Microsoft February 2024 Patch Tuesday
This month we got patches for 80 vulnerabilities. Of these, 5 are critical, and 2 are being exploited according to Microsoft.
One of the exploited vulnerabilities is the Internet Shortcut Files Security Feature Bypass Vulnerability (CVE-2024-21412). According to the advisory, an unauthenticated attacker could send the targeted user a specially crafted file that is designed to bypass displayed security checks. However, the attacker would have no way to force a user to view the attacker-controlled content. Instead, the attacker would have to convince them to take action by clicking on the file link. The CVSS for this vulnerability is 8.1.
The second exploited vulnerability is the Windows SmartScreen Security Feature Bypass Vulnerability (CVE-2024-21351). According to the advisory, the vulnerability allows a malicious actor to inject code into SmartScreen and potentially gain code execution, which could potentially lead to some data exposure, lack of system availability, or both.
About the critical vulnerabilities,one of them is the Microsoft Exchange Server Elevation of Privilege Vulnerability (CVE-2024-21410). According to the advisory, an attacker who successfully exploited this vulnerability could relay a user's leaked Net-NTLMv2 hash against a vulnerable Exchange Server and authenticate as the user. The CVSS for this vulnerability is 9.8 – the highest for this month.
A second critical vulnerability worth mentioning is the Microsoft Outlook Remote Code Execution Vulnerability (CVE-2024-21413). Successful exploitation of this vulnerability would allow an attacker to bypass the Office Protected View and open in editing mode rather than protected mode. An attacker could craft a malicious link that bypasses the Protected View Protocol, which leads to the leaking of local NTLM credential information and remote code execution (RCE). The CVSS for this vulnerability is 9.8 as well.
February 2024 Security Updates
| Description | |||||||
|---|---|---|---|---|---|---|---|
| CVE | Disclosed | Exploited | Exploitability (old versions) | current version | Severity | CVSS Base (AVG) | CVSS Temporal (AVG) |
| -- no title -- | |||||||
| CVE-2024-21626 | No | No | - | - | - | 8.6 | 8.6 |
| .NET Denial of Service Vulnerability | |||||||
| CVE-2024-21386 | No | No | - | - | Important | 7.5 | 6.7 |
| CVE-2024-21404 | No | No | - | - | Important | 7.5 | 6.7 |
| Azure Connected Machine Agent Elevation of Privilege Vulnerability | |||||||
| CVE-2024-21329 | No | No | - | - | Important | 7.3 | 6.4 |
| Azure DevOps Server Remote Code Execution Vulnerability | |||||||
| CVE-2024-20667 | No | No | - | - | Important | 7.5 | 6.5 |
| Azure Stack Hub Spoofing Vulnerability | |||||||
| CVE-2024-20679 | No | No | - | - | Important | 6.5 | 5.7 |
| Chromium: CVE-2024-1059 Use after free in WebRTC | |||||||
| CVE-2024-1059 | No | No | - | - | - | ||
| Chromium: CVE-2024-1060 Use after free in Canvas | |||||||
| CVE-2024-1060 | No | No | - | - | - | ||
| Chromium: CVE-2024-1077 Use after free in Network | |||||||
| CVE-2024-1077 | No | No | - | - | - | ||
| Chromium: CVE-2024-1283 Heap buffer overflow in Skia | |||||||
| CVE-2024-1283 | No | No | - | - | - | ||
| Chromium: CVE-2024-1284 Use after free in Mojo | |||||||
| CVE-2024-1284 | No | No | - | - | - | ||
| Dynamics 365 Field Service Spoofing Vulnerability | |||||||
| CVE-2024-21394 | No | No | - | - | Important | 7.6 | 6.6 |
| Dynamics 365 Sales Spoofing Vulnerability | |||||||
| CVE-2024-21396 | No | No | - | - | Important | 7.6 | 6.6 |
| CVE-2024-21328 | No | No | - | - | Important | 7.6 | 6.6 |
