On March 12, 2024, Microsoft published their March 2024 security update with patches for 61 vulnerabilities. Among these, Arctic Wolf has highlighted 2 vulnerabilities in this bulletin that were categorized as critical and high severity.
Impacted Product: Microsoft Open Management Infrastructure
| CVE-2024-21334 | CVSS: 9.8 – Critical
MS Severity: Important |
No Exploitation Detected |
| Open Management Infrastructure (OMI) Remote Code Execution Vulnerability – A remote, unauthenticated threat actor could potentially exploit this use-after-free vulnerability by accessing the OMI instance from the Internet and sending carefully crafted requests. | ||
Impacted Product: Microsoft Windows Hyper-V
| CVE-2024-21407 | CVSS: 8.1 – High
MS Severity: Critical |
No Exploitation Detected |
| Windows Hyper-V Remote Code Execution (RCE) Vulnerability – Exploitation can occur if a threat actor gains authenticated access to a guest virtual machine (VM). The threat actor would then send specifically crafted file operation requests from the VM to the hardware resources of that VM. This could potentially lead RCE on the host server from which the VM is running. | ||
Recommendations for CVE-2024-21334 and CVE-2024-21407
Recommendation: Apply Security Updates to Impacted Products
Arctic Wolf strongly recommends applying the available security updates to all impacted products to prevent potential exploitation of these vulnerabilities.
Affected and Fixed Products/Versions
| Product | Vulnerability | Reference Article | Update |
| Open Management Infrastructure | CVE-2024-21334 | Release Notes | Security Update |
| System Center Operations Manager (SCOM) 2022 | CVE-2024-21334 | Release Notes | Security Update |
| System Center Operations Manager (SCOM) 2019 | CVE-2024-21334 | Release Notes | Security Update |
| Windows 10 for x64-based Systems | CVE-2024-21407 | 5035858 | Security Update |
| Windows 10 Version 1607 for x64-based Systems | CVE-2024-21407 | 5035855 | Security Update |
| Windows 10 Version 1809 for x64-based Systems | CVE-2024-21407 | 5035849 | Security Update |
| Windows 10 Version 21H2 for x64-based Systems | CVE-2024-21407 | 5035845 | Security Update |
| Windows 10 Version 22H2 for x64-based Systems | CVE-2024-21407 | 5035845 | Security Update |
| Windows 11 version 21H2 for ARM64-based Systems | CVE-2024-21407 | 5035854 | Security Update |
| Windows 11 version 21H2 for x64-based Systems | CVE-2024-21407 | 5035854 | Security Update |
| Windows 11 Version 22H2 for ARM64-based Systems | CVE-2024-21407 | 5035853 | Security Update |
| Windows 11 Version 22H2 for x64-based Systems | CVE-2024-21407 | 5035853 | Security Update |
| Windows 11 Version 23H2 for ARM64-based Systems | CVE-2024-21407 | 5035853 | Security Update |
| Windows 11 Version 23H2 for x64-based Systems | CVE-2024-21407 | 5035853 | Security Update |
| Windows Server 2012 | CVE-2024-21407 | 5035930 | Monthly Rollup |
| Windows Server 2012 R2 | CVE-2024-21407 | 5035885 | Monthly Rollup |
| Windows Server 2016 | CVE-2024-21407 | 5035855 | Security Update |
| Windows Server 2019 | CVE-2024-21407 | 5035849 | Security Update |
| Windows Server 2022 | CVE-2024-21407 | 5035857 , | Security Update |
| Windows Server 2022 23H2 Edition | CVE-2024-21407 | 5035856 | Security Update |
Note: Please follow your organization’s patching and testing guidelines to avoid any operational impact.
References
See other important security bulletins from Arctic Wolf.
