Diamond Member Pelican Press 0 Posted March 13 Diamond Member Share Posted March 13 March Patch Tuesday throws up two critical Hyper-V flaws This is the hidden content, please Sign In or Sign Up has fixed a pair of critical vulnerabilities in This is the hidden content, please Sign In or Sign Up one leading to remote code ********** (RCE) if exploited, on a remarkably light Patch Tuesday. The fixes come amid a slimline update comprising barely 60 common vulnerabilities and exposures (CVEs), none of them rated as zero-days. Although the paucity of updates will come as a relief to security teams, the timing of such a small drop has surprised some – This is the hidden content, please Sign In or Sign Up , with the annual Pwn2Own hacking contest just over a week away, one might have expected Redmond to have been pushing more patches than usual. “This month’s Patch Tuesday presents a reduction in fixed vulnerabilities from This is the hidden content, please Sign In or Sign Up , totalling 60, a decrease from last month’s 74 updates,” said Mike Walters, president and co-founder of patch management specialist This is the hidden content, please Sign In or Sign Up . “Remarkably, we’re seeing only two critical vulnerabilities addressed, fewer than in February, highlighting a positive trend. Notably absent this month are any zero-day vulnerabilities or proof of concepts (PoCs), underscoring a moment of relative calm.” The RCE vulnerability, tracked as This is the hidden content, please Sign In or Sign Up , carries a CVSS base score of 8.1. To exploit it, an authenticated attacker on a guest virtual machine (VM) needs to send specially-crafted file operation requests on the VM to hardware resources on the VM, which This is the hidden content, please Sign In or Sign Up said could lead to RCE on the host. However, successful exploitation will also require the attacker to have specific information on the target environment at their fingertips, and according to This is the hidden content, please Sign In or Sign Up there are a number of additional actions they also need to take to soften up the target, so the complexity of the ******* is quite high. “As of this announcement, there have been no public disclosures or known exploitations of this vulnerability. Yet, given its critical severity and possible consequences, it is crucial for Windows Hyper-V users to promptly implement the provided updates to mitigate exposure,” said Walters. “This vulnerability is applicable to systems running Windows 10 and newer, as well as Windows Server 2012 and newer that are equipped with the Hyper-V role. Users are urged to apply This is the hidden content, please Sign In or Sign Up ’s official patch to safeguard against this issue. Additionally, adhering to best practices for VM and host server security – like minimising user privileges, narrowing network access, and vigilantly monitoring for unusual activities – is strongly advised,” he added. The second critical flaw in Windows Hyper-V is tracked as This is the hidden content, please Sign In or Sign Up , and carries a CVSS base score of 5.5. Left unchecked, it enables a denial of service (DoS) *******, but This is the hidden content, please Sign In or Sign Up ’s update provides no details of how it can be exploited. Some of the other more notable issues this month include another RCE flaw in This is the hidden content, please Sign In or Sign Up Exchange Server, tracked as This is the hidden content, please Sign In or Sign Up , which falls short of being rated as critical because it requires a user to be tricked into opening a specially-crafted file. In addition to patching, defenders may also wish to review their email server security settings, and remind users to exercise caution if they receive unsolicited or unverified files. For similar reasons, security teams may also wish to prioritise a SharePoint Server RCE vulnerability, tracked as This is the hidden content, please Sign In or Sign Up , successful exploitation of which again requires a user to open a malicious file. Another high-risk vulnerability this month is This is the hidden content, please Sign In or Sign Up , in Skype for Consumer. An RCE flaw with a CVSS base score of 8.8, this issue can be exploited if an attacker sends a malicious link or image via instant message, and the fact that it can be found in a widely-used consumer product is of concern, even though there are no known public disclosures or active exploits. Out with OIT At the same time as the main Patch Tuesday upload, Redmond has also announced the deprecation of support for Oracle’s This is the hidden content, please Sign In or Sign Up (OIT) libraries in Exchange Server. This is the hidden content, please Sign In or Sign Up , the move heralds the replacement of OIT with an “improved, modern, in-house file scanning solution,” which will be used by default, although customers will be able to re-enable OIT for some file types if they absolutely must. “The deprecation is a three-phase process starting with the March 2024 update. The first phase disables Oracle’s Outside In Technology (OIT) for all file types. The second phase will introduce a replacement scanning solution. The third phase will completely remove OIT code from Exchange Server. The second and third phase time frames were not announced in the advisory as of the initial publishing date on 12 March 2024,” said Chris Goettl, vice president of product management for security products at This is the hidden content, please Sign In or Sign Up . Get set for Secure Boot Looking to next month’s Patch Tuesday, Goettl also highlighted the planned third deployment phase for the changes associated with CVE-2023-24932, a dangerous vulnerability in the Windows Secure Boot security feature that was first tracked as a zero-day in May 2023. “The CVE addressed a security feature bypass in Secure Boot utilised by the BlackLotus UEFI bootkit,” said Goettl. “The changes were being rolled out in a four- phase process and the third stage was to be implemented in the 9 April 2024 Patch Tuesday or later. “Expect that next month the new mitigations to block additional vulnerable boot managers will be implemented. This could mean that you have some work to do to prepare media for the update. For more details, see This is the hidden content, please Sign In or Sign Up .” The multi-phased approach was necessary because Secure Boot very precisely controls the boot media that can load when the system OS starts up, so if applied wrong, the update could cause big problems, and even prevent systems from starting up. This is the hidden content, please Sign In or Sign Up #March #Patch #Tuesday #throws #critical #HyperV #flaws This is the hidden content, please Sign In or Sign Up Link to comment https://hopzone.eu/forums/topic/2167-march-patch-tuesday-throws-up-two-critical-hyper-v-flaws/ Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now