Aggiornamenti Mensili Microsoft (AL07/240409/CSIRT-ITA) – Aggiornamento

Data:
24 Marzo 2025 10:11

Data di creazione: 09/04/2024 – 19:20

Impatto Sistemico

Critico (77.17)

Sintesi

Microsoft ha rilasciato gli aggiornamenti di sicurezza mensili che risolvono un totale di 150 nuove vulnerabilità.

Note (aggiornamento del 24/03/2025): dei Proof of Concept (PoC) per lo sfruttamento delle vulnerabilità CVE-2024-29988, CVE-2024-26218 e CVE-2024-26229 risultano disponibile in rete.

Note (aggiornamento del 10/04/2024) : le CVE-2024-29988 e CVE-2024-26234 risulterebbero essere sfruttate attivamente in rete.

Tipologia

Elevation of Privilege
Information Disclosure
Spoofing
Security Feature Bypass
Denial of Service
Remote Code Execution

Prodotti e versioni affette

.NET and Visual Studio
Azure
Azure AI Search
Azure Arc
Azure Compute Gallery
Azure Migrate
Azure Monitor
Azure Private 5G Core
Azure SDK
Internet Shortcut Files
Microsoft Azure Kubernetes Service
Microsoft Brokering File System
Microsoft Defender for IoT
Microsoft Edge (Chromium-based)
Microsoft Install Service
Microsoft Office Excel
Microsoft Office Outlook
Microsoft Office SharePoint
Microsoft WDAC ODBC Driver
Microsoft WDAC OLE DB provider for SQL
Role: DNS Server
Role: Windows Hyper-V
SQL Server
Windows Authentication Methods
Windows BitLocker
Windows Compressed Folder
Windows Cryptographic Services
Windows Defender Credential Guard
Windows DHCP Server
Windows Distributed File System (DFS)
Windows DWM Core Library
Windows File Server Resource Management Service
Windows HTTP.sys
Windows Internet Connection Sharing (ICS)
Windows Kerberos
Windows Kernel
Windows Local Security Authority Subsystem Service (LSASS)
Windows Message Queuing
Windows Mobile Hotspot
Windows Proxy Driver
Windows Remote Access Connection Manager
Windows Remote Procedure Call
Windows Routing and Remote Access Service (RRAS)
Windows Secure Boot
Windows Storage
Windows Telephony Server
Windows Update Stack
Windows USB Print Driver
Windows Virtual Machine Bus
Windows Win32K – ICOMP

Azioni di mitigazione

In linea con le dichiarazioni del vendor, si raccomanda di procedere all’aggiornamento dei prodotti impattati attraverso l’apposita funzione di Windows Update.

