Security operations · 2 MIN READ · AARON WALTON AND MATT JASTRAM · MAR 14, 2024 · TAGS: MDR
This March Patch Tuesday includes 60 published CVEs from Microsoft and—not to be outdone—Apple delivers a macOS Sonoma Security Update to address 68 CVEs.
Patch Tuesday, March 2024 edition, is still fresh in the minds of security operators everywhere. Our team reviewed the newly released patches, and have a few thoughts and tips to share.
We’ve seen some vulnerabilities already have evidence of exploitation, here’s what we recommend to reduce exploit risk:
- Remediate Microsoft Exchange Server Remote Code Execution (RCE) CVE-2024-26198 Vulnerability. Externally facing servers with a risk of RCE is certainly a reason to patch. With our managed detection and response (MDR) customers, we find external-facing assets required for business operations are the most frequently exploited infrastructure, and Exchange Servers have always been hot targets. This vulnerability requires an attacker to convince a user to open an online directory file. If they do, the file can load a malicious DLL and execute the attacker’s code.
- Remediate Microsoft Azure Kubernetes Service Confidential Container Elevation of Privilege CVE-2024-21400 Vulnerability. According to Microsoft, this vulnerability allows an attacker to move a workload off a vulnerable AKS Kubernetes node or AKS Confidential Container to their own machine, potentially allowing them to steal credentials stored in the container. This activity can be performed by an unauthenticated attacker. Cloud credentials are valuable to attackers, so even though this vulnerability seems a bit complex, it’s worth patching.
- Take steps to remediate or disable ports for the Open Management Infrastructure (OMI) Remote Code Execution CVE-2024-21334 Vulnerability. OMI is an open-source tool for managing Linux and is commonly used with Azure Virtual Machines (VMs). While not as severe as the OMIGOD vulnerability identified in 2021, it’s important to know if your Azure VMs use OMI and ensure OMI is updated on those VMs. To mitigate, either update the OMI version or, if there isn’t a business need for incoming listening ports, disable them. Attackers could leverage a crafted internet request to trigger the vulnerability.
- We also recommend the macOS Sonoma 14.4 Security Update to address the large number of CVEs. The combination of CVEs ranging from arbitrary code execution (five instances) to privilege escalation (six instances), and two kernel mode (i.e., OS super user) is worth the risk remediation. Take a break, initiate the update, and go enjoy your beverage of choice while enhancing your Mac’s security with a risk hygiene act of kindness!
That’s it for this month. If you have any questions about these specific vulnerabilities—or if you’re interested in learning how Expel Vulnerability Prioritization can give you context for your own environment—feel free to get in touch.
