Otto  background

March Patch Tuesday Ushers In 60 CVEs and a Bushel of macOS Security Updates

Patch [Fix] Tuesday: March 2024

Connect With Us

Start now, and patch, configure, and control all your endpoints in just 15 minutes.

March 2024 Patch Tuesday is here! With 60 CVEs released by Microsoft and the recent rollout of the macOS Sonoma 14.4 updates, it promises to be a busy few weeks for those in cybersecurity.

Two particularly alarming CVEs will catch your eye this Patch Tuesday.  Let's explore the potential implications of these vulnerabilities and take a closer look at the latest macOS update.

Also, be sure to check out our Patch [Fix] Tuesday podcast, released every Patch Tuesday! Get it here, or wherever you normally get your podcasts.

Before we dive into these vulnerabilities, let’s see how this Patch Tuesday stacks up.

Microsoft Patch Tuesday Vulnerabilities: A Brief History

CVE-2024-21400

Microsoft Azure Kubernetes Service Confidential Container Elevation of Privilege Vulnerability [Important]

With a CVSS score of 9.0/10, CVE-2024-21400 is a critical vulnerability identified in Microsoft Azure Kubernetes Service for Confidential Containers. This flaw allows attackers to bypass security measures to steal credentials and manipulate resources not intended to be accessible. The breach essentially opens a backdoor for attackers, compromising the confidentiality and integrity of the confidential system.

The mechanics of this vulnerability involve exploiting the container's security boundaries using “az confcom”, a cli tool for interacting with confidential resources, leading to unauthorized access to sensitive information. Given the increasing adoption of confidential containers for deploying applications, the potential impact of this vulnerability is substantial. Organizations using Azure Kubernetes Service must prioritize patching the confcom cli tool/plugin to >0.3.3 to protect their systems from possible breaches.

To mitigate the risks associated with CVE-2024-21400 and others, it is imperative to apply the security updates provided by Microsoft immediately. Beyond patching, organizations should prioritize reviewing their security practices around container deployment and management, ensuring that only necessary access rights are granted and closely monitoring for any unusual activity.

Administrators are urged to review and adjust their settings, ensuring that their systems are not just reliant on updates for security, but are also configured with the best practices of cybersecurity in mind from the outset.

Mat Lee, Security Engineer, Automox

CVE-2024-26164

Microsoft Django Backend for SQL Server Remote Code Execution Vulnerability [Important]

Another vulnerability addressed this Patch Tuesday is CVE-2024-26164. This one affects the Microsoft Django Backend for SQL Server. This vulnerability, rated with a CVSS score of 8.8, makes it possible for attackers to carry out SQL injection attacks by exploiting an unsanitized parameter within a SQL query. The impact of such an attack includes arbitrary code execution and potential leakage of sensitive data, posing a severe threat to affected systems.

The vulnerability operates by manipulating SQL queries through unsanitized inputs, allowing attackers to execute commands that can alter or retrieve data without proper authorization. This classic yet effective technique remains a prevalent threat due to lapses in secure coding practices.

While SQL Injection (SQLi) is a quite old attack vector, its persistence in modern security breaches underlines the ongoing challenges in application security. 

Despite years of awareness and advancements in security practices, this vulnerability underscores the vital importance of adopting rigorous security protocols and continuous testing to safeguard against such exploits.

Addressing CVE-2024-26164 requires immediate action to patch the vulnerability and prevent potential exploitation. It underscores the necessity of adopting secure coding standards, particularly regarding input validation and parameter sanitization, to thwart SQL injection and other similar attack vectors

Tom Bowyer, Director IT Security, Automox

macOS Sonoma 14.4 Security Updates

The macOS Sonoma 14.4 update addresses a range of vulnerabilities (68 CVEs!) with impacts ranging from arbitrary code execution to process memory disclosure, and more. Among these, issues related to image processing, image IO, and the Intel graphics driver stand out, highlighting the diverse nature of threats faced by macOS users.

This release comes at a time of heightened attention towards exploiting macOS, driven by the operating system's growing user base and the increasing sophistication of attackers. The vulnerabilities patched in this update often stem from memory safety issues, a concern that has led to a broader industry conversation about the adoption of memory-safe programming languages.

The emphasis on memory-safe languages like Rust in developing software is becoming increasingly important and may eventually become a requirement for many software vendors. Such languages offer built-in protections against common vulnerabilities like buffer overflows, significantly reducing the risk of exploitation. The move towards memory-safe coding represents a crucial step in fortifying software against emerging cyber threats.

Jason Kikta, CISO / SVP of Product, Automox

[Fix] Tuesday

By applying these patches and embracing best practices in software development and deployment, you can better safeguard your endpoints against exploitation. 

As cybersecurity threats evolve, so too must our strategies for mitigating them. The ongoing importance of regular software updates, proper security configurations, and secure coding methodologies cannot be overstated.

Let this month's Patch Tuesday serve as a reminder of the vital role these practices play in maintaining our digital security and protecting us from potential cyber-attacks. Keep an eye out for updates, stay vigilant, and let's continue to work together towards a more secure cyber landscape.  

And remember: Patch regularly, patch often.

Dive deeper into this topic

loading...