Microsoft has announced the security updates for March 2024.
March 2024 Security Updates
This release consists of the following 61 Microsoft CVEs:
Tag CVE Base Score FAQs? Workarounds? Mitigations? Windows Defender CVE-2024-20671 5.5 Yes No No Open Management Infrastructure CVE-2024-21330 7.8 Yes No No Open Management Infrastructure CVE-2024-21334 9.8 Yes No Yes Microsoft Authenticator CVE-2024-21390 7.1 Yes No No .NET CVE-2024-21392 7.5 No No No Microsoft Azure Kubernetes Service CVE-2024-21400 9.0 Yes No No Role: Windows Hyper-V CVE-2024-21407 8.1 Yes No No Role: Windows Hyper-V CVE-2024-21408 5.5 No No No Skype for Consumer CVE-2024-21411 8.8 Yes No No Software for Open Networking in the Cloud (SONiC) CVE-2024-21418 7.8 Yes No No Microsoft Dynamics CVE-2024-21419 7.6 Yes No No Azure SDK CVE-2024-21421 7.5 Yes No No Microsoft Office SharePoint CVE-2024-21426 7.8 Yes No No Windows Kerberos CVE-2024-21427 7.5 Yes No No Windows USB Hub Driver CVE-2024-21429 6.8 No No No Windows USB Serial Driver CVE-2024-21430 5.7 Yes No No Windows Hypervisor-Protected Code Integrity CVE-2024-21431 7.8 Yes No No Windows Update Stack CVE-2024-21432 7.0 Yes No No Windows Print Spooler Components CVE-2024-21433 7.0 Yes No No Microsoft Windows SCSI Class System File CVE-2024-21434 7.8 Yes No No Windows OLE CVE-2024-21435 8.8 Yes No No Windows Installer CVE-2024-21436 7.8 Yes No No Microsoft Graphics Component CVE-2024-21437 7.8 Yes No No Windows AllJoyn API CVE-2024-21438 7.5 No No No Windows Telephony Server CVE-2024-21439 7.0 Yes No No Windows ODBC Driver CVE-2024-21440 8.8 Yes No No Microsoft WDAC OLE DB provider for SQL CVE-2024-21441 8.8 Yes No No Windows USB Print Driver CVE-2024-21442 7.8 Yes No No Windows Kernel CVE-2024-21443 7.3 Yes No No Microsoft WDAC OLE DB provider for SQL CVE-2024-21444 8.8 Yes No No Windows USB Print Driver CVE-2024-21445 7.0 Yes No No Windows NTFS CVE-2024-21446 7.8 Yes No No Microsoft Teams for Android CVE-2024-21448 5.0 Yes No No Microsoft WDAC OLE DB provider for SQL CVE-2024-21450 8.8 Yes No No Microsoft WDAC ODBC Driver CVE-2024-21451 8.8 Yes No No Windows ODBC Driver CVE-2024-26159 8.8 Yes No No Windows Cloud Files Mini Filter Driver CVE-2024-26160 5.5 Yes No No Microsoft WDAC OLE DB provider for SQL CVE-2024-26161 8.8 Yes No No Windows ODBC Driver CVE-2024-26162 8.8 Yes No No SQL Server CVE-2024-26164 8.8 Yes No No Visual Studio Code CVE-2024-26165 8.8 No No No Microsoft WDAC OLE DB provider for SQL CVE-2024-26166 8.8 Yes No No Microsoft Edge for Android CVE-2024-26167 4.3 Yes No No Windows Error Reporting CVE-2024-26169 7.8 Yes No No Windows Composite Image File System CVE-2024-26170 7.8 Yes No No Windows Kernel CVE-2024-26173 7.8 Yes No No Windows Kernel CVE-2024-26174 5.5 Yes No No Windows Kernel CVE-2024-26176 7.8 Yes No No Windows Kernel CVE-2024-26177 5.5 Yes No No Windows Kernel CVE-2024-26178 7.8 Yes No No Windows Kernel CVE-2024-26181 5.5 No No No Windows Kernel CVE-2024-26182 7.8 Yes No No Windows Compressed Folder CVE-2024-26185 6.5 Yes No No Microsoft QUIC CVE-2024-26190 7.5 No No No Windows Standards-Based Storage Management Service CVE-2024-26197 6.5 No No No Microsoft Exchange Server CVE-2024-26198 8.8 Yes No No Microsoft Office CVE-2024-26199 7.8 Yes No No Microsoft Intune CVE-2024-26201 6.6 Yes No No Azure Data Studio CVE-2024-26203 7.3 Yes No No Outlook for Android CVE-2024-26204 7.5 Yes No No We are republising 4 non-Microsoft CVEs:
CNA Tag CVE FAQs? Workarounds? Mitigations? Intel Corporation Intel CVE-2023-28746 Yes No No Chrome Microsoft Edge (Chromium-based) CVE-2024-2173 Yes No No Chrome Microsoft Edge (Chromium-based) CVE-2024-2174 Yes No No Chrome Microsoft Edge (Chromium-based) CVE-2024-2176 Yes No No Security Update Guide Blog Posts
Date Blog Post February 15, 2024 New Security Advisory Tab Added to the Microsoft Security Update Guide January 11, 2022 Coming Soon: New Security Update Guide Notification System February 9, 2021 Continuing to Listen: Good News about the Security Update Guide API January 13, 2021 Security Update Guide Supports CVEs Assigned by Industry Partners December 8, 2020 Security Update Guide: Let’s keep the conversation going November 9, 2020 Vulnerability Descriptions in the New Version of the Security Update Guide Relevant Resources
- The new Hotpatching feature is now generally available. Please see Hotpatching feature for Windows Server Azure Edition virtual machines (VMs) for more information.
- Windows 10 and Windows 11 updates are cumulative. The monthly security release includes all security fixes for vulnerabilities that affect Windows 10 and 11, in addition to non-security updates. The updates are available via the Microsoft Update Catalog. For information on lifecycle and support dates for Windows operating systems, please see Windows Lifecycle Facts Sheet.
- Microsoft is improving Windows Release Notes. For more information, please see What's next for Windows release notes.
- A list of the latest servicing stack updates for each operating system can be found in ADV990001. This list will be updated whenever a new servicing stack update is released. It is important to install the latest servicing stack update.
- In addition to security changes for the vulnerabilities, updates include defense-in-depth updates to help improve security-related features.
- Customers running Windows Server 2008 R2, or Windows Server 2008 need to purchase the Extended Security Update to continue receiving security updates. See 4522133 for more information.
Known Issues
You can see these in more detail from the Deployments tab by selecting Known Issues column in the Edit Columns panel.
For more information about Windows Known Issues, please see Windows message center (links to currently-supported versions of Windows are in the left pane).
KB Article Applies To 5035845 Windows 10, version 21H2, Windows 10, version 22H2 5035920 Windows Server 2008 (Monthly Rollup) 5035933 Windows Server 2008 (Security-only update) 5036386 Exchange Server 2016 5036401 Exchange Server 2019 Cumulative Update 14 5036402 Exchange Server 2019 Cumulative Update 13