In the latest Patch Tuesday updates, Microsoft has addressed a total of 60 vulnerabilities, including 18 remote code execution flaws. This month's patches focus on fixing critical vulnerabilities in Hyper-V that could lead to remote code execution and denial of service.

Notably, Microsoft has not disclosed any zero-day vulnerabilities as part of these updates. The total count of 60 flaws, however, does not include the four Microsoft Edge flaws that were fixed earlier in the month on March 7th.

Among the critical vulnerabilities fixed this month is a flaw in Azure Kubernetes Service (AKS) that could have allowed attackers to gain elevated privileges and steal credentials. This vulnerability, numbered CVE-2024-21400, could have potentially affected resources beyond the scope managed by AKS Confidential Containers. It was discovered by security researcher Yuval Avrahami.

Microsoft also addressed a critical elevation of privilege vulnerability in Microsoft Office, identified as CVE-2024-26199. This flaw allowed any authenticated user to gain SYSTEM privileges without requiring admin or other elevated privileges. The discovery was credited to Iván Almuiña from Hacking Corporation Sàrl.

Furthermore, a Microsoft Defender security feature bypass vulnerability (CVE-2024-20671) has been fixed. This flaw, when successfully exploited by an authenticated attacker, could prevent Microsoft Defender from starting. However, the issue is resolved by Windows Defender Antimalware Platform updates, which are automatically installed on Windows devices. The credit for discovering this vulnerability goes to Manuel Feifel from Infoguard (Vurex).

Another important fix was made for a remote code execution vulnerability in Skype for Consumer (CVE-2024-21411). This flaw could be triggered by a malicious link or image sent via Instant Message. Users could be tricked into clicking the link or image, allowing the attacker to execute arbitrary code. The discovery of this vulnerability was credited to Hector Peralta and Nicole Armua from Trend Micro Zero Day Initiative.

It is worth mentioning that March 2024 Patch Tuesday does not only focus on critical vulnerabilities but also includes several other fixes for various non-security issues. For more details on the non-security updates released today, readers can refer to dedicated articles covering the new Windows 11 KB5035853 update and the Windows 10 KB5035845 update.

To access the full list and descriptions of the resolved vulnerabilities in the March 2024 Patch Tuesday updates, readers can refer to the provided link. Keep your systems up to date and ensure the installation of these crucial security patches to protect against potential threats.