Microsoft has released patches for 73 CVEs in its February Patch Tuesday release, with five rated critical, 66 rated as important and two rated as moderate.
Windows SmartScreen Security Feature Bypass Vulnerability
CVE-2024-21351 is a security feature bypass vulnerability in Windows SmartScreen. It was assigned a CVSSv3 score of 7.6 and is rated moderate. An attacker could exploit this vulnerability by convincing a target to open a malicious file. Successful exploitation would bypass SmartScreen security features. According to Microsoft, this vulnerability has been exploited in the wild as a zero-day, though no specific details about exploitation were available at the time this blog was published.
Internet Shortcut Files Security Feature Bypass Vulnerability
CVE-2024-21412 is a security feature bypass in Internet Shortcut Files. It was assigned a CVSSv3 score of 8.1 and is rated important. Exploitation of this flaw requires an attacker to convince their intended target to open a malicious Internet Shortcut File using social engineering. This vulnerability was exploited in the wild as a zero-day. No specific details about this zero-day vulnerability were available at the time of the February Patch Tuesday release.
Microsoft Exchange Server Elevation of Privilege Vulnerability
CVE-2024-21410 is a critical EoP vulnerability with a CVSSv3 score of 9.8 and is rated Exploitation More Likely. Successful exploitation of this flaw would allow an attacker to relay a New Technology LAN Manager Version 2 (NTLMv2) hash against a vulnerable server. NTLM hashes could be abused in NTLM relay or pass-the-hash attacks to further an attacker’s foothold into an organization.
According to Microsoft, Exchange Server 2019 Cumulative Update 14 and prior did not enable NTLM credentials Relay Protections by default. Microsoft’s advisory provides a link to a script to enable the protection and recommends installing the latest cumulative update, even if the script to enable the NTLM credentials Relay Protections has been run.
Microsoft Outlook Remote Code Execution Vulnerability
CVE-2024-21378 is a RCE vulnerability affecting Microsoft Outlook. This flaw is rated as “Exploitation More Likely” and was assigned a CVSSv3 score of 8.0. To exploit this flaw, an attacker would need to be authenticated with LAN-access and have a valid login for an Exchange user. If the attacker meets those requirements, they will then have to send their maliciously crafted file to a user and entice them to open it. According to Microsoft, the preview pane is an attack vector, meaning that simply previewing a specially crafted file can cause the exploit to trigger.
Windows Kernel Elevation of Privilege Vulnerability
CVE-2024-21338, CVE-2024-21345 and CVE-2024-21371 are EoP vulnerabilities affecting the Windows Kernel. The vulnerabilities were each given different CVSSv3 scores varying from 8.8 for CVE-2024-21345 to 7.0 for CVE-2024-21371 with each rated as “Exploitation More Likely.” An attacker could exploit these vulnerabilities as part of post-compromise activity to elevate privileges to SYSTEM.
In addition to these EoP vulnerabilities, three additional Windows Kernel vulnerabilities were patched this month: CVE-2024-21340, CVE-2024-21341, CVE-2024-21362
Microsoft patch Tuesday Summary
CVE ID | CVE Title | Severity |
CVE-2024-21380 | Microsoft Dynamics Business Central/NAV Information Disclosure Vulnerability | Critical |
CVE-2024-21410 | Microsoft Exchange Server Elevation of Privilege Vulnerability | Critical |
CVE-2024-21413 | Microsoft Outlook Remote Code Execution Vulnerability | Critical |
CVE-2024-20684 | Windows Hyper-V Denial of Service Vulnerability | Critical |
CVE-2024-21357 | Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability | Critical |
CVE-2024-21386 | .NET Denial of Service Vulnerability | Important |
CVE-2024-21404 | .NET Denial of Service Vulnerability | Important |
CVE-2024-21401 | Microsoft Entra Jira Single-Sign-On Plugin Elevation of Privilege Vulnerability | Important |
CVE-2024-21381 | Microsoft Azure Active Directory B2C Spoofing Vulnerability | Important |
CVE-2024-21329 | Azure Connected Machine Agent Elevation of Privilege Vulnerability | Important |
CVE-2024-20667 | Azure DevOps Server Remote Code Execution Vulnerability | Important |
CVE-2024-21397 | Microsoft Azure File Sync Elevation of Privilege Vulnerability | Important |
CVE-2024-20679 | Azure Stack Hub Spoofing Vulnerability | Important |
CVE-2024-21412 | Internet Shortcut Files Security Feature Bypass Vulnerability | Important |
CVE-2024-21349 | Microsoft ActiveX Data Objects Remote Code Execution Vulnerability | Important |
CVE-2024-21403 | Microsoft Azure Kubernetes Service Confidential Container Elevation of Privilege Vulnerability | Important |
CVE-2024-21376 | Microsoft Azure Kubernetes Service Confidential Container Remote Code Execution Vulnerability | Important |
