Microsoft February 2024 Patch Tuesday

Published: 2024-02-13. Last Updated: 2024-02-13 18:30:02 UTC
by Renato Marinho (Version: 1)
0 comment(s)

This month we got patches for 80 vulnerabilities. Of these, 5 are critical, and 2 are being exploited according to Microsoft.

One of the exploited vulnerabilities is the Internet Shortcut Files Security Feature Bypass Vulnerability (CVE-2024-21412). According to the advisory, an unauthenticated attacker could send the targeted user a specially crafted file that is designed to bypass displayed security checks. However, the attacker would have no way to force a user to view the attacker-controlled content. Instead, the attacker would have to convince them to take action by clicking on the file link. The CVSS for this vulnerability is 8.1.

The second exploited vulnerability is the Windows SmartScreen Security Feature Bypass Vulnerability (CVE-2024-21351). According to the advisory, the vulnerability allows a malicious actor to inject code into SmartScreen and potentially gain code execution, which could potentially lead to some data exposure, lack of system availability, or both.

About the critical vulnerabilities,one of them is the Microsoft Exchange Server Elevation of Privilege Vulnerability (CVE-2024-21410). According to the advisory, an attacker who successfully exploited this vulnerability could relay a user's leaked Net-NTLMv2 hash against a vulnerable Exchange Server and authenticate as the user. The CVSS for this vulnerability is 9.8 – the highest for this month.

A second critical vulnerability worth mentioning is the Microsoft Outlook Remote Code Execution Vulnerability (CVE-2024-21413). Successful exploitation of this vulnerability would allow an attacker to bypass the Office Protected View and open in editing mode rather than protected mode. An attacker could craft a malicious link that bypasses the Protected View Protocol, which leads to the leaking of local NTLM credential information and remote code execution (RCE). The CVSS for this vulnerability is 9.8 as well.

