Microsoft February 2024 Patch Tuesday fixes 2 zero-days, 74 flaws

9 months ago 83
BOOK THIS SPACE FOR AD
ARTICLE AD

Patch Tuesday

Today is Microsoft's February 2024 Patch Tuesday, which includes security updates for 74 flaws and two actively exploited zero-days.

This Patch Tuesday fixes five critical vulnerabilities, including denial of service, Remote code execution, information disclosure, and elevation of privileges vulnerabilities.

The number of bugs in each vulnerability category is listed below:

16 Elevation of Privilege Vulnerabilities 3 Security Feature Bypass Vulnerabilities 30 Remote Code Execution Vulnerabilities 5 Information Disclosure Vulnerabilities 9 Denial of Service Vulnerabilities 10 Spoofing Vulnerabilities

The total count of 74 flaws does not include 6 Microsoft Edge and 1 Mariner flaw fixed on February 8th.

To learn more about the non-security updates released today, you can review our dedicated articles on the new Windows 11 KB5034765 cumulative update.

Two zero-days fixed

This month's Patch Tuesday fixes two actively exploited zero-day vulnerabilities, which Microsoft classifies as a flaw that is publicly disclosed or actively exploited with no official fix available.

The two actively exploited zero-day vulnerabilities in today's updates are:

CVE-2024-21351 - Windows SmartScreen Security Feature Bypass Vulnerability

Microsoft has fixed an actively exploited Windows SmartScreen vulnerability that allows attackers to bypass SmartScreen security checks.

"An authorized attacker must send the user a malicious file and convince the user to open it," explains Microsoft.

"An attacker who successfully exploited this vulnerability could bypass the SmartScreen user experience," continued Microsoft.

It is not known how the flaw was abused in attacks or by what threat actor.

The flaw was discovered by Eric Lawrence of Microsoft.

CVE-2024-21412 - Internet Shortcut Files Security Feature Bypass Vulnerability

Microsoft has fixed an actively exploited Internet Shortcut File flaw that could bypass Mark of the Web (MoTW) warnings in Windows.

"An unauthenticated attacker could send the targeted user a specially crafted file that is designed to bypass displayed security checksk," explains Microsoft.

"However, the attacker would have no way to force a user to view the attacker-controlled content. Instead, the attacker would have to convince them to take action by clicking on the file link."

Peter Girnus (gothburz) of Trend Micro's Zero Day Initiative, who discovered the flaw, released a report today on how it was actively exploited by the APT group DarkCasino (Water Hydra) in a campaign targeting financial traders.

Microsoft says that other researchers discovered the flaw independently, including dwbzn with Aura Information Security and Dima Lenz and Vlad Stolyarov of Google's Threat Analysis Group.

Microsoft has not provided details on how the CVE-2024-21351 flaw was exploited in attacks.

Recent updates from other companies

Other vendors who released updates or advisories in February 2023 include:

Adobe has released security updates for Commerce, Substance 3D Painter, Acrobat and Reader, and more. Cisco released security updates for multiple products. ExpressVPN released a new version to remove the split-tunneling feature after it leaked DNS queries. Fortinet released security updates for a new FortiOS SSL VPN RCE, which is exploited in attacks, and two RCE flaws in FortiSIEM. Google released the Android February 2024 security updates. Ivanti released security updates for a new Connect Secure authentication bypass flaw. JetBrains released security updates for a new critical authentication bypass vulnerability in TeamCity On-Premises. Linux distros release patches for new Shim bootloader code execution flaw. Mastodon released a security update to fix a vulnerability that allows attackers to take over any remote account. SAP has released its February 2024 Patch Day updates.

The February 2024 Patch Tuesday Security Updates

Below is the complete list of resolved vulnerabilities in the February 2024 Patch Tuesday updates.

To access the full description of each vulnerability and the systems it affects, you can view the full report here.

