March 2024 Security Updates
This release consists of the following 61 Microsoft CVEs:
Tag CVE Base Score CVSS Vector Exploitability FAQs? Workarounds? Mitigations?
Windows Defender CVE-2024-20671
Open Management Infrastructure CVE-2024-21330
Open Management Infrastructure CVE-2024-21334
Microsoft Authenticator CVE-2024-21390
.NET CVE-2024-21392
Microsoft Azure Kubernetes Service CVE-2024-21400
Role: Windows Hyper-V CVE-2024-21407
Role: Windows Hyper-V CVE-2024-21408
Skype for Consumer CVE-2024-21411
Software for Open Networking in the Cloud (SONiC) CVE-2024-21418
Microsoft Dynamics CVE-2024-21419
Azure SDK CVE-2024-21421
Microsoft Office SharePoint CVE-2024-21426
Windows Kerberos CVE-2024-21427
Windows USB Hub Driver CVE-2024-21429
Windows USB Serial Driver CVE-2024-21430
Windows Hypervisor-Protected Code Integrity CVE-2024-21431
Windows Update Stack CVE-2024-21432
Windows Print Spooler Components CVE-2024-21433
Microsoft Windows SCSI Class System File CVE-2024-21434
Windows OLE CVE-2024-21435
Windows Installer CVE-2024-21436
Microsoft Graphics Component CVE-2024-21437
Windows AllJoyn API CVE-2024-21438
Windows Telephony Server CVE-2024-21439
Windows ODBC Driver CVE-2024-21440
Microsoft WDAC OLE DB provider for SQL CVE-2024-21441
Windows USB Print Driver CVE-2024-21442
Windows Kernel CVE-2024-21443
Microsoft WDAC OLE DB provider for SQL CVE-2024-21444
Windows USB Print Driver CVE-2024-21445
Windows NTFS CVE-2024-21446
Microsoft Teams for Android CVE-2024-21448
Microsoft WDAC OLE DB provider for SQL CVE-2024-21450
Microsoft WDAC ODBC Driver CVE-2024-21451
Windows ODBC Driver CVE-2024-26159
Windows Cloud Files Mini Filter Driver CVE-2024-26160
Microsoft WDAC OLE DB provider for SQL CVE-2024-26161
Windows ODBC Driver CVE-2024-26162
SQL Server CVE-2024-26164
Visual Studio Code CVE-2024-26165
Microsoft WDAC OLE DB provider for SQL CVE-2024-26166
Microsoft Edge for Android CVE-2024-26167
Windows Error Reporting CVE-2024-26169
Windows Composite Image File System CVE-2024-26170
Windows Kernel CVE-2024-26173
Windows Kernel CVE-2024-26174
Windows Kernel CVE-2024-26176
Windows Kernel CVE-2024-26177
Windows Kernel CVE-2024-26178
Windows Kernel CVE-2024-26181
Windows Kernel CVE-2024-26182
Windows Compressed Folder CVE-2024-26185
Microsoft QUIC CVE-2024-26190
Windows Standards-Based Storage Management Service CVE-2024-26197
Microsoft Exchange Server CVE-2024-26198
Microsoft Office CVE-2024-26199
Microsoft Intune CVE-2024-26201
Azure Data Studio CVE-2024-26203
Outlook for Android CVE-2024-26204
We are republising 4 non-Microsoft CVEs:
CNA Tag CVE FAQs? Workarounds? Mitigations?
Intel Corporation Intel CVE-2023-28746
Chrome Microsoft Edge (Chromium-based) CVE-2024-2173
Chrome Microsoft Edge (Chromium-based) CVE-2024-2174
Chrome Microsoft Edge (Chromium-based) CVE-2024-2176
Security Update Guide Blog Posts
Date Blog Post
February 15, 2024 New Security Advisory Tab Added to the Microsoft Security Update Guide
January 11, 2022 Coming Soon: New Security Update Guide Notification System
February 9, 2021 Continuing to Listen: Good News about the Security Update Guide API
January 13, 2021 Security Update Guide Supports CVEs Assigned by Industry Partners
December 8, 2020 Security Update Guide: Let’s keep the conversation going
November 9, 2020 Vulnerability Descriptions in the New Version of the Security Update Guide
Relevant Resources
- The new Hotpatching feature is now generally available. Please see Hotpatching feature for Windows Server Azure Edition virtual machines (VMs) for more information.
- Windows 10 and Windows 11 updates are cumulative. The monthly security release includes all security fixes for vulnerabilities that affect Windows 10 and 11, in addition to non-security updates. The updates are available via the Microsoft Update Catalog. For information on lifecycle and support dates for Windows operating systems, please see Windows Lifecycle Facts Sheet.
- Microsoft is improving Windows Release Notes. For more information, please see What's next for Windows release notes.
- A list of the latest servicing stack updates for each operating system can be found in ADV990001. This list will be updated whenever a new servicing stack update is released. It is important to install the latest servicing stack update.
- In addition to security changes for the vulnerabilities, updates include defense-in-depth updates to help improve security-related features.
- Customers running Windows Server 2008 R2, or Windows Server 2008 need to purchase the Extended Security Update to continue receiving security updates. See 4522133 for more information.
Known Issues
You can see these in more detail from the Deployments tab by selecting Known Issues column in the Edit Columns panel.
For more information about Windows Known Issues, please see Windows message center (links to currently-supported versions of Windows are in the left pane).
KB Article Applies To
5035845 Windows 10, version 21H2, Windows 10, version 22H2
5035920 Windows Server 2008 (Monthly Rollup)
5035933 Windows Server 2008 (Security-only update)
5036386 Exchange Server 2016
5036401 Exchange Server 2019 Cumulative Update 14
5036402 Exchange Server 2019 Cumulative Update 13
Released: Mar 12, 2024
March 2024 Security Updates - Release Notes - Security Update Guide - Microsoft