Microsoft addressed two critical vulnerabilities in the virtualization software Hyper-V during this month’s Patch Tuesday update. The company said exploits of both vulnerabilities are not likely, but patching is important.
The vulnerabilities in question are CVE-2024-21407 and CVE-2024-21408. The first vulnerability allows authenticated attackers in the virtualization software Hyper-V to use a Guest VM to run arbitrary code on the underlying host server.
According to Microsoft, it takes quite an effort for cybercriminals to exploit this vulnerability successfully. They must first gather information about the environment to be attacked and then take additional actions. This makes a successful exploit considered “less likely” by the tech company.
The second critical vulnerability allows hackers to perform a denial-of-service (DoS) attack. Microsoft does not provide further details on this particular vulnerability.
Other Patch Tuesday updates
The March 2024 Patch Tuesday update included 59 other patches in addition to the two critical patches for the Hyper-V vulnerabilities. According to Microsoft, these patches are less urgent than those for the above vulnerabilities.
In addition to patches for Windows and the Windows kernel, patches were released for various Microsoft solutions and applications. These include Azure solutions and applications, Exchange Server, Intune, SQL Server, Visual Studio Code, Microsoft Office and Dynamics, the Edge browser for Android and Outlook.
Also read: 28,500 Microsoft Exchange servers vulnerable