Tag CVE ID CVE Title Severity
.NET CVE-2024-21386 .NET Denial of Service Vulnerability Important
.NET CVE-2024-21404 .NET Denial of Service Vulnerability Important
Azure Active Directory CVE-2024-21401 Microsoft Entra Jira Single-Sign-On Plugin Elevation of Privilege Vulnerability Important
Azure Active Directory CVE-2024-21381 Microsoft Azure Active Directory B2C Spoofing Vulnerability Important
Azure Connected Machine Agent CVE-2024-21329 Azure Connected Machine Agent Elevation of Privilege Vulnerability Important
Azure DevOps CVE-2024-20667 Azure DevOps Server Remote Code Execution Vulnerability Important
Azure File Sync CVE-2024-21397 Microsoft Azure File Sync Elevation of Privilege Vulnerability Important
Azure Site Recovery CVE-2024-21364 Microsoft Azure Site Recovery Elevation of Privilege Vulnerability Moderate
Azure Stack CVE-2024-20679 Azure Stack Hub Spoofing Vulnerability Important
Internet Shortcut Files CVE-2024-21412 Internet Shortcut Files Security Feature Bypass Vulnerability Important
Mariner CVE-2024-21626 Unknown Unknown
Microsoft ActiveX CVE-2024-21349 Microsoft ActiveX Data Objects Remote Code Execution Vulnerability Important
Microsoft Azure Kubernetes Service CVE-2024-21403 Microsoft Azure Kubernetes Service Confidential Container Elevation of Privilege Vulnerability Important
Microsoft Azure Kubernetes Service CVE-2024-21376 Microsoft Azure Kubernetes Service Confidential Container Remote Code Execution Vulnerability Important
Microsoft Defender for Endpoint CVE-2024-21315 Microsoft Defender for Endpoint Protection Elevation of Privilege Vulnerability Important
Microsoft Dynamics CVE-2024-21393 Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability Important
Microsoft Dynamics CVE-2024-21389 Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability Important
Microsoft Dynamics CVE-2024-21395 Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability Important
Microsoft Dynamics CVE-2024-21380 Microsoft Dynamics Business Central/NAV Information Disclosure Vulnerability Critical
Microsoft Dynamics CVE-2024-21328 Dynamics 365 Sales Spoofing Vulnerability Important
Microsoft Dynamics CVE-2024-21394 Dynamics 365 Field Service Spoofing Vulnerability Important
Microsoft Dynamics CVE-2024-21396 Dynamics 365 Sales Spoofing Vulnerability Important
Microsoft Dynamics CVE-2024-21327 Microsoft Dynamics 365 Customer Engagement Cross-Site Scripting Vulnerability Important
Microsoft Edge (Chromium-based) CVE-2024-1284 Chromium: CVE-2024-1284 Use after free in Mojo Unknown
Microsoft Edge (Chromium-based) CVE-2024-21399 Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability Moderate
Microsoft Edge (Chromium-based) CVE-2024-1060 Chromium: CVE-2024-1060 Use after free in Canvas Unknown
Microsoft Edge (Chromium-based) CVE-2024-1077 Chromium: CVE-2024-1077 Use after free in Network Unknown
Microsoft Edge (Chromium-based) CVE-2024-1283 Chromium: CVE-2024-1283 Heap buffer overflow in Skia Unknown
Microsoft Edge (Chromium-based) CVE-2024-1059 Chromium: CVE-2024-1059 Use after free in WebRTC Unknown
Microsoft Exchange Server CVE-2024-21410 Microsoft Exchange Server Elevation of Privilege Vulnerability Critical
Microsoft Office CVE-2024-21413 Microsoft Outlook Remote Code Execution Vulnerability Critical
Microsoft Office CVE-2024-20673 Microsoft Office Remote Code Execution Vulnerability Important
Microsoft Office OneNote CVE-2024-21384 Microsoft Office OneNote Remote Code Execution Vulnerability Important
Microsoft Office Outlook CVE-2024-21378 Microsoft Outlook Remote Code Execution Vulnerability Important
Microsoft Office Outlook CVE-2024-21402 Microsoft Outlook Elevation of Privilege Vulnerability Important
Microsoft Office Word CVE-2024-21379 Microsoft Word Remote Code Execution Vulnerability Important
Microsoft Teams for Android CVE-2024-21374 Microsoft Teams for Android Information Disclosure Important
Microsoft WDAC ODBC Driver CVE-2024-21353 Microsoft WDAC ODBC Driver Remote Code Execution Vulnerability Important
Microsoft WDAC OLE DB provider for SQL CVE-2024-21370 Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability Important
Microsoft WDAC OLE DB provider for SQL CVE-2024-21350 Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability Important
Microsoft WDAC OLE DB provider for SQL CVE-2024-21368 Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability Important
