In March’s Patch Tuesday, Microsoft released updates to address 61 vulnerabilities, including two critical flaws in Microsoft Hyper-V, its virtualization software that enables the creation of virtual machines (VMs).
One of the critical vulnerabilities in Hyper-V (CVE-2024-21408) could allow an attacker to cause a denial of service. Although security issues like this are not typically considered critical, Microsoft has classified it as such this time, without providing further details.
The second critical vulnerability in Hyper-V (CVE-2024-21407) allows an authenticated attacker on a guest VM to execute code on the host server. Microsoft notes that for an attack to be successful, the attacker would need to gather specific information about the target environment and take additional steps. The company also considers the exploitation of both Hyper-V vulnerabilities as ‘less likely’. Microsoft has stated that the other vulnerabilities fixed this month are of lower impact.