March Patch Tuesday

Hosted by Chris Goettl and Todd Schell
Patch Tuesday Webinar
Wednesday, March 13, 2024

Copyright © 2024 Ivanti. All rights reserved. 2
Agenda
§ March 2024 Patch Tuesday Overview
§ In the News
§ Bulletins and Releases
§ Between Patch Tuesdays
§ Q & A

March Patch Tuesday is looking to be pretty mild and I
don’t mean the weather. Microsoft has resolved 60 new
CVEs and updated two previously released CVEs with
an expanded set of affected products. The Windows OS
update is the only Critical update this month with no
reported Exploited or Publicly Disclosed vulnerabilities.
For more details check out this month's Patch Tuesday
blog.
March Patch Tuesday 2024

In the News

In the News
§ Post February Exploits
§ Exchange Server CVE-2024-21410
§ https://www.bleepingcomputer.com/news/security/over-28-500-exchange-servers-vulnerable-to-actively-
exploited-bug/
§ Windows Kernel CVE-2024-21338
§ https://www.techspot.com/news/102131-microsoft-left-kernel-level-zero-day-bug-windows.html
§ iOS and iPad OS Updates resolve two zero-day exploits
§ https://www.bleepingcomputer.com/news/apple/apple-fixes-two-new-ios-zero-days-exploited-in-
attacks-on-iphones/
§ Released March 5 https://support.apple.com/en-us/HT214081
§ Microsoft announces the deprecation of Oracle's libraries in Exchange Server
§ ADV24199947 - https://msrc.microsoft.com/update-guide/advisory/ADV24199947
§ Three-phase deprecation process
§ Disable Oracle’s Outside In Technology (OIT)
§ Replace the file scanner with Microsoft technology
§ Remove the OIT libraries from Exchange Server

CVE-2024-0565
§ CVSS 3: 8.8
§ An out-of-bounds memory read flaw was found
in receive_encrypted_standard in
fs/smb/client/smb2ops.c in the SMB Client sub-
component in the Linux Kernel.
§ CIFS network file system implementation in the
Linux kernel did not properly validate certain
server commands fields, causing integer
underflow on the memcpy length
§ Allows an attacker to cause a denial of
service (system crash) or possibly expose
sensitive information.
Background:
The SMB Client is a client that can 'talk' to an
SMB/CIFS server. The Common Internet File
System (CIFS) is a file access storage protocol, or
rules for efficient file sharing over a network. It is
based on the Server Message Block (SMB) protocol
and allows devices to share files with the server and
with other peripheral devices like printers.
New and Notable Linux Vulnerabilities: 1
Highlighted by TuxCare

CVE-2023-3824
§ CVSS 3: 9.8
§ In PHP version 8.0.* before 8.0.30, 8.1.* before
8.1.22, and 8.2.* before 8.2.8, when loading
phar file or while reading PHAR directory entries,
insufficient length checking may lead to a stack
buffer overflow
§ Potential memory corruption/ RCE. Impacts PHP
in CentOS 6,7,8, Ubuntu 16,18, etc
§ Exploiting these type of vulnerabilities generally
requires that an attacker has access (physical or
remote) to a vulnerable machine.
Mitigation
q For PHP 8.0.x users, upgrade to version 8.0.30
or later.
q For PHP 8.1.x users, upgrade to version 8.1.22
or later.
q For PHP 8.2.x users, upgrade to version 8.2.8 or
later.

CVE-2024-25617
§ CVSS 3: 8.6
§ Squid, an open-source caching proxy for the
Web supporting HTTP, HTTPS, FTP, and more,
may be vulnerable to a Denial-of-Service attack
against HTTP header parsing.
§ Allows a remote client or a remote server to
perform Denial of Service when sending
oversized headers in HTTP messages. Impacts
squid shipped in CentOS 6,8, Ubuntu 16,18, etc
§ All Squid-3.0 up to and including 6.4 without
header_max_size settings or with either
header_max_size setting over 21 KB are
vulnerable. Squid-6.5 and later set to over 64 KB
are vulnerable.
Mitigation
Users are advised to upgrade to version 6.5.
There are no known workarounds for this
vulnerability.