Microsoft WDAC OLE DB provider for SQL CVE-2024-21359 Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability Important
Microsoft WDAC OLE DB provider for SQL CVE-2024-21365 Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability Important
Microsoft WDAC OLE DB provider for SQL CVE-2024-21367 Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability Important
Microsoft WDAC OLE DB provider for SQL CVE-2024-21420 Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability Important
Microsoft WDAC OLE DB provider for SQL CVE-2024-21366 Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability Important
Microsoft WDAC OLE DB provider for SQL CVE-2024-21369 Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability Important
Microsoft WDAC OLE DB provider for SQL CVE-2024-21375 Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability Important
Microsoft WDAC OLE DB provider for SQL CVE-2024-21361 Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability Important
Microsoft WDAC OLE DB provider for SQL CVE-2024-21358 Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability Important
Microsoft WDAC OLE DB provider for SQL CVE-2024-21391 Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability Important
Microsoft WDAC OLE DB provider for SQL CVE-2024-21360 Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability Important
Microsoft WDAC OLE DB provider for SQL CVE-2024-21352 Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability Important
Microsoft Windows CVE-2024-21406 Windows Printing Service Spoofing Vulnerability Important
Microsoft Windows DNS CVE-2024-21377 Windows DNS Information Disclosure Vulnerability Important
Role: DNS Server CVE-2023-50387 MITRE: CVE-2023-50387 DNSSEC verification complexity can be exploited to exhaust CPU resources and stall DNS resolvers Important
Role: DNS Server CVE-2024-21342 Windows DNS Client Denial of Service Vulnerability Important
Skype for Business CVE-2024-20695 Skype for Business Information Disclosure Vulnerability Important
SQL Server CVE-2024-21347 Microsoft ODBC Driver Remote Code Execution Vulnerability Important
Trusted Compute Base CVE-2024-21304 Trusted Compute Base Elevation of Privilege Vulnerability Important
Windows Hyper-V CVE-2024-20684 Windows Hyper-V Denial of Service Vulnerability Critical
Windows Internet Connection Sharing (ICS) CVE-2024-21343 Windows Network Address Translation (NAT) Denial of Service Vulnerability Important
Windows Internet Connection Sharing (ICS) CVE-2024-21348 Internet Connection Sharing (ICS) Denial of Service Vulnerability Important
Windows Internet Connection Sharing (ICS) CVE-2024-21357 Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability Critical
Windows Internet Connection Sharing (ICS) CVE-2024-21344 Windows Network Address Translation (NAT) Denial of Service Vulnerability Important
Windows Kernel CVE-2024-21371 Windows Kernel Elevation of Privilege Vulnerability Important
Windows Kernel CVE-2024-21338 Windows Kernel Elevation of Privilege Vulnerability Important
Windows Kernel CVE-2024-21341 Windows Kernel Remote Code Execution Vulnerability Important
Windows Kernel CVE-2024-21345 Windows Kernel Elevation of Privilege Vulnerability Important
Windows Kernel CVE-2024-21362 Windows Kernel Security Feature Bypass Vulnerability Important
Windows Kernel CVE-2024-21340 Windows Kernel Information Disclosure Vulnerability Important
Windows LDAP - Lightweight Directory Access Protocol CVE-2024-21356 Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability Important
Windows Message Queuing CVE-2024-21363 Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability Important
Windows Message Queuing CVE-2024-21355 Microsoft Message Queuing (MSMQ) Elevation of Privilege Vulnerability Important
Windows Message Queuing CVE-2024-21405 Microsoft Message Queuing (MSMQ) Elevation of Privilege Vulnerability Important
Windows Message Queuing CVE-2024-21354 Microsoft Message Queuing (MSMQ) Elevation of Privilege Vulnerability Important
Windows OLE CVE-2024-21372 Windows OLE Remote Code Execution Vulnerability Important
Windows SmartScreen CVE-2024-21351 Windows SmartScreen Security Feature Bypass Vulnerability Moderate
Windows USB Serial Driver CVE-2024-21339 Windows USB Generic Parent Driver Remote Code Execution Vulnerability Important
Windows Win32K - ICOMP CVE-2024-21346 Win32k Elevation of Privilege Vulnerability Important
Read Entire Article