Riferimenti

CVE

CVE-ID
CVE-2024-20665	CVE-2024-20669	CVE-2024-20669	CVE-2024-20670
CVE-2024-20678	CVE-2024-20678	CVE-2024-20685	CVE-2024-20685
CVE-2024-20688	CVE-2024-20688	CVE-2024-20689	CVE-2024-20693
CVE-2024-21322	CVE-2024-21323	CVE-2024-21323	CVE-2024-21324
CVE-2024-21324	CVE-2024-21409	CVE-2024-21424	CVE-2024-21424
CVE-2024-21447	CVE-2024-2201	CVE-2024-23593	CVE-2024-23593
CVE-2024-23594	CVE-2024-23594	CVE-2024-26158	CVE-2024-26158
CVE-2024-26168	CVE-2024-26168	CVE-2024-26171	CVE-2024-26171
CVE-2024-26172	CVE-2024-26175	CVE-2024-26179	CVE-2024-26180
CVE-2024-26183	CVE-2024-26183	CVE-2024-26189	CVE-2024-26193
CVE-2024-26194	CVE-2024-26194	CVE-2024-26195	CVE-2024-26195
CVE-2024-26200	CVE-2024-26200	CVE-2024-26202	CVE-2024-26205
CVE-2024-26205	CVE-2024-26207	CVE-2024-26208	CVE-2024-26209
CVE-2024-26210	CVE-2024-26210	CVE-2024-26211	CVE-2024-26212
CVE-2024-26212	CVE-2024-26213	CVE-2024-26214	CVE-2024-26215
CVE-2024-26216	CVE-2024-26217	CVE-2024-26217	CVE-2024-26218
CVE-2024-26218	CVE-2024-26219	CVE-2024-26220	CVE-2024-26221
CVE-2024-26222	CVE-2024-26222	CVE-2024-26223	CVE-2024-26223
CVE-2024-26224	CVE-2024-26224	CVE-2024-26226	CVE-2024-26227
CVE-2024-26227	CVE-2024-26228	CVE-2024-26228	CVE-2024-26229
CVE-2024-26229	CVE-2024-26230	CVE-2024-26230	CVE-2024-26231
CVE-2024-26231	CVE-2024-26232	CVE-2024-26232	CVE-2024-26233
CVE-2024-26233	CVE-2024-26234	CVE-2024-26234	CVE-2024-26235
CVE-2024-26235	CVE-2024-26236	CVE-2024-26236	CVE-2024-26237
CVE-2024-26237	CVE-2024-26239	CVE-2024-26239	CVE-2024-26240
CVE-2024-26240	CVE-2024-26241	CVE-2024-26241	CVE-2024-26242
CVE-2024-26243	CVE-2024-26243	CVE-2024-26244	CVE-2024-26244
CVE-2024-26245	CVE-2024-26248	CVE-2024-26250	CVE-2024-26250
CVE-2024-26251	CVE-2024-26251	CVE-2024-26252	CVE-2024-26253
CVE-2024-26253	CVE-2024-26254	CVE-2024-26254	CVE-2024-26255
CVE-2024-26255	CVE-2024-26256	CVE-2024-26256	CVE-2024-26257
CVE-2024-26257	CVE-2024-28896	CVE-2024-28896	CVE-2024-28897
CVE-2024-28897	CVE-2024-28898	CVE-2024-28900	CVE-2024-28900
CVE-2024-28901	CVE-2024-28901	CVE-2024-28902	CVE-2024-28903
CVE-2024-28903	CVE-2024-28904	CVE-2024-28904	CVE-2024-28905
CVE-2024-28905	CVE-2024-28906	CVE-2024-28906	CVE-2024-28907
CVE-2024-28907	CVE-2024-28908	CVE-2024-28909	CVE-2024-28909
CVE-2024-28910	CVE-2024-28911	CVE-2024-28911	CVE-2024-28912
CVE-2024-28912	CVE-2024-28913	CVE-2024-28913	CVE-2024-28914
CVE-2024-28915	CVE-2024-28915	CVE-2024-28917	CVE-2024-28919
CVE-2024-28919	CVE-2024-28920	CVE-2024-28920	CVE-2024-28921
CVE-2024-28921	CVE-2024-28922	CVE-2024-28922	CVE-2024-28923
CVE-2024-28924	CVE-2024-28924	CVE-2024-28925	CVE-2024-28926
CVE-2024-28926	CVE-2024-28927	CVE-2024-28929	CVE-2024-28929
CVE-2024-28930	CVE-2024-28930	CVE-2024-28931	CVE-2024-28931
CVE-2024-28932	CVE-2024-28932	CVE-2024-28933	CVE-2024-28934
CVE-2024-28934	CVE-2024-28935	CVE-2024-28936	CVE-2024-28936
CVE-2024-28937	CVE-2024-28938	CVE-2024-28939	CVE-2024-28939
CVE-2024-28940	CVE-2024-28940	CVE-2024-28941	CVE-2024-28942
CVE-2024-28942	CVE-2024-28943	CVE-2024-28943	CVE-2024-28944
CVE-2024-28945	CVE-2024-28945	CVE-2024-29043	CVE-2024-29044
CVE-2024-29044	CVE-2024-29045	CVE-2024-29046	CVE-2024-29046
CVE-2024-29047	CVE-2024-29047	CVE-2024-29048	CVE-2024-29050
CVE-2024-29050	CVE-2024-29052	CVE-2024-29053	CVE-2024-29053
CVE-2024-29054	CVE-2024-29055	CVE-2024-29055	CVE-2024-29056
CVE-2024-29056	CVE-2024-29061	CVE-2024-29062	CVE-2024-29063
CVE-2024-29064	CVE-2024-29064	CVE-2024-29066	CVE-2024-29982
CVE-2024-29982	CVE-2024-29983	CVE-2024-29984	CVE-2024-29985
CVE-2024-29985	CVE-2024-29988	CVE-2024-29989	CVE-2024-29989
CVE-2024-29990	CVE-2024-29992	CVE-2024-29992	CVE-2024-29993
CVE-2024-29993

Change log

Versione	Note	Data
1.1	Aggiunta PoC per la CVE-2024-29988	24/03/2025

Il presente articolo è un prodotto originale di csirt.gov.it, riproposto qui a solo scopo di aumentarne la visibilità. Può essere visualizzato in versione originale al seguente link

CSIRT Toscana

CSIRT Toscana