| Internet Connection Sharing (ICS) Denial of Service Vulnerability | |||||||
| CVE-2024-21348 | No | No | - | - | Important | 7.5 | 6.5 |
| Internet Shortcut Files Security Feature Bypass Vulnerability | |||||||
| CVE-2024-21412 | No | Yes | - | - | Important | 8.1 | 7.1 |
| MITRE: CVE-2023-50387 DNSSEC verification complexity can be exploited to exhaust CPU resources and stall DNS resolvers | |||||||
| CVE-2023-50387 | No | No | - | - | Important | ||
| Microsoft ActiveX Data Objects Remote Code Execution Vulnerability | |||||||
| CVE-2024-21349 | No | No | - | - | Important | 8.8 | 7.7 |
| Microsoft Azure Active Directory B2C Spoofing Vulnerability | |||||||
| CVE-2024-21381 | No | No | - | - | Important | 6.8 | 6.1 |
| Microsoft Azure File Sync Elevation of Privilege Vulnerability | |||||||
| CVE-2024-21397 | No | No | - | - | Important | 5.3 | 4.8 |
| Microsoft Azure Kubernetes Service Confidential Container Elevation of Privilege Vulnerability | |||||||
| CVE-2024-21403 | No | No | - | - | Important | 9.0 | 8.1 |
| Microsoft Azure Kubernetes Service Confidential Container Remote Code Execution Vulnerability | |||||||
| CVE-2024-21376 | No | No | - | - | Important | 9.0 | 8.1 |
| Microsoft Azure Site Recovery Elevation of Privilege Vulnerability | |||||||
| CVE-2024-21364 | No | No | - | - | Moderate | 9.3 | 8.4 |
| Microsoft Defender for Endpoint Protection Elevation of Privilege Vulnerability | |||||||
| CVE-2024-21315 | No | No | - | - | Important | 7.8 | 6.8 |
| Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | |||||||
| CVE-2024-21389 | No | No | - | - | Important | 7.6 | 6.6 |
| CVE-2024-21393 | No | No | - | - | Important | 7.6 | 6.6 |
| CVE-2024-21395 | No | No | - | - | Important | 8.2 | 7.1 |
| Microsoft Dynamics 365 Customer Engagement Cross-Site Scripting Vulnerability | |||||||
| CVE-2024-21327 | No | No | - | - | Important | 7.6 | 6.6 |
| Microsoft Dynamics Business Central/NAV Information Disclosure Vulnerability | |||||||
| CVE-2024-21380 | No | No | - | - | Critical | 8.0 | 7.0 |
| Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability | |||||||
| CVE-2024-21399 | No | No | Less Likely | Less Likely | Moderate | 8.3 | 7.2 |
| Microsoft Entra Jira Single-Sign-On Plugin Elevation of Privilege Vulnerability | |||||||
| CVE-2024-21401 | No | No | - | - | Important | 9.8 | 8.8 |
| Microsoft Exchange Server Elevation of Privilege Vulnerability | |||||||
| CVE-2024-21410 | No | No | - | - | Critical | 9.8 | 9.1 |
| Microsoft Message Queuing (MSMQ) Elevation of Privilege Vulnerability | |||||||
| CVE-2024-21354 | No | No | - | - | Important | 7.8 | 6.8 |
| CVE-2024-21355 | No | No | - | - | Important | 7.0 | 6.1 |
| CVE-2024-21405 | No | No | - | - | Important | 7.0 | 6.1 |
| Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability | |||||||
| CVE-2024-21363 | No | No | - | - | Important | 7.8 | 6.8 |
| Microsoft ODBC Driver Remote Code Execution Vulnerability | |||||||
| CVE-2024-21347 | No | No | - | - | Important | 7.5 | 6.5 |
| Microsoft Office OneNote Remote Code Execution Vulnerability | |||||||
| CVE-2024-21384 | No | No | - | - | Important | 7.8 | 6.8 |
| Microsoft Office Remote Code Execution Vulnerability | |||||||
| CVE-2024-20673 | No | No | - | - | Important | 7.8 | 6.8 |
| Microsoft Outlook Elevation of Privilege Vulnerability | |||||||
| CVE-2024-21402 | No | No | - | - | Important | 7.1 | 6.2 |
| Microsoft Outlook Remote Code Execution Vulnerability | |||||||
| CVE-2024-21413 | No | No | - | - | Critical | 9.8 | 8.5 |
| CVE-2024-21378 | No | No | - | - | Important | 8.0 | 7.0 |
| Microsoft Teams for Android Information Disclosure | |||||||
| CVE-2024-21374 | No | No | - | - | Important | 5.0 | 4.4 |
