Skip to content

Microsoft addresses 2 zero-days and 5 critical flaws in the latest Patch Tuesday

  • by
  • 3 min read

Microsoft has rolled out its Patch Tuesday updates for February 2024, targeting a total of 73 vulnerabilities across its diverse software spectrum. The update encompasses fixes for five critical, 65 important, and three moderate severity issues.

Additionally, 24 flaws identified in the Chromium-based Edge browser since January 24 Patch Tuesday updates have also been addressed.

Among the array of vulnerabilities tackled by Microsoft, the most critical focus lies on two zero-days that have actively been exploited:

  • Windows SmartScreen security feature bypass vulnerability (CVE-2024-21351): By exploiting this vulnerability, threat actors can bypass SmartScreen security checks. With a CVSS score of 7.6, this flaw allows an authorised attacker to inject code into the SmartScreen, potentially leading to code execution and posing risks of data exposure or system unavailability. To start the attack process, the attacker sends a malicious file to the victim which the latter has to open.
  • Internet shortcut files security feature bypass vulnerability (CVE-2024-21412): Another zero-day vulnerability with a CVSS score of 8.1 was patched in this series of updates. This flaw allows an attacker to bypass displayed security checks. Here, the attacker must send a specially crafted file to the targeted user. However, there is no capability to force the user to view the content; instead, convincing them to take action is pivotal.

The second flaw was discovered by Peter Girnus of Trend Micro and was used by the DarkCasino aka Water Hydra threat actor group.

What is a Zero-day exploit and how to protect against it?

The five critical flaws fixed by Microsoft include beyond the two zero-days:

  • CVE-2024-20684: Windows Hyper-V Denial of Service Vulnerability
  • CVE-2024-21357: Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability
  • CVE-2024-21380: Microsoft Dynamics Business Central/NAV Information Disclosure Vulnerability
  • CVE-2024-21410: Microsoft Exchange Server Elevation of Privilege Vulnerability
  • CVE-2024-21413: Microsoft Outlook Remote Code Execution Vulnerability

Of particular note is CVE-2024-21410 in Microsoft Exchange Server, posing a heightened risk of exploitation, potentially leading to the disclosure of a targeted user’s Net-New Technology LAN Manager (NTLM) version 2 hash.

Furthermore, the security updates tackle 15 remote code execution flaws in Microsoft WDAC OLE DB provider for SQL Server and address CVE-2023-50387, a design flaw in the DNSSEC specification known as KeyTrap, causing denial-of-service (DoS) by exhausting CPU resources in DNS resolvers.

The US Cybersecurity and Infrastructure Security Agency (CISA) has urged federal agencies to apply the updates to fix the two zero-days by March 5.

In the News: OpenAI tests memory feature that allows AI to retain information

Kumar Hemant

Deputy Editor at Candid.Technology. Hemant writes at the intersection of tech and culture and has a keen interest in science, social issues and international relations. You can contact him here: kumarhemant@pm.me

>
Exit mobile version