Yesterday, the Microsoft released the Patch Tuesday February 2024 bringing corrections for 73 vulnerabilities. Two of these are zero-days used in attacks.
The company has labeled five of the vulnerabilities "critical" as they allow denial of service attacks, remote code execution, information disclosure and gaining more privileges.
In the list below, you can find the types of vulnerabilities that are being fixed this month:
- 30 vulnerabilities allowing remote code execution
- 16 vulnerabilities that allow more gestures to be obtained
- 10 vulnerabilities that allow spoofing attacks
- 9 vulnerabilities that allow Denial of Service attacks
- 5 vulnerabilities that allow information disclosure
- 3 vulnerabilities that allow bypassing security functions
Not included are the 6 bugs of the Microsoft Edge corrected on 8 February.
See also: CISA: Adds Chrome vulnerability to the KEV Catalogue
Microsoft Patch Tuesday February 2024: Zero-day vulnerabilities
As mentioned before, this month's Patch Tuesday fixes two vulnerabilities zero-day actively used in attacks.
CVE-2024-21351: Vulnerability that bypasses the security features of Windows SmartScreen
Microsoft has fixed a vulnerability in the Windows SmartScreen, which allows attackers to bypass SmartScreen security controls.
“An authorised attacker must send the user a malicious file and convince him or her to open it", explains Microsoft.
Successful exploitation of the vulnerability allows the bypassing the SmartScreen.
It is not known how the defect was abused in the attacks or by which threat actor since Microsoft has not provided details on how the flaw is exploited in attacks.
The vulnerability was discovered and reported by Eric Lawrence Microsoft.
See also: New vulnerabilities in Cisco, Fortinet, VMware require immediate update
CVE-2024-21412 - Internet Shortcut Files vulnerability that bypasses security features
The second zero-day vulnerability that Microsoft's February Tuesday Patch fixes is a Internet Shortcut File flaw, which could override the Mark of the Web (MoTW) warnings in Windows.
“An unauthorized attacker could send the targeted user a specially crafted file designed to bypass the displayed security check", explains Microsoft. However, the attacker would have to convince the user to take action by clicking on the file link.
Ο Peter Girnus (gothburz) by Trend Micro discovered and reported the bug. At report explains how the DarkCasino team used the vulnerability in a hacking campaign.
According to Microsoft, other researchers have also discovered the bug in question (e.g. dwbzn from Aura Information Security and Dima Lenz and Vlad Stolyarov of Google's Threat Analysis Group).
See also: New vulnerabilities in Azure HDInsight Spark, Kafka and Hadoop services
Microsoft Patch Tuesday February 2024: All vulnerabilities
In the table below, you can see all the vulnerabilities that Microsoft is fixing this month:
| Tag | CVE ID | CVE Title | Severity |
|---|---|---|---|
| .NET | CVE-2024-21386 | .NET Denial of Service Vulnerability | Important |
| .NET | CVE-2024-21404 | .NET Denial of Service Vulnerability | Important |
| Azure Active Directory | CVE-2024-21401 | Microsoft Entra Jira Single-Sign-On Plugin Elevation of Privilege Vulnerability | Important |
| Azure Active Directory | CVE-2024-21381 | Microsoft Azure Active Directory B2C Spoofing Vulnerability | Important |
| Azure Connected Machine Agent | CVE-2024-21329 | Azure Connected Machine Agent Elevation of Privilege Vulnerability | Important |
| Azure DevOps | CVE-2024-20667 | Azure DevOps Server Remote Code Execution Vulnerability | Important |
| Azure File Sync | CVE-2024-21397 | Microsoft Azure File Sync Elevation of Privilege Vulnerability | Important |
| Azure Site Recovery | CVE-2024-21364 | Microsoft Azure Site Recovery Elevation of Privilege Vulnerability | Moderate |
| Azure Stack | CVE-2024-20679 | Azure Stack Hub Spoofing Vulnerability | Important |
| Internet Shortcut Files | CVE-2024-21412 | Internet Shortcut Files Security Feature Bypass Vulnerability | Important |
| Mariner | CVE-2024-21626 | Unknown | Unknown |
| Microsoft ActiveX | CVE-2024-21349 | Microsoft ActiveX Data Objects Remote Code Execution Vulnerability | Important |
| Microsoft Azure Kubernetes Service | CVE-2024-21403 | Microsoft Azure Kubernetes Kubernetes Service Confidential Container Elevation of Privilege Vulnerability | Important |