Microsoft Patch Tuesday Updates of Interest
Advisory 990001 Latest Servicing Stack
Updates (SSU)
§ https://msrc.microsoft.com/update-
guide/en-US/vulnerability/ADV990001
§ 2012 ESU OS and Windows 10
Azure and Development Tool Updates
§ .NET 7 & 8
§ Azure Automation
§ Azure Data Studio
§ Azure Kubernetes Service Confidential
Containers
§ Azure Open Management Infrastructure
§ Azure Sentinel
§ Azure SONiC (multiple versions)
§ Visual Studio 2022 v17.4 – v17.9
Source: Microsoft

Windows 10
and 11 Lifecycle
Awareness
Windows 10 Enterprise and Education
Version Release Date End of Support Date
22H2 10/18/2022 10/14/2025
21H2 11/16/2021 6/11/2024
Windows 10 Home and Pro
22H2 10/18/2022 10/14/2025
Windows 11 Home and Pro
23H2 10/31/2023 11/11/2025
22H2 9/20/2022 10/8/2024
Windows 11 Enterprise and Education
23H2 10/31/2023 11/10/2026
22H2 9/20/2022 10/14/2025
21H2 10/4/2021 10/8/2024
Source: Microsoft
https://docs.microsoft.com/en-us/lifecycle/faq/windows

Server Long-term Servicing Channel Support
Server LTSC Support
Version Editions Release Date Mainstream Support Ends Extended Support Ends
Windows Server 2022 Datacenter and Standard 08/18/2021 10/13/2026 10/14/2031
Windows Server 2019
(Version 1809)
Datacenter, Essentials, and Standard 11/13/2018 01/09/2024 01/09/2029
Windows Server 2016
(Version 1607)
Datacenter, Essentials, and Standard 10/15/2016 01/11/2022 01/11/2027
https://learn.microsoft.com/en-us/windows-server/get-started/windows-server-release-info
§ Focused on server long-term stability
§ Major version releases every 2-3 years
§ 5 years mainstream and 5 years extended support
§ Server core or server with desktop experience available
Source: Microsoft

Patch Content Announcements
Announcements Posted on Community Forum Pages
§ https://forums.ivanti.com/s/group/CollaborationGroup/00Ba0000009oKICEA2
§ Subscribe to receive email for the desired product(s)
Content Info: Endpoint Security
Content Info: Endpoint Manager
Content Info: macOS Updates
Content Info: Linux Updates
Content Info: Patch for Configuration Manager
Content Info: ISEC and Neurons Patch
Content Info: Neurons Patch for InTune

Bulletins and Releases

Copyright © 2024 Ivanti. All rights reserved.
CHROME-240312: Security Update for Chrome Desktop
§ Maximum Severity: Critical
§ Affected Products: Google Chrome
§ Description: The Stable channel has been updated to 122.0.6261.128/.129 for Windows and
Mac and 122.0.6261.128 to Linux. The Extended Stable channel has been updated to
122.0.6261.129 for Windows and Mac. See
https://chromereleases.googleblog.com/2024/03/stable-channel-update-for-desktop_12.html for
more details. This update contains three security fixes with one reported CVE rated High.
§ Impact: Remote Code Execution
§ Fixes 1 Vulnerability: CVE-2024-2400
§ Restart Required: Requires application restart
1

MS24-03-W11: Windows 11 Update
§ Affected Products: Microsoft Windows 11 Version 21H2, 22H2, 23H2 and Edge Chromium
§ Description: This bulletin references KB 5035854 (21H2) and KB 5035853 (22H2/23H2).
§ Impact: Remote Code Execution, Security Feature Bypass, Tampering, Denial of Service,
Elevation of Privilege, and Information Disclosure
§ Fixes 39 Vulnerabilities: No vulnerabilities are reported publicly disclosed or known exploited.
See the Security Update Guide for the complete list of CVEs.
§ Restart Required: Requires restart
§ Known Issues: None reported
1

MS24-03-W10: Windows 10 Update
§ Affected Products: Microsoft Windows 10 Versions 1607, 1809, 21H2, 22H2, Server 2016,
Server 2019, Server 2022, Server 2022 Datacenter: Azure Edition and Edge Chromium
§ Description: This bulletin references 7 KB articles. See KBs for the list of changes.
§ Impact: Remote Code Execution, Security Feature Bypass, Denial of Service, Elevation of
Privilege, and Information Disclosure
§ Fixes 39 Vulnerabilities: No vulnerabilities are reported publicly disclosed or known exploited.
See the Security Update Guide for the complete list of CVEs.
§ Known Issues: See next slide
1

March Known Issues for Windows 10
§ KB 5035845 – Windows 10 Enterprise and Education, version 21H2 Windows 10 IoT Enterprise,
version 21H2 Windows 10 Enterprise Multi-Session, version 21H2 Windows 10, version 22H2,
all editions
§ [Copilot Not Supported] Copilot in Windows (in preview) is not currently supported when
your taskbar is located vertically on the right or left of your screen. Workaround: To
access Copilot in Windows, make sure your taskbar is positioned horizontally on the top or
bottom of your screen.
§ [Icon Display] Windows devices using more than one (1) monitor might experience issues
with desktop icons moving unexpectedly between monitors or other icon alignment issues
when attempting to use Copilot in Windows (in preview).
§ Microsoft is working on a resolution for both issues.

