Microsoft’s February 2024 Patch Tuesday is already a fact, bringing forth a number of security updates. This month’s release addresses a total of 73 flaws, with a particular focus on tackling two actively exploited zero-day vulnerabilities that have been causing concern among cybersecurity experts and users alike.
Microsoft Patch Tuesday February 2024: What Has Been Fixed?
Among the 73 flaws addressed, five have been classified as critical, encompassing a range of vulnerabilities including denial of service, remote code execution, information disclosure, elevation of privileges, and security feature bypass vulnerabilities. These vulnerabilities span across various facets of the Windows operating system, highlighting the importance of promptly applying the latest updates to safeguard against potential exploits.
CVE-2024-21351 Zero-Day
Of notable concern are the two zero-day vulnerabilities that have been actively targeted by threat actors. The first, identified as CVE-2024-21351, pertains to a Windows SmartScreen Security Feature Bypass Vulnerability. This flaw enables attackers to circumvent SmartScreen security checks, potentially leading to the execution of malicious code. Although the exact methods of exploitation remain undisclosed, Microsoft emphasizes the necessity for users to exercise caution when handling suspicious files.
CVE-2024-21412
The second zero-day, CVE-2024-21412, revolves around an Internet Shortcut Files Security Feature Bypass Vulnerability. Exploiting this flaw allows threat actors to bypass Mark of the Web (MoTW) warnings in Windows, paving the way for the dissemination of malicious content. Interestingly, this vulnerability has been actively leveraged by the APT group DarkCasino (Water Hydra) in targeted campaigns against financial traders, as detailed in a report by security researcher Peter Girnus.
Five Critical Flaws Also Patched
Microsoft’s latest patch release also addresses five critical flaws, each posing significant risks to system security. Among them, CVE-2024-21410 stands out as an elevation of privilege vulnerability in Microsoft Exchange Server, highlighted by Satnam Narang, senior staff research engineer at Tenable. Narang emphasizes the heightened exploitation potential of this flaw, particularly concerning the disclosure of Net-New Technology LAN Manager (NTLM) version 2 hash, enabling attackers to authenticate as targeted users. This vulnerability underscores the importance of promptly applying security updates to mitigate potential risks.
Additional 15 remote code execution flaws within Microsoft WDAC OLE DB provider for SQL Server were fixed as well. These vulnerabilities could be exploited by tricking authenticated users into connecting to malicious SQL servers via OLEDB, posing substantial threats to system integrity and data security. Such vulnerabilities underscore the importance of user awareness and cautious handling of system interactions to prevent exploitation by malicious actors.
Furthermore, CVE-2023-50387 was also addressed in February 2024 Patch Tuesday- a long-standing design flaw in the DNSSEC specification, dubbed KeyTrap by the National Research Center for Applied Cybersecurity (ATHENE) in Darmstadt. This flaw, existing for over two decades, can be leveraged to exhaust CPU resources and disrupt DNS resolvers, leading to denial-of-service (DoS) conditions. The severity of this vulnerability is exemplified by its capability to stall widely used DNS implementations and public DNS providers, such as Google Public DNS and Cloudflare, for extended periods, highlighting the critical need for proactive mitigation strategies and timely patch application.
Milena Dimitrova
An inspired writer and content manager who has been with SensorsTechForum since the project started. A professional with 10+ years of experience in creating engaging content. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles! Follow Milena @Milenyim
Follow Me: