Patch Tuesday Palooza: Microsoft Serves Up 61 Fixes, Adobe Tackles 56 Bugs, While Intel and AMD Spice Up Security Updates!

Patch Tuesday Fever: Microsoft rolls out 61 fixes, and we’re waiting with bated breath for Exploit Wednesday’s encore. Amid the updates, Hyper-V hypervisor gets a critical spotlight, but with a twist—critical doesn’t always mean catastrophic. Stay tuned for the CVSS conundrum! #PatchTuesdayPuzzles 🐛💻🔨

Hot Take:

It’s that time of the month again, folks – Patch Tuesday! Microsoft is doling out digital band-aids like candy on Halloween. But with no active attacks or public knowledge of these vulnerabilities, it’s more like finding out your Halloween candy is all raisins. Will Exploit Wednesday prove to be a sour follow-up, or will cyber ne’er-do-wells simply shrug and mark their calendars for next month’s vulnerability fiesta?

Key Points:

  • Microsoft’s latest patch drop includes 61 CVE-tagged vulnerabilities, with two critical bugs in Windows Hyper-V hypervisor.
  • The most severe non-critical flaw is a CVSS 9.8-rated RCE in Open Management Infrastructure (OMI).
  • Adobe patched 56 vulnerabilities, with 46 in Adobe Experience Manager—all important or moderate.
  • Intel and AMD released advisories for several vulnerabilities, including high-severity ones, but none critical.
  • SAP, Cisco, Google, and Fortinet also joined the patch parade with critical updates and security advisories.
Cve id: CVE-2023-32282
Cve state: PUBLISHED
Cve assigner short name: intel
Cve date updated: 03/14/2024
Cve description: Race condition in BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.

Cve id: CVE-2023-42790
Cve state: PUBLISHED
Cve assigner short name: fortinet
Cve date updated: 03/12/2024
Cve description: A stack-based buffer overflow in Fortinet FortiOS 7.4.0 through 7.4.1, 7.2.0 through 7.2.5, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14, 6.2.0 through 6.2.15, FortiProxy 7.4.0, 7.2.0 through 7.2.6, 7.0.0 through 7.0.12, 2.0.0 through 2.0.13 allows attacker to execute unauthorized code or commands via specially crafted HTTP requests.

Cve id: CVE-2023-48788
Cve state: PUBLISHED
Cve assigner short name: fortinet
Cve date updated: 03/12/2024
Cve description: A improper neutralization of special elements used in an sql command ('sql injection') in Fortinet FortiClientEMS version 7.2.0 through 7.2.2, FortiClientEMS 7.0.1 through 7.0.10 allows attacker to execute unauthorized code or commands via specially crafted packets.

Cve id: CVE-2024-20337
Cve state: PUBLISHED
Cve assigner short name: cisco
Cve date updated: 03/06/2024
Cve description: A vulnerability in the SAML authentication process of Cisco Secure Client could allow an unauthenticated, remote attacker to conduct a carriage return line feed (CRLF) injection attack against a user. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by persuading a user to click a crafted link while establishing a VPN session. A successful exploit could allow the attacker to execute arbitrary script code in the browser or access sensitive, browser-based information, including a valid SAML token. The attacker could then use the token to establish a remote access VPN session with the privileges of the affected user. Individual hosts and services behind the VPN headend would still need additional credentials for successful access.

Title: Windows Hyper-V Remote Code Execution Vulnerability
Cve id: CVE-2024-21407
Cve state: PUBLISHED
Cve assigner short name: microsoft
Cve date updated: 03/12/2024
Cve description: Windows Hyper-V Remote Code Execution Vulnerability

Cve id: CVE-2023-36554
Cve state: PUBLISHED
Cve assigner short name: fortinet
Cve date updated: 03/12/2024
Cve description: A improper access control in Fortinet FortiManager version 7.4.0, version 7.2.0 through 7.2.3, version 7.0.0 through 7.0.10, version 6.4.0 through 6.4.13, 6.2 all versions allows attacker to execute unauthorized code or commands via specially crafted HTTP requests.

