Alert GCSA-24038 - Microsoft Monthly Security Update - Marzo 2024
******************************************************************
Alert ID: GCSA-24038
Data: 13 Marzo 2024
Titolo: Microsoft Monthly Security Update - Marzo 2024
******************************************************************
:: Descrizione del problema
Microsoft ha pubblicato il security update per il mese di Marzo 2024,
con questa release vengono risolte 61 vulnerabilita'.
Maggiori dettagli sono disponibili alla sezione "Riferimenti".
:: Software / Tecnologie interessate
.NET
Azure Data Studio
Azure SDK
Microsoft Authenticator
Microsoft Azure Kubernetes Service
Microsoft Dynamics
Microsoft Edge for Android
Microsoft Exchange Server
Microsoft Graphics Component
Microsoft Intune
Microsoft Office
Microsoft Office SharePoint
Microsoft QUIC
Microsoft Teams for Android
Microsoft WDAC ODBC Driver
Microsoft WDAC OLE DB provider for SQL
Microsoft Windows SCSI Class System File
Open Management Infrastructure
Outlook for Android
Skype for Consumer
Software for Open Networking in the Cloud (SONiC)
SQL Server
Visual Studio Code
Windows AllJoyn API
Windows Cloud Files Mini Filter Driver
Windows Composite Image File System
Windows Compressed Folder
Windows Defender
Windows Error Reporting
Windows Hyper-V
Windows Hypervisor-Protected Code Integrity
Windows Installer
Windows Kerberos
Windows Kernel
Windows NTFS
Windows ODBC Driver
Windows OLE
Windows Print Spooler Components
Windows Standards-Based Storage Management Service
Windows Telephony Server
Windows Update Stack
Windows USB Hub Driver
Windows USB Serial Driver
:: Impatto
Esecuzione remota di codice arbitrario (RCE)
Acquisizione di privilegi piu' elevati (EoP)
Bypass delle restrizioni di sicurezza (SRB)
Denial of Service (DoS)
Rivelazione di informazioni (ID)
Provide Misleading Information (Spoofing)
Tampering
:: Soluzioni
In Windows per default gli aggiornamenti
avvengono in maniera automatica.
Per verificare manualmente la disponibilita' di aggiornamenti scegliere
Start > Impostazioni > Aggiornamento e Sicurezza > Windows Update
Verificare di aver installato la versione piu' recente del
Servicing Stack Updates
https://msrc.microsoft.com/update-guide/vulnerability/ADV990001
https://docs.microsoft.com/it-it/windows/deployment/update/servicing-stack-updates
MSRC Security Update Guide
https://msrc.microsoft.com/update-guide/deployments
Windows Update domande frequenti
https://support.microsoft.com/en-us/help/12373/windows-update-faq
Gli aggiornamenti sono disponibili anche tramite WSUS ed il
catalogo di Microsoft Update
https://www.catalog.update.microsoft.com/
:: Riferimenti
Microsoft Security Updates - Release Notes
https://msrc.microsoft.com/update-guide/releaseNote/2024-Mar
https://msrc.microsoft.com/update-guide/
https://msrc.microsoft.com/update-guide/deployments
Microsoft Security Update Guidance
https://portal.msrc.microsoft.com/en-us/security-guidance
CSIRT Italia
https://www.csirt.gov.it/contenuti/aggiornamenti-mensili-microsoft-al01-240313-csirt-ita
CISA
https://www.cisa.gov/news-events/alerts/2024/03/12/microsoft-releases-security-updates-multiple-products
CIS - Center for Internet Security
https://www.cisecurity.org/advisory/critical-patches-issued-for-microsoft-products-march-13-2024_2024-027
Mitre CVE
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28746
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20671
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21330
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21334
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21390
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21392
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21400
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21407
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21408
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21411
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21418
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21419
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21421
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21426
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21427
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21429
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21430
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21431
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21432
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21433
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21434
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21435
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21436
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21437
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21438
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21439
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21440
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21441
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21442
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21443
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21444
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21445
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21446
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21448
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21450
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21451
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26159
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26160
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26161
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26162
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26164
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26165
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26166
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26169
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26170
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26173
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26174
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26176
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26177
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26178
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26181
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26182
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26185
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26190
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26197
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26198
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26199
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26201
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26203
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26204
GARR CERT Security Alert - subscribe/unsubscribe:
http://www.cert.garr.it/alert/ricevi-gli-alert-di-cert
-----BEGIN PGP SIGNATURE-----
iF0EAREIAB0WIQTGpdiR5MqstacBGHbBnEyTZRJgQgUCZfFwsQAKCRDBnEyTZRJg
QkwGAJ9Ml7kotN8RJc4vfiVH0+vBqHJURQCeO+19Yx+zICYDSodV6hTREFRkDLY=
=H39S
-----END PGP SIGNATURE-----
Alert ID: GCSA-24038
Data: 13 Marzo 2024
Titolo: Microsoft Monthly Security Update - Marzo 2024
******************************************************************
:: Descrizione del problema
Microsoft ha pubblicato il security update per il mese di Marzo 2024,
con questa release vengono risolte 61 vulnerabilita'.
