For March’s Patch Tuesday, no zero-day flaws

/in


Microsoft this week pushed out 61 Patch Tuesday updates with no reports of public disclosures or other zero-days affecting the larger ecosystem (Windows, Office, .NET). Though there are three updated packages from February, they’re just informational changes with no further action is required.

The team at Readiness has crafted this helpful infographic outlining the risks associated with each of the March updates.

Known issues

Each month, Microsoft publishes a list of known issues that relate to the operating system and platforms included in the latest update cycle; for March, there are two minor issues reported:

  • Windows devices using more than one monitor might experience issues with desktop icons moving unexpectedly between monitors or see other icon alignment issues when attempting to use Copilot in Windows. Microsoft is still working on the issue.
  • For Exchange Server, Microsoft published an advisory note: after you install the latest security update there is no longer support for the Oracle OutsideIn Technology (OIT) or OutsideInModule. For more information, see this service update.

February was not a great month for how Microsoft communicated updates and revisions. With March being an exceptionally light month for reported “known issues” for desktop and server platforms, our team found no documentation issues. Good job Microsoft!

Major revisions

This month, Microsoft published the following major revisions to past security and feature updates including:

  • CVE-2024-2173, CVE-2024-2174, and CVE-2024-2176: Chromium: CVE-2024-2173 Out of bounds memory access in V8. These updates relate to recent security patches for the Chromium browser project at Microsoft. No further action required.

Mitigations and workarounds

Microsoft released these vulnerability-related mitigations for this month’s release cycle: 

  • CVE-2023-28746 Register File Data Sampling (RFDS). We are not certain how to categorize this update from Intel, as it relates to a hardware issue with certain Intel chipsets. The mitigation for this vulnerability requires a firmware update, and a corresponding Windows update enables this third-party firmware-based mitigation. More information can be…

Source…