. If you have traditionally only dealt with patches by applying them based on their severity consider including prioritization of patches for Zero-Days, Exploitation Detected and Exploitation More Likely vulnerabilities in your Patch Management routines.

Looking for more blogs on patching, or looking for previous Microsoft Patch Tuesday Reviews, then check out this section of our blog.

Lewis Pope is the Head Security Nerd at N‑able. You can follow him on Twitter: @cybersec_nerd

LinkedIn: thesecuritypope

Twitch: cybersec_nerd