MS24-03-EXCH: Security Updates for Exchange Server
§ Maximum Severity: Important
§ Affected Products: Microsoft Exchange Server 2016 CU23 and Exchange Server 2019 CU13 &
CU14
§ Description: This bulletin references KB 5036386 for Exchange Server 2016 and KBs 5036401
and 5036402 for Exchange Server 2019. This update addresses a vulnerability which could load
a malicious DLL and lead to a remote code execution. It also disables the Oracle Outside In
Technology as phase one of functional deprecation (see In the News slide).
§ Fixes 1 Vulnerability: CVE-2024-26198 is not publicly disclosed or known exploited.
§ Known Issues: See next slide
1
2

March Known Issues for Exchange Server
§ KB 5036386 – Exchange Server 2016 CU23
§ After you install this security update (SU), the program no longer supports the Oracle
Outside In Technology (OIT) or OutsideInModule. OIT performs text extraction operations
when you process email messages that have attachments. For more information, see The
OutsideInModule module is disabled after installing the March 2024 SU.
§ After you install this security update (SU), Download Domains are no longer working as
expected. For more information, see Download domains not working after installing the
March 2024 SU.
§ After you install this security update (SU), OwaDeepTestProbe and
EacBackEndLogonProbe are no longer working. For more information, see
OwaDeepTestProbe and EacBackEndLogonProbe fail after installing March 2024 SU.
Source: Microsoft

§ Affected Products: Microsoft 365 Apps, Office 2019 and Office LTSC 2021
§ Description: This month’s update resolves a vulnerability that could allow an authenticated user
to gain SYSTEM privileges. Information on the security updates is available at
https://docs.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates.
§ Impact: Elevation of Privilege
§ Fixes 1 Vulnerability: CVE-2024-26199 is not known to be exploited or publicly disclosed
MS24-03-O365: Security Updates for Microsoft 365 Apps
1
2

§ Affected Products: Microsoft SharePoint Server Subscription Edition, SharePoint Enterprise
Server 2016, and SharePoint Server 2019
§ Description: This month’s update resolves a vulnerability that would allow remote access to the
machine. A local user must first be convinced to execute a malicious file to begin this exploit.
This bulletin is based on 3 KB articles.
§ Fixes 1 Vulnerability: CVE-2024-21426 is not known to be exploited or publicly disclosed
MS24-03-SPT: Security Updates for Sharepoint Server
1
2

Between
Patch Tuesdays

Windows Release Summary
§ Security Updates (with CVEs): Google Chrome (3), Docker For Windows (1), Firefox (1), Firefox ESR
(1), Foxit PDF Editor (Subscription) (1), Foxit PDF Reader Consumer (1), Foxit PDF Reader Enterprise
(1), Thunderbird (2), VMware Workstation Player (1), VMware Workstation Pro (1)
§ Security Updates (w/o CVEs): Adobe Acrobat DC and Acrobat Reader DC (1), Apache Tomcat (3),
Google Chrome (1), Falcon Sensor for Windows (1), Cisco Webex Meetings Desktop App (1), Citrix
Workspace App LTSR (2), Docker For Windows (1), Dropbox (2), Evernote (4), Firefox (1), GoodSync
(3), GIT for windows (1), Grammarly for Windows (3), LibreOffice (2), LogMeIn (1), Malwarebytes (1),
Node.JS (Current) (1), Notepad++ (1), Opera (2), Paint.net (1), Pidgin (1), Royal TS (2), Skype (2),
Snagit (1), Sourcetree for Windows Enterprise (1), Tableau Desktop (7), Tableau Prep Builder (2),
Tableau Reader (2), TeamViewer (2), WinSCP (1), WinRAR (1), Zoom Client (2), Zoom Outlook Plugin
(1), Zoom Rooms Client (1), Zoom VDI (1)
§ Non-Security Updates: AIMP (2), Amazon WorkSpaces (1), BlueBeam Revu (1), Bitwarden (1), Cisco
Webex Teams (1), Client for Open Enterprise Server (1), Google Drive File Stream (1), GeoGebra
Classic (3), GoTo Connect (1), NextCloud Desktop Client (1), Password Safe (1), R for Windows (1),
RingCentral App (Machine-Wide Installer) (1), Rocket.Chat Desktop Client (1), RealVNC Server (1),
RealVNC Viewer (1), TortoiseHG (1), TreeSize Free (1), WeCom (1), XnView (1)

