Security Advisory 2024-027

Release Date:

Critical Vulnerabilities in Microsoft Products



  • 13/03/2024 --- v1.0 -- Initial publication


On March 12, 2024, Microsoft addressed 60 vulnerabilities in its March 2024 Patch Tuesday update [1], including 18 remote code execution (RCE) vulnerabilities.

It recommended applying updates as soon as possible on affected products.

Technical Details

Among the 60 vulnerabilities:

  • CVE-2024-21400: A notable elevation of privilege flaw in Microsoft Azure Kubernetes Service that could allow credential theft.
  • CVE-2024-26199: An elevation of privilege vulnerability in Microsoft Office that permits SYSTEM privileges for authenticated users.
  • CVE-2024-20671: A Microsoft Defender security feature bypass vulnerability that prevents Defender from starting, fixed in Antimalware Platform version 4.18.24010.12.
  • CVE-2024-21411: A Skype for Consumer RCE vulnerability exploitable via malicious links or images.

Affected Products

Affected products include, but are not limited to, Microsoft Azure, Office, Defender, Skype for Consumer, and Hyper-V [2].


It is recommended applying updates as soon as possible.




We got cookies

We only use cookies that are necessary for the technical functioning of our website. Find out more on here.