Cve id: CVE-2023-20214
Cve state: PUBLISHED
Cve assigner short name: cisco
Cve date updated: 01/25/2024
Cve description: A vulnerability in the request authentication validation for the REST API of Cisco SD-WAN vManage software could allow an unauthenticated, remote attacker to gain read permissions or limited write permissions to the configuration of an affected Cisco SD-WAN vManage instance. This vulnerability is due to insufficient request validation when using the REST API feature. An attacker could exploit this vulnerability by sending a crafted API request to an affected vManage instance. A successful exploit could allow the attacker to retrieve information from and send information to the configuration of the affected Cisco vManage instance. This vulnerability only affects the REST API and does not affect the web-based management interface or the CLI.

Cve id: CVE-2024-23717
Cve state: PUBLISHED
Cve assigner short name: google_android
Cve date updated: 03/11/2024
Cve description: In access_secure_service_from_temp_bond of btm_sec.cc, there is a possible way to achieve keystroke injection due to improper input validation. This could lead to remote (proximal/adjacent) escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Title: Windows Hyper-V Denial of Service Vulnerability
Cve id: CVE-2024-21408
Cve state: PUBLISHED
Cve assigner short name: microsoft
Cve date updated: 03/12/2024
Cve description: Windows Hyper-V Denial of Service Vulnerability

Cve id: CVE-2023-32666
Cve state: PUBLISHED
Cve assigner short name: intel
Cve date updated: 03/14/2024
Cve description: On-chip debug and test interface with improper access control in some 4th Generation Intel(R) Xeon(R) Processors when using Intel(R) SGX or Intel(R) TDX may allow a privileged user to potentially enable escalation of privilege via local access.

Title: Speculative Race Condition impacts modern CPU architectures that support speculative execution, also known as GhostRace.
Cve id: CVE-2024-2193
Cve state: PUBLISHED
Cve assigner short name: certcc
Cve date updated: 03/15/2024
Cve description: A Speculative Race Condition (SRC) vulnerability that impacts modern CPU architectures supporting speculative execution (related to Spectre V1) has been disclosed. An unauthenticated attacker can exploit this vulnerability to disclose arbitrary data from the CPU using race conditions to access the speculative executable code paths.

Cve id: CVE-2023-42789
Cve state: PUBLISHED
Cve assigner short name: fortinet
Cve date updated: 03/12/2024
Cve description: A out-of-bounds write in Fortinet FortiOS 7.4.0 through 7.4.1, 7.2.0 through 7.2.5, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14, 6.2.0 through 6.2.15, FortiProxy 7.4.0, 7.2.0 through 7.2.6, 7.0.0 through 7.0.12, 2.0.0 through 2.0.13 allows attacker to execute unauthorized code or commands via specially crafted HTTP requests.

Title: Microsoft Azure Kubernetes Service Confidential Container Elevation of Privilege Vulnerability
Cve id: CVE-2024-21400
Cve state: PUBLISHED
Cve assigner short name: microsoft
Cve date updated: 03/12/2024
Cve description: Microsoft Azure Kubernetes Service Confidential Container Elevation of Privilege Vulnerability

Cve id: CVE-2024-0039
Cve state: PUBLISHED
Cve assigner short name: google_android
Cve date updated: 03/11/2024
Cve description: In attp_build_value_cmd of att_protocol.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.

Cve id: CVE-2023-47534
Cve state: PUBLISHED
Cve assigner short name: fortinet
Cve date updated: 03/12/2024
Cve description: A improper neutralization of formula elements in a csv file in Fortinet FortiClientEMS version 7.2.0 through 7.2.2, 7.0.0 through 7.0.10, 6.4.0 through 6.4.9, 6.2.0 through 6.2.9, 6.0.0 through 6.0.8 allows attacker to execute unauthorized code or commands via specially crafted packets.