Windows Third Party CVE Information
§ Google Chrome 122.0.6261.58
§ CHROME-240220, QGC1220626158
§ Fixes 10 Vulnerabilities: CVE-2024-1669, CVE-2024-1670, CVE-2024-1671, CVE-2024-1672,
CVE-2024-1673, CVE-2024-1674, CVE-2024-1675, CVE-2024-1676, CVE-2024-1938, CVE-2024-
1939
§ CHROME-240305, QGC12206261112
§ Fixes 3 Vulnerabilities: CVE-2024-2173, CVE-2024-2174, CVE-2024-2176
§ Docker For Windows 4.27.2
§ DOCKER-240216, QDOCKER4272
§ Fixes 4 Vulnerabilities: CVE-2020-8911, CVE-2020-8912, CVE-2024-21626, CVE-2024-24557

Windows Third Party CVE Information (cont)
§ Firefox 123.0
§ FF-240220, QFF1230
1555, CVE-2024-1556, CVE-2024-1557
§ Firefox ESR 115.8.0
§ FFE-240220, QFFE11580
§ Fixes 8 Vulnerabilities: CVE-2024-1546, CVE-2024-1547, CVE-2024-1548, CVE-2024-1549, CVE-
2024-1550, CVE-2024-1551, CVE-2024-1552, CVE-2024-1553
§ Thunderbird 115.8.0
§ TB-240220, QTB11580
2024-1550, CVE-2024-1551, CVE-2024-1552, CVE-2024-1553

§ TB-240305, QTB11581
§ Foxit PDF Editor (Subscription) 2024.1.0.23997
§ FPDFES-240307, QFPDFES20241
§ Foxit PDF Reader Consumer 2024.1.0.23997
§ FPDFRC-240307, QFPDFRC20241
§ Foxit PDF Reader Enterprise 2024.1.0.23997
§ FPDFRE-240305, QFPDFRES20241

§ VMware Workstation Player 17.5.1
§ VMWP17-240228, QVMWP1751
§ VMware Workstation Pro 17.5.1
§ VMWW17-240228, QVMWW1751

Apple Release Summary
§ Security Updates (with CVEs): Apple macOS Monterey (1), Apple macOS Sonoma (1), Apple
macOS Ventura (1), Apple Safari (1), Google Chrome (3), Firefox (1), Firefox ESR (1),
Microsoft Edge (2), Thunderbird (2)
§ Security Updates (w/o CVEs): Google Chrome (1)
§ Non-Security Updates: Adobe Acrobat DC and Acrobat Reader DC (1), Brave (4), Calendar
366 II (1), Docker Desktop for Mac (1), draw.io (1), Dropbox (2), Evernote (4), Firefox (1),
Google Drive (1), Grammarly (5), LibreOffice (1), OneDrive for Mac (1), Microsoft Office 2019
Outlook (1), Parallels Desktop (1), PyCharm Professional (1), Skype (1), Spotify (1), Visual
Studio Code (2), Zoom Client for Mac (1)

Apple Updates with CVE Information
§ macOS Monterey 12.7.4
§ HT214083
§ Fixes 26 Vulnerabilities: See Apple security bulletin for details
§ macOS Ventura 13.6.5
§ HT214085
§ macOS Sonoma 14.4
§ HT214084
§ Safari 17.4 for Ventura and Monterey
§ HT214089
§ Fixes 6 Vulnerabilities: CVE-2024-23273, CVE-2024-23252, CVE-2024-23254, CVE-
2024-23263, CVE-2024-23280, CVE-2024-23284

Apple Third Party CVE Information
§ CHROMEMAC-240220
2024-1673, CVE-2024-1674, CVE-2024-1675, CVE-2024-1676
§ CHROMEMAC-240222
1673, CVE-2024-1674, CVE-2024-1675, CVE-2024-1676, CVE-2024-6817
§ CHROMEMAC-240305

Apple Third Party CVE Information (cont)
§ Firefox 123.0
§ FF-240220
1555, CVE-2024-1556, CVE-2024-1557
§ Firefox ESR 115.8.0
§ FFE-240220
2024-1550, CVE-2024-1551, CVE-2024-1552, CVE-2024-1553
§ TB-240221
2024-1550, CVE-2024-1551, CVE-2024-1552, CVE-2024-1553

Apple Third Party CVE Information (cont)
§ MFSA2024-11
§ Microsoft Edge 122.0.2365.63
§ MEDGEMAC-240229
§ Fixes 4 Vulnerabilities: CVE-2024-21423, CVE-2024-26188, CVE-2024-26192, CVE-2024-
26196
§ Microsoft Edge 122.0.2365.80
§ MEDGEMAC-240307

Q & A

March Patch Tuesday

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Similar to March Patch Tuesday

Similar to March Patch Tuesday (20)

Recently uploaded

Recently uploaded (20)

March Patch Tuesday