In their latest cybersecurity update for February 2024, Microsoft has rolled out a hefty suite of 72 new patches aimed at fortifying a wide array of its services against vulnerabilities, including Microsoft Windows and its components, Office suite, Azure cloud services, .NET and ASP.NET frameworks, SQL Server, Windows Hyper-V, and Microsoft Dynamics. The patch release also integrates fixes for several Chromium vulnerabilities, elevating the total count of addressed CVEs to 78. Notably, two of these vulnerabilities, patched as part of this update, were highlighted by the Zero Day Initiative (ZDI) program, with one being actively exploited at the time of the patch release.
Breaking down the severity of the patches, Microsoft categorized five as ‘Critical,’ 65 as ‘Important,’ and two as ‘Moderate.’ This distribution aligns with the typical pattern observed in Microsoft’s February updates, marking a slight dip in the volume of fixes compared to the previous year, a trend that industry watchers are keen to monitor as 2024 progresses.
Major Vulnerabilities Patched This Month
Among the patched vulnerabilities, two were flagged as being actively exploited. However, specifics regarding their public disclosure status were not provided. Here are four important ones you might want to be aware of; a full list of all patches can be found at the end:
- CVE-2024-21412: A vulnerability in Internet Shortcut Files that bypasses security features, discovered by Peter Girnus and the ZDI Threat Hunting team. This bug, currently exploited to target forex traders with a remote access trojan via online forums, is expected to see wider exploitation now that it has been disclosed. Trend Micro has already implemented protective measures for its customers, but broader testing and deployment of this fix are advised.
- CVE-2024-21351: A SmartScreen security feature bypass vulnerability in Windows, resembling a previously exploited in-the-wild (ITW) bug. This flaw allows attackers to circumvent file origin checks by Windows Defender SmartScreen, potentially leading to unauthorized code execution. The extent of the attacks leveraging this vulnerability remains undisclosed, prompting a call to action for swift patch deployment.
- CVE-2024-21410: A critical elevation of privilege vulnerability in Microsoft Exchange Server, with a CVSS score of 9.8. This bug enables remote attackers to relay NTLM credentials and impersonate Exchange server users. The remedy involves not just the application of the patch but also ensuring that the Exchange Server 2019 Cumulative Update 14 (CU14) and Extended Protection for Authentication (EPA) are in place, with Microsoft offering additional guidance for Exchange administrators.
- CVE-2024-21413: A remote code execution vulnerability in Microsoft Office that allows attackers to bypass Protected View settings, potentially enabling code execution even in Preview Pane. This vulnerability, also rated with a CVSS score of 9.8, necessitates the installation of multiple updates for both 32-bit and 64-bit versions of Office 2016, with a recommendation to close all Office applications during the update process to avoid possible reboots.
Industry-Wide Security Updates
Beyond Microsoft, the tech industry has responded to vulnerabilities with critical updates. Adobe, for example, patched 29 vulnerabilities across six of its products, including Commerce, Acrobat and Reader. SAP released 16 Security Notes, with a critical code injection vulnerability in the SAP_ABA component marked as a high alert with a 9.1 CVSS score. Intel announced fixes for 79 vulnerabilities, though none were rated critical and appeared unexploited at the time of the announcement.
Cisco updated advisories for vulnerabilities rated up to 9.6 in severity that could allow unauthenticated, remote attacks. Meanwhile, AMD addressed multiple flaws across its products, including a vulnerability in the RSA authentication mechanism of its UltraScale and UltraScale+ FPGAs. Lastly, Google’s Android security bulletin addressed around 30 CVEs, with the most critical being a system component flaw enabling remote code execution without additional execution privileges.
This raft of security updates underscores the relentless efforts by hackers to exploit vulnerabilities in widely used systems and the continued vigilance and proactive responses required by software manufacturers and users alike to protect sensitive data and maintain system integrity.