| Microsoft Azure Kubernetes Service | CVE-2024-21376 | Microsoft Azure Kubernetes Kubernetes Service Confidential Container Remote Code Execution Vulnerability | Important |
| Microsoft Defender for Endpoint | CVE-2024-21315 | Microsoft Defender for Endpoint Protection Elevation of Privilege Vulnerability | Important |
| Microsoft Dynamics | CVE-2024-21393 | Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | Important |
| Microsoft Dynamics | CVE-2024-21389 | Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | Important |
| Microsoft Dynamics | CVE-2024-21395 | Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | Important |
| Microsoft Dynamics | CVE-2024-21380 | Microsoft Dynamics Business Central/NAV Information Disclosure Vulnerability | Critical |
| Microsoft Dynamics | CVE-2024-21328 | Dynamics 365 Sales Spoofing Vulnerability | Important |
| Microsoft Dynamics | CVE-2024-21394 | Dynamics 365 Field Service Spoofing Vulnerability | Important |
| Microsoft Dynamics | CVE-2024-21396 | Dynamics 365 Sales Spoofing Vulnerability | Important |
| Microsoft Dynamics | CVE-2024-21327 | Microsoft Dynamics 365 Customer Engagement Cross-Site Scripting Vulnerability | Important |
| Microsoft Edge (Chromium-based) | CVE-2024-1284 | Chromium: CVE-2024-1284 Use after free in Mojo | Unknown |
| Microsoft Edge (Chromium-based) | CVE-2024-21399 | Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability | Moderate |
| Microsoft Edge (Chromium-based) | CVE-2024-1060 | Chromium: CVE-2024-1060 Use after free in Canvas | Unknown |
| Microsoft Edge (Chromium-based) | CVE-2024-1077 | Chromium: CVE-2024-1077 Use after free in Network | Unknown |
| Microsoft Edge (Chromium-based) | CVE-2024-1283 | Chromium: CVE-2024-1283 Heap buffer overflow in Skia | Unknown |
| Microsoft Edge (Chromium-based) | CVE-2024-1059 | Chromium: CVE-2024-1059 Use after free in WebRTC | Unknown |
| Microsoft Exchange Server | CVE-2024-21410 | Microsoft Exchange Server Elevation of Privilege Vulnerability | Critical |
| Microsoft Office | CVE-2024-21413 | Microsoft Outlook Remote Code Execution Vulnerability | Critical |
| Microsoft Office | CVE-2024-20673 | Microsoft Office Remote Code Execution Vulnerability | Important |
| Microsoft Office OneNote | CVE-2024-21384 | Microsoft Office OneNote Remote Code Execution Vulnerability | Important |
| Microsoft Office Outlook | CVE-2024-21378 | Microsoft Outlook Remote Code Execution Vulnerability | Important |
| Microsoft Office Outlook | CVE-2024-21402 | Microsoft Outlook Elevation of Privilege Vulnerability | Important |
| Microsoft Office Word | CVE-2024-21379 | Microsoft Word Remote Code Execution Vulnerability | Important |
| Microsoft Teams for Android | CVE-2024-21374 | Microsoft Teams for Android Information Disclosure | Important |
| Microsoft WDAC ODBC Driver | CVE-2024-21353 | Microsoft WDAC ODBC Driver Remote Code Execution Vulnerability | Important |
| Microsoft WDAC OLE DB provider for SQL | CVE-2024-21370 | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | Important |
| Microsoft WDAC OLE DB provider for SQL | CVE-2024-21350 | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | Important |
| Microsoft WDAC OLE DB provider for SQL | CVE-2024-21368 | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | Important |
| Microsoft WDAC OLE DB provider for SQL | CVE-2024-21359 | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | Important |
| Microsoft WDAC OLE DB provider for SQL | CVE-2024-21365 | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | Important |
| Microsoft WDAC OLE DB provider for SQL | CVE-2024-21367 | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | Important |
| Microsoft WDAC OLE DB provider for SQL | CVE-2024-21420 | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | Important |
| Microsoft WDAC OLE DB provider for SQL | CVE-2024-21366 | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | Important |
| Microsoft WDAC OLE DB provider for SQL | CVE-2024-21369 | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | Important |
| Microsoft WDAC OLE DB provider for SQL | CVE-2024-21375 | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | Important |
| Microsoft WDAC OLE DB provider for SQL | CVE-2024-21361 | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | Important |
| Microsoft WDAC OLE DB provider for SQL | CVE-2024-21358 | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | Important |
