May 17, 2024

Microsoft has released patches for 73 CVEs in its February Patch Tuesday release, with five rated critical, 66 rated as important and two rated as moderate.

Windows SmartScreen Security Feature Bypass Vulnerability

CVE-2024-21351 is a security feature bypass vulnerability in Windows SmartScreen. It was assigned a CVSSv3 score of 7.6 and is rated moderate. An attacker could exploit this vulnerability by convincing a target to open a malicious file. Successful exploitation would bypass SmartScreen security features. According to Microsoft, this vulnerability has been exploited in the wild as a zero-day, though no specific details about exploitation were available at the time this blog was published.

Internet Shortcut Files Security Feature Bypass Vulnerability

CVE-2024-21412 is a security feature bypass in Internet Shortcut Files. It was assigned a CVSSv3 score of 8.1 and is rated important. Exploitation of this flaw requires an attacker to convince their intended target to open a malicious Internet Shortcut File using social engineering. This vulnerability was exploited in the wild as a zero-day. No specific details about this zero-day vulnerability were available at the time of the February Patch Tuesday release.

Microsoft Exchange Server Elevation of Privilege Vulnerability

CVE-2024-21410 is a critical EoP vulnerability with a CVSSv3 score of 9.8 and is rated Exploitation More Likely. Successful exploitation of this flaw would allow an attacker to relay a New Technology LAN Manager Version 2 (NTLMv2) hash against a vulnerable server. NTLM hashes could be abused in NTLM relay or pass-the-hash attacks to further an attacker’s foothold into an organization.

According to Microsoft, Exchange Server 2019 Cumulative Update 14 and prior did not enable NTLM credentials Relay Protections by default. Microsoft’s advisory provides a link to a script to enable the protection and recommends installing the latest cumulative update, even if the script to enable the NTLM credentials Relay Protections has been run.

Microsoft Outlook Remote Code Execution Vulnerability

CVE-2024-21378 is a RCE vulnerability affecting Microsoft Outlook. This flaw is rated as “Exploitation More Likely” and was assigned a CVSSv3 score of 8.0. To exploit this flaw, an attacker would need to be authenticated with LAN-access and have a valid login for an Exchange user. If the attacker meets those requirements, they will then have to send their maliciously crafted file to a user and entice them to open it. According to Microsoft, the preview pane is an attack vector, meaning that simply previewing a specially crafted file can cause the exploit to trigger.

Windows Kernel Elevation of Privilege Vulnerability

CVE-2024-21338, CVE-2024-21345 and CVE-2024-21371 are EoP vulnerabilities affecting the Windows Kernel. The vulnerabilities were each given different CVSSv3 scores varying from 8.8 for CVE-2024-21345 to 7.0 for CVE-2024-21371 with each rated as “Exploitation More Likely.” An attacker could exploit these vulnerabilities as part of post-compromise activity to elevate privileges to SYSTEM.

In addition to these EoP vulnerabilities, three additional Windows Kernel vulnerabilities were patched this month: CVE-2024-21340, CVE-2024-21341, CVE-2024-21362

