Cybersecurity Experts Analyze 57 New Vulnerabilities

March’s Patch Tuesday delivers 57 new patches addressing multiple vulnerabilities, requiring immediate attention to protect systems and data. This month’s patches present significant challenges, but addressing these issues promptly will minimize potential risk.

For more insights into these vulnerabilities, check out the Patch [FIX] Tuesday podcast.

But first, a glance at how this Patch Tuesday measures up.

March’s release includes several vulnerabilities in Chromium-based browsers like Microsoft Edge. These issues, including use-after-free vulnerabilities in browser profiles, allow attackers to bypass browser sandboxing, exfiltrate data, or spoof identities. Exploiting these weaknesses can enable attackers to execute malicious actions while deceiving endpoint detection tools.

These vulnerabilities pose a significant risk because browsers are a primary interface for both users and attackers. Multiple CVEs this month target various aspects of Chromium, increasing the urgency of these updates. Failure to patch may leave endpoints exposed to unauthorized access and data exfiltration.

To address these risks, update your Chromium-based browsers immediately. Patching and update tools can help streamline this process across your network. If centralized patching is unavailable, establish a browser version standard and update devices manually. 

With the prevalence of these types of vulnerabilities and the ease with which attackers can export browser-stored passwords, educating users on secure storage practices is crucial. Dedicated, security-focused password managers are almost always a more secure alternative to browser-based storage solutions.

– Ryan Braunstein, Security Manager, Automox

CVE 2024-26633

CVE 2024-26633 is a remote code execution vulnerability in the Microsoft Management Console (MMC). An attacker can exploit this weakness by tricking a user into opening a malicious MMC file, typically distributed through phishing emails or compromised USB drives. Once triggered, the exploit allows the attacker to execute arbitrary commands, enabling malware deployment, persistent backdoors, or even ransomware attacks.

To mitigate these risks, start by deploying patches to all affected Windows systems immediately. Timely patch management addresses known vulnerabilities, reducing your attack surface and preventing exploitation. Additionally, restricting the use of Microsoft Management Console (MMC) through strict access controls minimizes the chances of unauthorized users executing malicious files or escalating privileges.

Restricting local administrative rights reduces the potential misuse of privileged accounts, limiting opportunities for attackers to tamper with systems or install malware. Pair this with regular training on phishing awareness to bolster security at the human level. Educating employees to recognize and avoid phishing attempts targets a common entry point for attackers, strengthening your overall defense strategy.

Deploying enhanced endpoint protection tools, such as next-generation antivirus (NGAV) and endpoint detection and response (EDR), adds advanced defensive layers capable of stopping sophisticated threats.

Coupled with real-time monitoring and alerting, these tools enable rapid identification and action when suspicious activity occurs. Together, these measures limit attackers' ability to exploit weaknesses, improving your organization’s resilience against cyberthreats.

– Seth Hoyt, Senior Security Engineer, Automox

CVE 2024-24993

CVE 2024-24993 (CVSS 7.8/10) targets a Heap-based buffer overflow vulnerability within Windows NTFS. An attacker can potentially exploit this issue by prompting users to mount a specially crafted VHD (Virtual Hard Disk). This flaw can result in an unauthorized attacker executing arbitrary code locally..

The best way to protect against the exploitation of these vulnerabilities is by promptly patching all affected devices. Deploying updates resolves known system issues, reducing exposure to potential attacks and strengthening defenses against exploitation.

Policies can be reinforced by restricting the origin of VHD files to verified or internal sources. This helps to minimize risks posed by malicious files and reduces the chance of falling victim to attacks involving crafted VHDs. Conducting regular reviews of your device and network policies can also aid in identifying and addressing risky behaviors that could expose systems to potential threats.

Consider deploying secure, internal golden images for approved VHD use cases. Building these images internally ensures greater control over file integrity and eliminates reliance on third-party tools or pre-configured files that may introduce vulnerabilities. These steps significantly reduce the risks associated with this NTFS flaw, protecting sensitive information and enhancing your organization's overall security posture.

– Henry Smith, Senior Security Engineer, Automox