| Microsoft WDAC OLE DB provider for SQL | CVE-2024-21391 | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | Important |
| Microsoft WDAC OLE DB provider for SQL | CVE-2024-21360 | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | Important |
| Microsoft WDAC OLE DB provider for SQL | CVE-2024-21352 | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | Important |
| Microsoft Windows | CVE-2024-21406 | Windows Printing Service Spoofing Vulnerability | Important |
| Microsoft Windows DNS | CVE-2024-21377 | Windows DNS Information Disclosure Vulnerability | Important |
| Role: DNS Server | CVE-2023-50387 | MITRE: CVE-2023-50387 DNSSEC verification complexity can be exploited to exhaust CPU resources and stall DNS resolvers | Important |
| Role: DNS Server | CVE-2024-21342 | Windows DNS Client Denial of Service Vulnerability | Important |
| Skype for Business | CVE-2024-20695 | Skype for Business Information Disclosure Vulnerability | Important |
| SQL Server | CVE-2024-21347 | Microsoft ODBC Driver Remote Code Execution Vulnerability | Important |
| Trusted Compute Base | CVE-2024-21304 | Trusted Compute Base Elevation of Privilege Vulnerability | Important |
| Windows Hyper-V | CVE-2024-20684 | Windows Hyper-V Denial of Service Vulnerability | Critical |
| Windows Internet Connection Sharing (ICS) | CVE-2024-21343 | Windows Network Address Translation (NAT) Denial of Service Vulnerability | Important |
| Windows Internet Connection Sharing (ICS) | CVE-2024-21348 | Internet Connection Sharing (ICS) Denial of Service Vulnerability | Important |
| Windows Internet Connection Sharing (ICS) | CVE-2024-21357 | Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability | Critical |
| Windows Internet Connection Sharing (ICS) | CVE-2024-21344 | Windows Network Address Translation (NAT) Denial of Service Vulnerability | Important |
| Windows kernel | CVE-2024-21371 | Windows Kernel Elevation of Privilege Vulnerability | Important |
| Windows kernel | CVE-2024-21338 | Windows Kernel Elevation of Privilege Vulnerability | Important |
| Windows kernel | CVE-2024-21341 | Windows Kernel Remote Code Execution Vulnerability | Important |
| Windows kernel | CVE-2024-21345 | Windows Kernel Elevation of Privilege Vulnerability | Important |
| Windows kernel | CVE-2024-21362 | Windows Kernel Security Feature Bypass Vulnerability | Important |
| Windows kernel | CVE-2024-21340 | Windows Kernel Information Disclosure Vulnerability | Important |
| Windows LDAP - Lightweight Directory Access Protocol | CVE-2024-21356 | Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability | Important |
| Windows Message Queuing | CVE-2024-21363 | Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability | Important |
| Windows Message Queuing | CVE-2024-21355 | Microsoft Message Queuing (MSMQ) Elevation of Privilege Vulnerability | Important |
| Windows Message Queuing | CVE-2024-21405 | Microsoft Message Queuing (MSMQ) Elevation of Privilege Vulnerability | Important |
| Windows Message Queuing | CVE-2024-21354 | Microsoft Message Queuing (MSMQ) Elevation of Privilege Vulnerability | Important |
| Windows OLE | CVE-2024-21372 | Windows OLE Remote Code Execution Vulnerability | Important |
| Windows SmartScreen | CVE-2024-21351 | Windows SmartScreen Security Feature Bypass Vulnerability | Moderate |
| Windows USB Serial Driver | CVE-2024-21339 | Windows USB Generic Parent Driver Remote Code Execution Vulnerability | Important |
| Windows Win32K - ICOMP | CVE-2024-21346 | Win32k Elevation of Privilege Vulnerability | Important |
Microsoft Patch Tuesday is a practice that Microsoft follows, where on the second Tuesday of each month it releases a patch for the updates and fixes for the functionalities systems its programmes and applications. These updates usually include security fixes, performance improvements and new features.
The purpose of Microsoft Patch Tuesday is to provide Microsoft users with the ability to the best possible user experience, fixing problems and ensuring the Security of their systems. Microsoft Patch Tuesday is important for several reasons. First of all, security updates help to protection of systems against security vulnerabilities and malware. These updates fix known security problems and enhance the resilience of systems against attacks.
Source : www.bleepingcomputer.com