Microsoft Patch Tuesday February 2024 Updates
| CVE | Title | Type | Severity | Exploited | CVSS |
| CVE-2024-21412 | Internet Shortcut Files Security Feature Bypass Vulnerability | SFB | Important | Yes | 8,1 |
| CVE-2024-21351 | Windows SmartScreen Security Feature Bypass Vulnerability | SFB | Moderate | Yes | 7,6 |
| CVE-2024-21380 | Microsoft Dynamics Business Central/NAV Information Disclosure Vulnerability | Info | Critical | No | 8 |
| CVE-2024-21410 † | Microsoft Exchange Server Elevation of Privilege Vulnerability | EoP | Critical | No | 9,8 |
| CVE-2024-21413 † | Microsoft Office Remote Code Execution Vulnerability | RCE | Critical | No | 9,8 |
| CVE-2024-20684 | Windows Hyper-V Denial of Service Vulnerability | DoS | Critical | No | 6,5 |
| CVE-2024-21357 | Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability | RCE | Critical | No | 7,5 |
| CVE-2024-21386 | .NET Denial of Service Vulnerability | DoS | Important | No | 7,5 |
| CVE-2024-21404 | .NET Denial of Service Vulnerability | DoS | Important | No | 7,5 |
| CVE-2024-21329 | Azure Connected Machine Agent Elevation of Privilege Vulnerability | EoP | Important | No | 7,3 |
| CVE-2024-20667 | Azure DevOps Server Remote Code Execution Vulnerability | RCE | Important | No | 7,5 |
| CVE-2024-20679 | Azure Stack Hub Spoofing Vulnerability | Spoofing | Important | No | 6,5 |
| CVE-2024-21394 | Dynamics 365 Field Service Spoofing Vulnerability | Spoofing | Important | No | 7,6 |
| CVE-2024-21396 | Dynamics 365 Sales Spoofing Vulnerability | Spoofing | Important | No | 7,6 |
| CVE-2024-21328 | Dynamics 365 Sales Spoofing Vulnerability | Spoofing | Important | No | 7,6 |
| CVE-2024-21348 | Internet Connection Sharing (ICS) Denial of Service Vulnerability | DoS | Important | No | 7,5 |
| CVE-2024-21349 | Microsoft ActiveX Data Objects Remote Code Execution Vulnerability | RCE | Important | No | 8,8 |
| CVE-2024-21381 † | Microsoft Azure Active Directory B2C Spoofing Vulnerability | Spoofing | Important | No | 6,8 |
| CVE-2024-21397 | Microsoft Azure File Sync Elevation of Privilege Vulnerability | EoP | Important | No | 5,3 |
| CVE-2024-21403 † | Microsoft Azure Kubernetes Service Confidential Container Elevation of Privilege Vulnerability | EoP | Important | No | 9 |
| CVE-2024-21376 † | Microsoft Azure Kubernetes Service Confidential Container Remote Code Execution Vulnerability | RCE | Important | No | 9 |
| CVE-2024-21315 | Microsoft Defender for Endpoint Protection Elevation of Privilege Vulnerability | EoP | Important | No | 7,8 |
| CVE-2024-21395 | Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | XSS | Important | No | 8,2 |
| CVE-2024-21389 | Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | XSS | Important | No | 7,6 |
| CVE-2024-21393 | Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | XSS | Important | No | 7,6 |
| CVE-2024-21327 | Microsoft Dynamics 365 Customer Engagement Cross-Site Scripting Vulnerability | XSS | Important | No | 7,6 |
| CVE-2024-21401 † | Microsoft Entra Jira Single-Sign-On Plugin Elevation of Privilege Vulnerability | EoP | Important | No | 9,8 |
| CVE-2024-21354 | Microsoft Message Queuing (MSMQ) Elevation of Privilege Vulnerability | EoP | Important | No | 7,8 |
| CVE-2024-21355 | Microsoft Message Queuing (MSMQ) Elevation of Privilege Vulnerability | EoP | Important | No | 7 |
| CVE-2024-21405 | Microsoft Message Queuing (MSMQ) Elevation of Privilege Vulnerability | EoP | Important | No | 7 |
| CVE-2024-21363 | Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability | RCE | Important | No | 7,8 |
| CVE-2024-21347 | Microsoft ODBC Driver Remote Code Execution Vulnerability | RCE | Important | No | 7,5 |
| CVE-2024-21384 | Microsoft Office OneNote Remote Code Execution Vulnerability | RCE | Important | No | 7,8 |
| CVE-2024-20673 † | Microsoft Office Remote Code Execution Vulnerability | RCE | Important | No | 7,8 |
| CVE-2024-21402 | Microsoft Outlook Elevation of Privilege Vulnerability | EoP | Important | No | 7,1 |
| CVE-2024-21378 | Microsoft Outlook Remote Code Execution Vulnerability | RCE | Important | No | 8 |
| CVE-2024-21374 | Microsoft Teams for Android Information Disclosure | Info | Important | No | 5 |
| CVE-2024-21353 | Microsoft WDAC ODBC Driver Remote Code Execution Vulnerability | RCE | Important | No | 8,8 |
| CVE-2024-21350 | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | RCE | Important | No | 8,8 |