CVE-2024-21315 | Microsoft Defender for Endpoint Protection Elevation of Privilege Vulnerability | Important |
CVE-2024-21393 | Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | Important |
CVE-2024-21389 | Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | Important |
CVE-2024-21395 | Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | Important |
CVE-2024-21328 | Dynamics 365 Sales Spoofing Vulnerability | Important |
CVE-2024-21394 | Dynamics 365 Field Service Spoofing Vulnerability | Important |
CVE-2024-21396 | Dynamics 365 Sales Spoofing Vulnerability | Important |
CVE-2024-21327 | Microsoft Dynamics 365 Customer Engagement Cross-Site Scripting Vulnerability | Important |
CVE-2024-20673 | Microsoft Office Remote Code Execution Vulnerability | Important |
CVE-2024-21384 | Microsoft Office OneNote Remote Code Execution Vulnerability | Important |
CVE-2024-21378 | Microsoft Outlook Remote Code Execution Vulnerability | Important |
CVE-2024-21402 | Microsoft Outlook Elevation of Privilege Vulnerability | Important |
CVE-2024-21379 | Microsoft Word Remote Code Execution Vulnerability | Important |
CVE-2024-21374 | Microsoft Teams for Android Information Disclosure | Important |
CVE-2024-21353 | Microsoft WDAC ODBC Driver Remote Code Execution Vulnerability | Important |
CVE-2024-21370 | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | Important |
CVE-2024-21350 | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | Important |
CVE-2024-21368 | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | Important |
CVE-2024-21359 | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | Important |
CVE-2024-21365 | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | Important |
CVE-2024-21367 | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | Important |
CVE-2024-21420 | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | Important |
CVE-2024-21366 | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | Important |
CVE-2024-21369 | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | Important |
CVE-2024-21375 | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | Important |
CVE-2024-21361 | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | Important |
CVE-2024-21358 | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | Important |
CVE-2024-21391 | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | Important |
CVE-2024-21360 | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | Important |
CVE-2024-21352 | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | Important |
CVE-2024-21406 | Windows Printing Service Spoofing Vulnerability | Important |
CVE-2024-21377 | Windows DNS Information Disclosure Vulnerability | Important |
CVE-2023-50387 | MITRE: CVE-2023-50387 DNSSEC verification complexity can be exploited to exhaust CPU resources and stall DNS resolvers | Important |
CVE-2024-21342 | Windows DNS Client Denial of Service Vulnerability | Important |
CVE-2024-20695 | Skype for Business Information Disclosure Vulnerability | Important |
CVE-2024-21347 | Microsoft ODBC Driver Remote Code Execution Vulnerability | Important |
CVE-2024-21304 | Trusted Compute Base Elevation of Privilege Vulnerability | Important |
CVE-2024-21343 | Windows Network Address Translation (NAT) Denial of Service Vulnerability | Important |
CVE-2024-21348 | Internet Connection Sharing (ICS) Denial of Service Vulnerability | Important |
CVE-2024-21344 | Windows Network Address Translation (NAT) Denial of Service Vulnerability | Important |
CVE-2024-21371 | Windows Kernel Elevation of Privilege Vulnerability | Important |
CVE-2024-21338 | Windows Kernel Elevation of Privilege Vulnerability | Important |
CVE-2024-21341 | Windows Kernel Remote Code Execution Vulnerability | Important |
CVE-2024-21345 | Windows Kernel Elevation of Privilege Vulnerability | Important |
CVE-2024-21362 | Windows Kernel Security Feature Bypass Vulnerability | Important |
CVE-2024-21340 | Windows Kernel Information Disclosure Vulnerability | Important |
CVE-2024-21356 | Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability | Important |
CVE-2024-21363 | Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability | Important |
CVE-2024-21355 | Microsoft Message Queuing (MSMQ) Elevation of Privilege Vulnerability | Important |
CVE-2024-21405 | Microsoft Message Queuing (MSMQ) Elevation of Privilege Vulnerability | Important |
CVE-2024-21354 | Microsoft Message Queuing (MSMQ) Elevation of Privilege Vulnerability | Important |
CVE-2024-21372 | Windows OLE Remote Code Execution Vulnerability | Important |
CVE-2024-21339 | Windows USB Generic Parent Driver Remote Code Execution Vulnerability | Important |
CVE-2024-21346 | Win32k Elevation of Privilege Vulnerability | Important |
CVE-2024-21364 | Microsoft Azure Site Recovery Elevation of Privilege Vulnerability | Moderate |
CVE-2024-21351 | Windows SmartScreen Security Feature Bypass Vulnerability | Moderate |