Categories
Blog

Microsoft Patch Tuesday: February 2024 

Microsoft Patch Tuesday February 2024
Home » Blog » Microsoft Patch Tuesday: February 2024 

Microsoft Patch Tuesday: February 2024 

Microsoft has released patches for 73 security vulnerabilities out of which five are critical vulnerabilities and two of the zero-day vulnerabilities are actively being exploited.  

The February 2024 Patch Tuesday update focuses on addressing the following vulnerabilities: 

  • Remote Code Execution (31)  
  • Elevation of Privilege (16) 
  • Denial of Service (8) 
  • Spoofing (6) 
  • Information Disclosure  (5) 
  • Cross-site Scripting (4) 
  • Security Feature Bypass (3) 

It includes patches for the following: 

  • .NET 
  • Windows Hyper-V 
  • Windows OLE 
  • Skype for Business 
  • Azure Active Directory  
  • Azure Connected Machine Agent  
  • Azure File Sync 
  • Azure Stack 
  • Azure Site Recovery 
  • Azure DevOps 
  • Internet Shortcut Files 
  • Microsoft Defender for Endpoint 
  • Microsoft Azure Kubernetes Service 
  • Microsoft ActiveX 
  • Microsoft Edge (Chromium-based) 
  • Microsoft Office 
  • Microsoft Office Outlook 
  • Microsoft Dynamics 
  • Microsoft Office Word 
  • Microsoft Office OneNote 
  • Microsoft Teams for Android 
  • Microsoft WDAC ODBC Driver 
  • Microsoft WDAC OLE DB provider for SQL 
  • Microsoft Windows 
  • Microsoft Exchange Server 
  • Microsoft Windows DNS  
  • Trusted Compute Base 
  • Windows Internet Connection Sharing (ICS) 
  • Windows USB Serial Driver  
  • Windows Win32K – ICOMP 
  • SQL Server 
  • Role: DNS Server 
  • Windows Kernel 
  • Windows Message Queueing 
  • Windows LDAP – Lightweight Directory Access Protocol 
  • Windows SmartScreen 

Technical Dissection  

This year’s Patch Tuesday involves 2 zero-day vulnerabilities and 5 critical vulnerabilities.  

The zero-day vulnerabilities 

CVE-2024-21412 is a zero-day vulnerability with a CVSS score of 8.1 that pertains to a Security Feature Bypass that affects Microsoft’s Windows Internet Shortcut Files. By exploiting this vulnerability, an attacker can bypass security checks by sending his victim a tailored file when the victim clicks the link to the file.  

CVE-2024-21351 is another zero-day vulnerability specifically Security Feature Bypass with a CVSS score of 7.6 that affects Microsoft’s Windows SmartScreen. It is exploited, with the attacker gaining authorization and sending the user a malicious file that the user interacts with. It depends highly on user interaction. It enables an attacker to inject malicious code and gain code execution, allowing them to gain access to sensitive data and disrupt the operation of systems.  

Critical vulnerabilities 

CVE-2024-21410 is a privilege escalation vulnerability. It has a CVSS score of 9.8 (critical). An attacker can target an NTLM client (Outlook for example) with an NTLM credentials leaking vulnerability. The attacker can gain client-level privileges to perform operations on the victim’s behalf on the Exchange server by relaying the leaked credentials against the server.  

CVE2024-21413 is an RCE vulnerability with a critical score of CVSS 9.8, discovered in Microsoft Outlook. By exploiting this vulnerability, the attacker would be able to open files in editing mode instead of protected mode (Office Protected View).  

CVE2024-21380 is a CVSS 8.0 information disclosure vulnerability that impacts the Microsoft Dynamics Business Central/NAV It relies on the victim clicking on a specialized URL that would lead to a compromise, allowing the attacker to interact with applications and content on other tenants.  

CVE2024-21357 is a CVSS 7.5 (high) vulnerability in Pragmatic General Multicast (PGM). To effectively exploit this vulnerability, an attacker must prepare the target environment with preemptive additional actions. Microsoft experts have stated that the attack carried out from exploitation of this vulnerability will only be limited to the same network segment as the attacker.  

CVE2024-20684 is a CVSS 6.5 Windows Hyper V vulnerability exploitation that allows Hyper V host functionality to be impacted by the Hyper V guest.  

The CVE2024-21410 is now added by the CISA to the Known Exploited Vulnerabilities (KEV) catalog because it poses as a critical risk to organizations.  

SharkStriker’s recommendations and implemented measures. 

It is highly advised that all the applicable patches released and recommended by Microsoft be applied.

Please refer to the complete advisory released by Microsoft  The following are some of the general measures that we have implemented to ensure the security of all our clients and partners: 

  • For pre-emptively detecting and responding to suspicious threats and activities, we have implemented round-the-clock monitoring of the IT infrastructure.  
  • Based on the Indicators of Compromise given by CISA, we have hunted for threats (if any) mitigating the possibility of cyber attack caused due to it. 
  • For early detection and quick & precise response to the threats, we have configured their detection mechanisms with the best practices.     
  • Our team of security experts has configured all their detection mechanisms for quick and precise early detection of threats. 
  • Through our STRIEGO’s dashboards, our customers can easily check the status of their cybersecurity posture.  
  • Our customers can get comprehensive visibility of their cybersecurity posture on our unified platform STRIEGO’s dashboard.   

Services

Experience end-to-end management
of statutory and regulatory compliance
through our dedicated service for compliance

Explore More >

Latest Post

All
Blog