Patch Tuesday: 5 critical CVEs, 2 zero-day vulnerabilities

Microsoft released the February Patch Tuesday, addressing 73 CVEs, including five critical-severity vulnerabilities and two zero-day vulnerabilities already known to be exploited in the wild (included on the CISA KEV list). Additionally, Microsoft has published information on six non-Microsoft CVEs that include vulnerabilities in Microsoft Edge (Chromium-based).

Let’s take a closer look at the most interesting updates for this month. 

‍Notable Critical Microsoft Vulnerabilities

 ⭕ Critical |Microsoft Exchange Server Elevation of Privilege Vulnerability

• CVE-2024-21410 is a security flaw in Microsoft Exchange Server, categorized as an EoP (Elevation of Privilege) threat, with a CVSS score of 9.8. This vulnerability allows an attacker to leverage a compromised Net-NTLMv2 hash and authenticate on the server. Exploiting this flaw could enable unauthorized individuals to decipher Net-NTLM hashes or initiate an NTLM relay assault. Prior to the release of Exchange Server 2019 Cumulative Update 14 (CU14), a crucial security feature known as Extended Protection for Authentication (EPA) was not enabled by default, leaving servers vulnerable to specific types of attacks involving stolen user credentials. Microsoft now offers a tool called the "Exchange Server Health Checker script" which provides a clear overview of your server's security settings, including the EPA status.    

⭕ Critical | Microsoft Outlook Remote Code Execution Vulnerability

• CVE-2024-21413 affects Microsoft Outlook and is categorized as RCE (Remote Code Execution) vulnerability, with a CVSS score of 9.8. In order to exploit this flaw, an attacker must distribute a malicious crafted code/link that bypasses the security feature. Such an action can lead to the exposure of credentials and permit remote code execution, allowing attackers to access and manipulate systems with privileged capabilities.

⭕ Critical | Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability

• CVE-2024-21357 affects Windows Pragmatic General Multicast (PGM) network transport protocol and has a CVSS score of 7.6. The attack against this flaw requires complexity due to additional actions an attacker must take before successful exploitation. The scope of exploitation is limited within the same network or virtual networks connected.  

⭕ Critical | Windows Hyper-V Denial of Service Vulnerability

• CVE-2024-20684 affects Hyper-V and is categorized as a DoS (Denial of Service) vulnerability, with a CVSS score of 6.5. Successful exploitation of this flaw could enable an attacker to gain access to the Hyper-V host. Microsoft considers the likelihood of exploitation to be lower because it requires a local denial of service attack.

Actively Exploited-in-the-Wild Vulnerabilities Patched in February Patch Tuesday

⭕ Important | Internet Shortcut Files Security Feature Bypass Vulnerability

• CVE-2024-21412 is an actively exploited Internet Shortcut File flaw that could bypass the MoTW (Mark of the Web) warning in Windows OS, which usually alerts users with messages like “files from the internet can potentially harm your computer”. To exploit this vulnerability, an attacker would need to persuade an user to click on a specially crafted file designed to bypass the displayed security checks. 

⭕ Moderate | Windows SmartScreen Security Feature Bypass Vulnerability

• CVE-2024-21351 is identified as a flaw that allows the bypass of Windows SmartScreen’s security features, which can lead to partial data exposure or issues with system availability. An attacker would need to persuade a user to open a malicious file that could bypass SmartScreen and may allow for code execution.
  

Runecast protects you against all of these vulnerabilities

Runecast covers 44 vulnerabilities that specifically affect Windows operating systems, all mentioned below: