March already and our third Patch Tuesday of the year with 57 new vulnerabilities!
We think you should pay special attention to:
-
Chromium Vulnerabilities
March’s release includes several vulnerabilities in Chromium-based browsers like Microsoft Edge. These issues, including use-after-free vulnerabilities in browser profiles, allow attackers to bypass browser sandboxing, exfiltrate data, or spoof identities.
-
Microsoft Management Console Remote Code Execution Vulnerability
CVE 2024-26633 is an RCE vulnerability in the MMC. An attacker can exploit this weakness by tricking a user into opening a malicious MMC file, typically distributed through phishing emails or compromised USB drives.
-
Windows NTFS Remote Code Execution Vulnerability
CVE 2024-24993 targets an information disclosure vulnerability within Windows NTFS. An attacker can potentially exploit this issue by prompting users to mount a specially crafted VHD.
You can read a more in depth analysis here or listen to our Patch Tuesday podcast here.