Maggiori dettagli sono disponibili alla sezione "Riferimenti".
:: Software / Tecnologie interessate
.NET
Azure Data Studio
Azure SDK
Microsoft Authenticator
Microsoft Azure Kubernetes Service
Microsoft Dynamics
Microsoft Edge for Android
Microsoft Exchange Server
Microsoft Graphics Component
Microsoft Intune
Microsoft Office
Microsoft Office SharePoint
Microsoft QUIC
Microsoft Teams for Android
Microsoft WDAC ODBC Driver
Microsoft WDAC OLE DB provider for SQL
Microsoft Windows SCSI Class System File
Open Management Infrastructure
Outlook for Android
Skype for Consumer
Software for Open Networking in the Cloud (SONiC)
SQL Server
Visual Studio Code
Windows AllJoyn API
Windows Cloud Files Mini Filter Driver
Windows Composite Image File System
Windows Compressed Folder
Windows Defender
Windows Error Reporting
Windows Hyper-V
Windows Hypervisor-Protected Code Integrity
Windows Installer
Windows Kerberos
Windows Kernel
Windows NTFS
Windows ODBC Driver
Windows OLE
Windows Print Spooler Components
Windows Standards-Based Storage Management Service
Windows Telephony Server
Windows Update Stack
Windows USB Hub Driver
Windows USB Serial Driver
:: Impatto
Esecuzione remota di codice arbitrario (RCE)
Acquisizione di privilegi piu' elevati (EoP)
Bypass delle restrizioni di sicurezza (SRB)
Denial of Service (DoS)
Rivelazione di informazioni (ID)
Provide Misleading Information (Spoofing)
Tampering
:: Soluzioni
In Windows per default gli aggiornamenti
avvengono in maniera automatica.
Per verificare manualmente la disponibilita' di aggiornamenti scegliere
Start > Impostazioni > Aggiornamento e Sicurezza > Windows Update
Verificare di aver installato la versione piu' recente del
Servicing Stack Updates
https://msrc.microsoft.com/update-guide/vulnerability/ADV990001
https://docs.microsoft.com/it-it/windows/deployment/update/servicing-stack-updates
MSRC Security Update Guide
https://msrc.microsoft.com/update-guide/deployments
Windows Update domande frequenti
https://support.microsoft.com/en-us/help/12373/windows-update-faq
Gli aggiornamenti sono disponibili anche tramite WSUS ed il
catalogo di Microsoft Update
https://www.catalog.update.microsoft.com/
:: Riferimenti
Microsoft Security Updates - Release Notes
https://msrc.microsoft.com/update-guide/releaseNote/2024-Mar
https://msrc.microsoft.com/update-guide/
https://msrc.microsoft.com/update-guide/deployments
Microsoft Security Update Guidance
https://portal.msrc.microsoft.com/en-us/security-guidance
CSIRT Italia
https://www.csirt.gov.it/contenuti/aggiornamenti-mensili-microsoft-al01-240313-csirt-ita
CISA
https://www.cisa.gov/news-events/alerts/2024/03/12/microsoft-releases-security-updates-multiple-products
CIS - Center for Internet Security
https://www.cisecurity.org/advisory/critical-patches-issued-for-microsoft-products-march-13-2024_2024-027
Mitre CVE
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28746
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20671
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21330
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21334
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21390
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21392
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21400
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21407
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21408
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21411
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21418
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21419
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21421
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21426
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21427
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21429
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21430
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21431
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21432
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21433
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21434
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21435
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21436
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21437
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21438
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21439
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21440
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21441
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21442
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21443
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21444
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21445
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21446
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21448
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21450
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21451
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26159
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26160
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26161
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26162
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26164
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26165
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26166
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26169
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26170
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26173
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26174
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26176
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26177
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26178
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26181
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26182
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26185
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26190
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26197
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26198
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26199
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26201
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26203
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26204
GARR CERT Security Alert - subscribe/unsubscribe:
http://www.cert.garr.it/alert/ricevi-gli-alert-di-cert
-----BEGIN PGP SIGNATURE-----
iF0EAREIAB0WIQTGpdiR5MqstacBGHbBnEyTZRJgQgUCZfFwsQAKCRDBnEyTZRJg
QkwGAJ9Ml7kotN8RJc4vfiVH0+vBqHJURQCeO+19Yx+zICYDSodV6hTREFRkDLY=
=H39S
-----END PGP SIGNATURE-----