Microsoft Patch Tuesday for February 2024 fixed 2 actively exploited 0-days


Microsoft Patch Tuesday for February 2024 fixed 2 actively exploited 0-days

Pierluigi Paganini
February 14, 2024

Microsoft Patch Tuesday security updates for February 2024 addressed 72 flaws, two of which are actively exploited in the wild.

Microsoft Patch Tuesday security updates for February 2024 resolved a total of 72 vulnerabilities, including two actively exploited zero-days.

The vulnerabilities affect Microsoft Windows and Windows Components; Office and Office Components; Azure; .NET Framework and ASP.NET; SQL Server; Windows Hyper-V; and Microsoft Dynamics.

Five vulnerabilities are rated Critical, 65 are rated Important, and two are rated Moderate in severity.

The two flaws actively exploited are:

CVE-2024-21412 (CVSS score 8.1) – Internet Shortcut Files Security Feature Bypass Vulnerability. An unauthenticated attacker can trigger the flaw by sending the victim a specially crafted file that is designed to bypass displayed security checks. The attacker has to trick the victims into clicking the file link. The flaw was reported by:

CVE-2024-21351 (CVSS score 7.6) – Windows SmartScreen Security Feature Bypass Vulnerability. An authorized attacker can trigger the flaw to bypass the SmartScreen user experience. The attacker can exploit the vulnerability by sending a malicious file to the user and convincing him to open it.

Below is the list of the critical flaws fixed by Microsoft Patch Tuesday security updates for February 2024.

Patch Tuesday February 2024

As usual the ZDI has published the full list of CVEs released by Microsoft for February 2024 here:

https://www.zerodayinitiative.com/blog/2024/2/13/the-february-2024-security-update-review

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – ransomware, Patch Tuesday) 







Source link