| CVE-2024-21352 | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | RCE | Important | No | 8,8 |
| CVE-2024-21358 | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | RCE | Important | No | 8,8 |
| CVE-2024-21360 | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | RCE | Important | No | 8,8 |
| CVE-2024-21361 | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | RCE | Important | No | 8,8 |
| CVE-2024-21366 | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | RCE | Important | No | 8,8 |
| CVE-2024-21369 | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | RCE | Important | No | 8,8 |
| CVE-2024-21375 | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | RCE | Important | No | 8,8 |
| CVE-2024-21420 | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | RCE | Important | No | 8,8 |
| CVE-2024-21359 | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | RCE | Important | No | 8,8 |
| CVE-2024-21365 | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | RCE | Important | No | 8,8 |
| CVE-2024-21367 | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | RCE | Important | No | 8,8 |
| CVE-2024-21368 | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | RCE | Important | No | 8,8 |
| CVE-2024-21370 | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | RCE | Important | No | 8,8 |
| CVE-2024-21391 | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | RCE | Important | No | 8,8 |
| CVE-2024-21379 | Microsoft Word Remote Code Execution Vulnerability | RCE | Important | No | 7,8 |
| CVE-2023-50387 * | MITRE: CVE-2023-50387 DNS RRSIGs and DNSKEYs validation can be abused to remotely consume DNS server resources | DoS | Important | No | N/A |
| CVE-2024-20695 | Skype for Business Information Disclosure Vulnerability | Info | Important | No | 5,7 |
| CVE-2024-21304 | Trusted Compute Base Security Feature Bypass Vulnerability | SFB | Important | No | 4,1 |
| CVE-2024-21346 | Win32k Elevation of Privilege Vulnerability | EoP | Important | No | 7,8 |
| CVE-2024-21406 | Windows Device Metadata Retrieval Client (DMRC) Spoofing Vulnerability | Spoofing | Important | No | 7,5 |
| CVE-2024-21342 | Windows DNS Client Denial of Service Vulnerability | DoS | Important | No | 7,5 |
| CVE-2024-21377 | Windows DNS Information Disclosure Vulnerability | Info | Important | No | 7,1 |
| CVE-2024-21345 | Windows Kernel Elevation of Privilege Vulnerability | EoP | Important | No | 8,8 |
| CVE-2024-21338 | Windows Kernel Elevation of Privilege Vulnerability | EoP | Important | No | 7,8 |
| CVE-2024-21371 | Windows Kernel Elevation of Privilege Vulnerability | EoP | Important | No | 7 |
| CVE-2024-21340 | Windows Kernel Information Disclosure Vulnerability | Info | Important | No | 4,6 |
| CVE-2024-21341 | Windows Kernel Remote Code Execution Vulnerability | RCE | Important | No | 6,8 |
| CVE-2024-21362 | Windows Kernel Security Feature Bypass Vulnerability | SFB | Important | No | 5,5 |
| CVE-2024-21356 | Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability | DoS | Important | No | 6,5 |
| CVE-2024-21343 | Windows Network Address Translation (NAT) Denial of Service Vulnerability | DoS | Important | No | 5,9 |
| CVE-2024-21344 | Windows Network Address Translation (NAT) Denial of Service Vulnerability | DoS | Important | No | 5,9 |
| CVE-2024-21372 | Windows OLE Remote Code Execution Vulnerability | RCE | Important | No | 8,8 |
| CVE-2024-21339 | Windows USB Generic Parent Driver Remote Code Execution Vulnerability | RCE | Important | No | 6,4 |
| CVE-2024-21364 | Microsoft Azure Site Recovery Elevation of Privilege Vulnerability | EoP | Moderate | No | 9,3 |
| CVE-2024-21399 | Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability | RCE | Moderate | No | 8,3 |
| CVE-2024-1059 * | Chromium: CVE-2024-1059 Use after free in WebRTC | RCE | High | No | N/A |
| CVE-2024-1060 * | Chromium: CVE-2024-1060 Use after free in Canvas | RCE | High | No | N/A |
| CVE-2024-1077 * | Chromium: CVE-2024-1077 Use after free in Network | RCE | High | No | N/A |
| CVE-2024-1283 * | Chromium: CVE-2024-1283: Heap buffer overflow in Skia | RCE | High | No | N/A |
| CVE-2024-1284 * | Chromium: CVE-2024-1284: Use after free in Mojo | RCE | High | No | N/A |
| * Indicates this CVE had been released by a third party and is now being included in Microsoft releases. | |||||
| † Indicates further administrative actions are required to fully address the vulnerability. | |||||