| Microsoft WDAC ODBC Driver Remote Code Execution Vulnerability | |||||||
| CVE-2024-21353 | No | No | - | - | Important | 8.8 | 7.7 |
| Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | |||||||
| CVE-2024-21350 | No | No | - | - | Important | 8.8 | 7.7 |
| CVE-2024-21352 | No | No | - | - | Important | 8.8 | 7.7 |
| CVE-2024-21358 | No | No | - | - | Important | 8.8 | 7.7 |
| CVE-2024-21360 | No | No | - | - | Important | 8.8 | 7.7 |
| CVE-2024-21361 | No | No | - | - | Important | 8.8 | 7.7 |
| CVE-2024-21366 | No | No | - | - | Important | 8.8 | 7.7 |
| CVE-2024-21369 | No | No | - | - | Important | 8.8 | 7.7 |
| CVE-2024-21375 | No | No | - | - | Important | 8.8 | 7.7 |
| CVE-2024-21420 | No | No | - | - | Important | 8.8 | 7.7 |
| CVE-2024-21359 | No | No | - | - | Important | 8.8 | 7.7 |
| CVE-2024-21365 | No | No | - | - | Important | 8.8 | 7.7 |
| CVE-2024-21367 | No | No | - | - | Important | 8.8 | 7.7 |
| CVE-2024-21368 | No | No | - | - | Important | 8.8 | 7.7 |
| CVE-2024-21370 | No | No | - | - | Important | 8.8 | 7.7 |
| CVE-2024-21391 | No | No | - | - | Important | 8.8 | 7.7 |
| Microsoft Word Remote Code Execution Vulnerability | |||||||
| CVE-2024-21379 | No | No | - | - | Important | 7.8 | 6.8 |
| Skype for Business Information Disclosure Vulnerability | |||||||
| CVE-2024-20695 | No | No | - | - | Important | 5.7 | 5.0 |
| Trusted Compute Base Elevation of Privilege Vulnerability | |||||||
| CVE-2024-21304 | No | No | - | - | Important | 4.1 | 3.6 |
| Win32k Elevation of Privilege Vulnerability | |||||||
| CVE-2024-21346 | No | No | - | - | Important | 7.8 | 6.8 |
| Windows DNS Client Denial of Service Vulnerability | |||||||
| CVE-2024-21342 | No | No | - | - | Important | 7.5 | 6.5 |
| Windows DNS Information Disclosure Vulnerability | |||||||
| CVE-2024-21377 | No | No | - | - | Important | 7.1 | 6.2 |
| Windows Hyper-V Denial of Service Vulnerability | |||||||
| CVE-2024-20684 | No | No | - | - | Critical | 6.5 | 5.7 |
| Windows Kernel Elevation of Privilege Vulnerability | |||||||
| CVE-2024-21338 | No | No | - | - | Important | 7.8 | 6.8 |
| CVE-2024-21371 | No | No | - | - | Important | 7.0 | 6.1 |
| CVE-2024-21345 | No | No | - | - | Important | 8.8 | 7.7 |
| Windows Kernel Information Disclosure Vulnerability | |||||||
| CVE-2024-21340 | No | No | - | - | Important | 4.6 | 4.0 |
| Windows Kernel Remote Code Execution Vulnerability | |||||||
| CVE-2024-21341 | No | No | - | - | Important | 6.8 | 5.9 |
| Windows Kernel Security Feature Bypass Vulnerability | |||||||
| CVE-2024-21362 | No | No | - | - | Important | 5.5 | 4.8 |
| Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability | |||||||
| CVE-2024-21356 | No | No | - | - | Important | 6.5 | 5.7 |
| Windows Network Address Translation (NAT) Denial of Service Vulnerability | |||||||
| CVE-2024-21343 | No | No | - | - | Important | 5.9 | 5.2 |
| CVE-2024-21344 | No | No | - | - | Important | 5.9 | 5.2 |
| Windows OLE Remote Code Execution Vulnerability | |||||||
| CVE-2024-21372 | No | No | - | - | Important | 8.8 | 7.7 |
| Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability | |||||||
| CVE-2024-21357 | No | No | - | - | Critical | 7.5 | 6.5 |
| Windows Printing Service Spoofing Vulnerability | |||||||
| CVE-2024-21406 | No | No | - | - | Important | 7.5 | 6.5 |
| Windows SmartScreen Security Feature Bypass Vulnerability | |||||||
| CVE-2024-21351 | No | Yes | - | - | Moderate | 7.6 | 6.6 |
| Windows USB Generic Parent Driver Remote Code Execution Vulnerability | |||||||
| CVE-2024-21339 | No | No | - | - | Important | 6.4 | 5.6 |
--
Renato Marinho
Morphus Labs| LinkedIn|Twitter
Comments