Cve id: CVE-2023-46717
Cve state: PUBLISHED
Cve assigner short name: fortinet
Cve date updated: 03/12/2024
Cve description: An improper authentication vulnerability [CWE-287] in FortiOS versions 7.4.1 and below, versions 7.2.6 and below, and versions 7.0.12 and below when configured with FortiAuthenticator in HA may allow a readonly user to gain read-write access via successive login attempts.

Cve id: CVE-2024-23112
Cve state: PUBLISHED
Cve assigner short name: fortinet
Cve date updated: 03/12/2024
Cve description: An authorization bypass through user-controlled key vulnerability [CWE-639] in FortiOS version 7.4.0 through 7.4.1, 7.2.0 through 7.2.6, 7.0.1 through 7.0.13, 6.4.7 through 6.4.14, and FortiProxy version 7.4.0 through 7.4.2, 7.2.0 through 7.2.8, 7.0.0 through 7.0.14 SSL-VPN may allow an authenticated attacker to gain access to another user’s bookmark via URL manipulation.

Title: Open Management Infrastructure (OMI) Remote Code Execution Vulnerability
Cve id: CVE-2024-21334
Cve state: PUBLISHED
Cve assigner short name: microsoft
Cve date updated: 03/12/2024
Cve description: Open Management Infrastructure (OMI) Remote Code Execution Vulnerability

Need to know more?

Hyper-V's Hyperventilating Hiccups

The Hyper-V hypervisor is feeling hyper-vulnerable with two critical bugs that somehow didn't top the CVSS charts. One is a remote code execution (RCE) vulnerability with a "meh" 8.1 rating and an exploitation likelihood akin to winning the lottery. The other is a denial-of-service flaw that could leave servers gasping for air, but it's not deemed to be a showstopper. Microsoft's reassurance is about as comforting as a pat on the back from someone wearing a Freddy Krueger glove.

OMI-gosh, Not the Ports!

The Open Management Infrastructure has sprung a leak with a 9.8 CVSS-rated RCE that's got Microsoft saying, "Quick, shut the ports!" It's like realizing your boat is sinking and your only solution is to stop inviting water on board. In the meantime, expect port 5986 to get more knocks than a front door on Halloween night.

The Azure Blues

Microsoft Azure Kubernetes Service has a 9.0-rated crack in its containers. Attackers could wiggle in and make off with your precious credentials like a raccoon in a dumpster. The flaw involves a command line tool that's probably less secure than a diary with a "Keep Out" sticker. Microsoft has a fix, so it's time to patch before your container spills more than a toddler's sippy cup.

Adobe's Creative Patchwork

Adobe's been busy stitching up 56 vulnerabilities across its creative suite, with a critical patch for Premiere Pro and ColdFusion because nothing says "creative expression" like arbitrary code execution. Most of the bugs were found loitering in Adobe Experience Manager, doing their best impressions of digital graffiti artists with a penchant for cross-site scripting.

The Silicon Patchwork

Intel and AMD are throwing their own patch parties. Intel's got a couple of high-severity bugs, including one that lets attackers snoop around 4th Gen Xeon processors. Meanwhile, AMD's fixing up a race-condition bug that sounds like it was discovered by half the academic researchers in Europe. It's like a group project where everyone actually does their part.

Other Tech Titans Toss in Fixes

SAP, Cisco, Google, and Fortinet didn't want to feel left out, so they're smashing security bugs like arcade-goers at a Whack-A-Mole machine. SAP's got code injection fun, Cisco is patching up its SD-WAN vManage, and Google's Android is squashing a couple of critical bugs. Fortinet's fixing critical vulnerabilities that could let attackers do everything from writing on the walls to whispering sweet SQL injections in your servers' ears. So, there you have it, the digital equivalent of a neighborhood watch bulletin. Stay safe out there in the cyber streets, and remember to patch like you're trying to keep the Titanic afloat with duct tape and good intentions.
Tags: Adobe Software Patches, Android System RCE, Fortinet Critical Flaws, Intel Hardware Security, Microsoft Patch Tuesday, SAP Code Injection Issues, Windows Hyper-V Vulnerabilities