Microsoft patch Tuesday Summary

CVE IDCVE TitleSeverity
CVE-2024-21380Microsoft Dynamics Business Central/NAV Information Disclosure VulnerabilityCritical
CVE-2024-21410Microsoft Exchange Server Elevation of Privilege VulnerabilityCritical
CVE-2024-21413Microsoft Outlook Remote Code Execution VulnerabilityCritical
CVE-2024-20684Windows Hyper-V Denial of Service VulnerabilityCritical
CVE-2024-21357Windows Pragmatic General Multicast (PGM) Remote Code Execution VulnerabilityCritical
CVE-2024-21386.NET Denial of Service VulnerabilityImportant
CVE-2024-21404.NET Denial of Service VulnerabilityImportant
CVE-2024-21401Microsoft Entra Jira Single-Sign-On Plugin Elevation of Privilege VulnerabilityImportant
CVE-2024-21381Microsoft Azure Active Directory B2C Spoofing VulnerabilityImportant
CVE-2024-21329Azure Connected Machine Agent Elevation of Privilege VulnerabilityImportant
CVE-2024-20667Azure DevOps Server Remote Code Execution VulnerabilityImportant
CVE-2024-21397Microsoft Azure File Sync Elevation of Privilege VulnerabilityImportant
CVE-2024-20679Azure Stack Hub Spoofing VulnerabilityImportant
CVE-2024-21412Internet Shortcut Files Security Feature Bypass VulnerabilityImportant
CVE-2024-21349Microsoft ActiveX Data Objects Remote Code Execution VulnerabilityImportant
CVE-2024-21403Microsoft Azure Kubernetes Service Confidential Container Elevation of Privilege VulnerabilityImportant
CVE-2024-21376Microsoft Azure Kubernetes Service Confidential Container Remote Code Execution VulnerabilityImportant
CVE-2024-21315Microsoft Defender for Endpoint Protection Elevation of Privilege VulnerabilityImportant
CVE-2024-21393Microsoft Dynamics 365 (on-premises) Cross-site Scripting VulnerabilityImportant
CVE-2024-21389Microsoft Dynamics 365 (on-premises) Cross-site Scripting VulnerabilityImportant
CVE-2024-21395Microsoft Dynamics 365 (on-premises) Cross-site Scripting VulnerabilityImportant
CVE-2024-21328Dynamics 365 Sales Spoofing VulnerabilityImportant
CVE-2024-21394Dynamics 365 Field Service Spoofing VulnerabilityImportant
CVE-2024-21396Dynamics 365 Sales Spoofing VulnerabilityImportant
CVE-2024-21327Microsoft Dynamics 365 Customer Engagement Cross-Site Scripting VulnerabilityImportant
CVE-2024-20673Microsoft Office Remote Code Execution VulnerabilityImportant
CVE-2024-21384Microsoft Office OneNote Remote Code Execution VulnerabilityImportant
CVE-2024-21378Microsoft Outlook Remote Code Execution VulnerabilityImportant
CVE-2024-21402Microsoft Outlook Elevation of Privilege VulnerabilityImportant
CVE-2024-21379Microsoft Word Remote Code Execution VulnerabilityImportant
CVE-2024-21374Microsoft Teams for Android Information DisclosureImportant
CVE-2024-21353Microsoft WDAC ODBC Driver Remote Code Execution VulnerabilityImportant
CVE-2024-21370Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution VulnerabilityImportant
CVE-2024-21350Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution VulnerabilityImportant
CVE-2024-21368Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution VulnerabilityImportant
CVE-2024-21359Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution VulnerabilityImportant
CVE-2024-21365Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution VulnerabilityImportant
CVE-2024-21367Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution VulnerabilityImportant
CVE-2024-21420Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution VulnerabilityImportant
CVE-2024-21366Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution VulnerabilityImportant
CVE-2024-21369Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution VulnerabilityImportant
CVE-2024-21375Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution VulnerabilityImportant
CVE-2024-21361Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution VulnerabilityImportant
CVE-2024-21358Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution VulnerabilityImportant
CVE-2024-21391Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution VulnerabilityImportant
CVE-2024-21360Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution VulnerabilityImportant
CVE-2024-21352Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution VulnerabilityImportant
CVE-2024-21406Windows Printing Service Spoofing VulnerabilityImportant
CVE-2024-21377Windows DNS Information Disclosure VulnerabilityImportant
CVE-2023-50387MITRE: CVE-2023-50387 DNSSEC verification complexity can be exploited to exhaust CPU resources and stall DNS resolversImportant
CVE-2024-21342Windows DNS Client Denial of Service VulnerabilityImportant
CVE-2024-20695Skype for Business Information Disclosure VulnerabilityImportant
CVE-2024-21347Microsoft ODBC Driver Remote Code Execution VulnerabilityImportant
CVE-2024-21304Trusted Compute Base Elevation of Privilege VulnerabilityImportant
CVE-2024-21343Windows Network Address Translation (NAT) Denial of Service VulnerabilityImportant
CVE-2024-21348Internet Connection Sharing (ICS) Denial of Service VulnerabilityImportant
CVE-2024-21344Windows Network Address Translation (NAT) Denial of Service VulnerabilityImportant
CVE-2024-21371Windows Kernel Elevation of Privilege VulnerabilityImportant
CVE-2024-21338Windows Kernel Elevation of Privilege VulnerabilityImportant
CVE-2024-21341Windows Kernel Remote Code Execution VulnerabilityImportant
CVE-2024-21345Windows Kernel Elevation of Privilege VulnerabilityImportant
CVE-2024-21362Windows Kernel Security Feature Bypass VulnerabilityImportant
CVE-2024-21340Windows Kernel Information Disclosure VulnerabilityImportant
CVE-2024-21356Windows Lightweight Directory Access Protocol (LDAP) Denial of Service VulnerabilityImportant
CVE-2024-21363Microsoft Message Queuing (MSMQ) Remote Code Execution VulnerabilityImportant
CVE-2024-21355Microsoft Message Queuing (MSMQ) Elevation of Privilege VulnerabilityImportant
CVE-2024-21405Microsoft Message Queuing (MSMQ) Elevation of Privilege VulnerabilityImportant
CVE-2024-21354Microsoft Message Queuing (MSMQ) Elevation of Privilege VulnerabilityImportant
CVE-2024-21372Windows OLE Remote Code Execution VulnerabilityImportant
CVE-2024-21339Windows USB Generic Parent Driver Remote Code Execution VulnerabilityImportant
CVE-2024-21346Win32k Elevation of Privilege VulnerabilityImportant
CVE-2024-21364Microsoft Azure Site Recovery Elevation of Privilege VulnerabilityModerate
CVE-2024-21351Windows SmartScreen Security Feature Bypass VulnerabilityModerate
Tags:

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

You may have missed

CISA KEV Update – May 2024

May 17, 2024

Google fixes 2nd Zeroday in a Week – CVE-2024-4947

May 16, 2024

US Authorities took control of BreachForums

May 16, 2024

Microsoft Zeroday Bug CVE-2024-30051 exploited to install QakBot

May 15, 2024

Microsoft Patch Tuesday – May 2024

May 15, 2024

VMware fixes vulnerabilities exploited in Pwn2Own Vancouver

May 14, 2024

Discover more from TheCyberThrone

Subscribe now to keep reading and get access to the full archive.

Continue reading