February 2024 Security Updates

Description
CVE Disclosed Exploited Exploitability (old versions) current version Severity CVSS Base (AVG) CVSS Temporal (AVG)
-- no title --
CVE-2024-21626 No No - - - 8.6 8.6
.NET Denial of Service Vulnerability
CVE-2024-21386 No No - - Important 7.5 6.7
CVE-2024-21404 No No - - Important 7.5 6.7
Azure Connected Machine Agent Elevation of Privilege Vulnerability
CVE-2024-21329 No No - - Important 7.3 6.4
Azure DevOps Server Remote Code Execution Vulnerability
CVE-2024-20667 No No - - Important 7.5 6.5
Azure Stack Hub Spoofing Vulnerability
CVE-2024-20679 No No - - Important 6.5 5.7
Chromium: CVE-2024-1059 Use after free in WebRTC
CVE-2024-1059 No No - - -    
Chromium: CVE-2024-1060 Use after free in Canvas
CVE-2024-1060 No No - - -    
Chromium: CVE-2024-1077 Use after free in Network
CVE-2024-1077 No No - - -    
Chromium: CVE-2024-1283 Heap buffer overflow in Skia
CVE-2024-1283 No No - - -    
Chromium: CVE-2024-1284 Use after free in Mojo
CVE-2024-1284 No No - - -    
Dynamics 365 Field Service Spoofing Vulnerability
CVE-2024-21394 No No - - Important 7.6 6.6
Dynamics 365 Sales Spoofing Vulnerability
CVE-2024-21396 No No - - Important 7.6 6.6
CVE-2024-21328 No No - - Important 7.6 6.6
Internet Connection Sharing (ICS) Denial of Service Vulnerability
CVE-2024-21348 No No - - Important 7.5 6.5
Internet Shortcut Files Security Feature Bypass Vulnerability
CVE-2024-21412 No Yes - - Important 8.1 7.1
MITRE: CVE-2023-50387 DNSSEC verification complexity can be exploited to exhaust CPU resources and stall DNS resolvers
CVE-2023-50387 No No - - Important    
Microsoft ActiveX Data Objects Remote Code Execution Vulnerability
CVE-2024-21349 No No - - Important 8.8 7.7
Microsoft Azure Active Directory B2C Spoofing Vulnerability
CVE-2024-21381 No No - - Important 6.8 6.1
Microsoft Azure File Sync Elevation of Privilege Vulnerability
CVE-2024-21397 No No - - Important 5.3 4.8
Microsoft Azure Kubernetes Service Confidential Container Elevation of Privilege Vulnerability
CVE-2024-21403 No No - - Important 9.0 8.1
Microsoft Azure Kubernetes Service Confidential Container Remote Code Execution Vulnerability
CVE-2024-21376 No No - - Important 9.0 8.1
Microsoft Azure Site Recovery Elevation of Privilege Vulnerability
CVE-2024-21364 No No - - Moderate 9.3 8.4
Microsoft Defender for Endpoint Protection Elevation of Privilege Vulnerability
CVE-2024-21315 No No - - Important 7.8 6.8
Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability
CVE-2024-21389 No No - - Important 7.6 6.6
CVE-2024-21393 No No - - Important 7.6 6.6
CVE-2024-21395 No No - - Important 8.2 7.1
Microsoft Dynamics 365 Customer Engagement Cross-Site Scripting Vulnerability
CVE-2024-21327 No No - - Important 7.6 6.6
Microsoft Dynamics Business Central/NAV Information Disclosure Vulnerability
CVE-2024-21380 No No - - Critical 8.0 7.0
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
CVE-2024-21399 No No Less Likely Less Likely Moderate 8.3 7.2
Microsoft Entra Jira Single-Sign-On Plugin Elevation of Privilege Vulnerability
CVE-2024-21401 No No - - Important 9.8 8.8
Microsoft Exchange Server Elevation of Privilege Vulnerability
CVE-2024-21410 No No - - Critical 9.8 9.1
Microsoft Message Queuing (MSMQ) Elevation of Privilege Vulnerability
CVE-2024-21354 No No - - Important 7.8 6.8
CVE-2024-21355 No No - - Important 7.0 6.1
CVE-2024-21405 No No - - Important 7.0 6.1
Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability
CVE-2024-21363 No No - - Important 7.8 6.8
Microsoft ODBC Driver Remote Code Execution Vulnerability
CVE-2024-21347 No No - - Important 7.5 6.5
Microsoft Office OneNote Remote Code Execution Vulnerability
CVE-2024-21384 No No - - Important 7.8 6.8
Microsoft Office Remote Code Execution Vulnerability
CVE-2024-20673 No No - - Important 7.8 6.8
Microsoft Outlook Elevation of Privilege Vulnerability
CVE-2024-21402 No No - - Important 7.1 6.2
Microsoft Outlook Remote Code Execution Vulnerability
CVE-2024-21413 No No - - Critical 9.8 8.5
CVE-2024-21378 No No - - Important 8.0 7.0
Microsoft Teams for Android Information Disclosure
CVE-2024-21374 No No - - Important 5.0 4.4
Microsoft WDAC ODBC Driver Remote Code Execution Vulnerability
CVE-2024-21353 No No - - Important 8.8 7.7
Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
CVE-2024-21350 No No - - Important 8.8 7.7
CVE-2024-21352 No No - - Important 8.8 7.7
CVE-2024-21358 No No - - Important 8.8 7.7
CVE-2024-21360 No No - - Important 8.8 7.7
CVE-2024-21361 No No - - Important 8.8 7.7
CVE-2024-21366 No No - - Important 8.8 7.7
CVE-2024-21369 No No - - Important 8.8 7.7
CVE-2024-21375 No No - - Important 8.8 7.7
CVE-2024-21420 No No - - Important 8.8 7.7
CVE-2024-21359 No No - - Important 8.8 7.7
CVE-2024-21365 No No - - Important 8.8 7.7
CVE-2024-21367 No No - - Important 8.8 7.7
CVE-2024-21368 No No - - Important 8.8 7.7
CVE-2024-21370 No No - - Important 8.8 7.7
CVE-2024-21391 No No - - Important 8.8 7.7
Microsoft Word Remote Code Execution Vulnerability
CVE-2024-21379 No No - - Important 7.8 6.8
Skype for Business Information Disclosure Vulnerability
CVE-2024-20695 No No - - Important 5.7 5.0
Trusted Compute Base Elevation of Privilege Vulnerability
CVE-2024-21304 No No - - Important 4.1 3.6
Win32k Elevation of Privilege Vulnerability
CVE-2024-21346 No No - - Important 7.8 6.8
Windows DNS Client Denial of Service Vulnerability
CVE-2024-21342 No No - - Important 7.5 6.5
Windows DNS Information Disclosure Vulnerability
CVE-2024-21377 No No - - Important 7.1 6.2
Windows Hyper-V Denial of Service Vulnerability
CVE-2024-20684 No No - - Critical 6.5 5.7
Windows Kernel Elevation of Privilege Vulnerability
CVE-2024-21338 No No - - Important 7.8 6.8
CVE-2024-21371 No No - - Important 7.0 6.1
CVE-2024-21345 No No - - Important 8.8 7.7
Windows Kernel Information Disclosure Vulnerability
CVE-2024-21340 No No - - Important 4.6 4.0
Windows Kernel Remote Code Execution Vulnerability
CVE-2024-21341 No No - - Important 6.8 5.9
Windows Kernel Security Feature Bypass Vulnerability
CVE-2024-21362 No No - - Important 5.5 4.8
Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability
CVE-2024-21356 No No - - Important 6.5 5.7
Windows Network Address Translation (NAT) Denial of Service Vulnerability
CVE-2024-21343 No No - - Important 5.9 5.2
CVE-2024-21344 No No - - Important 5.9 5.2
Windows OLE Remote Code Execution Vulnerability
CVE-2024-21372 No No - - Important 8.8 7.7
Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability
CVE-2024-21357 No No - - Critical 7.5 6.5
Windows Printing Service Spoofing Vulnerability
CVE-2024-21406 No No - - Important 7.5 6.5
Windows SmartScreen Security Feature Bypass Vulnerability
CVE-2024-21351 No Yes - - Moderate 7.6 6.6
Windows USB Generic Parent Driver Remote Code Execution Vulnerability
CVE-2024-21339 No No - - Important 6.4 5.6

--
Renato Marinho
Morphus Labs| LinkedIn|Twitter

Keywords:
0 comment(s)
ISC Stormcast For Tuesday, February 13th, 2024 https://isc.sans.edu/podcastdetail/8850

Comments


Diary Archives