Patch Tuesday – February 2024

Home / Threat Intelligence bulletins / Patch Tuesday - February 2024

Target Industry

Indiscriminate, opportunistic targeting.

Overview

Microsoft Patch Tuesday for February 2024: Two zero-day flaws and thirty remote code execution (RCE) vulnerabilities were remediated as a part of the 73 total security issues addressed by Microsoft. To summarise, the security updates address the following vulnerabilities:

  • 16 Elevation of Privilege Vulnerabilities
  • 3 Security Feature Bypass Vulnerabilities
  • 30 Remote Code Execution Vulnerabilities
  • 5 Information Disclosure Vulnerabilities
  • 9 Denial of Service Vulnerabilities
  • 10 Spoofing Vulnerabilities.

The zero-day vulnerabilities pertain to two security feature bypass vulnerabilities found within Windows Smart Screen and Internet Shortcut Files. These have been tracked as CVE-2024-21351 (CVSSv3 score: 7.6) and CVE-2024-21412 (CVSSv3 score: 8.1)respectively. The relevant security update should be applied as a matter of urgency where possible.

A critical severity (CVSSv3 score: 9.8) elevation of privilege vulnerability has been remediated within the Microsoft Exchange Server. This vulnerability has been tracked as CVE-2024-21410. To exploit this vulnerability a threat actor needs to target an NTLM client like Microsoft Outlook.

A critical severity vulnerability (CVSSv3 score: 9.8) RCE vulnerability has been remediated within Microsoft Outlook. This vulnerability is being tracked as CVE-2023-35630. A threat actor can exploit this vulnerability with a malicious link.

A critical severity (CVSSv3 score: 6.5) denial of service vulnerability has been remediated within the Windows Hyper-V. This vulnerability is being tracked as CVE-2024-20684. So far, no Proof-of-Concept (POC) or exploitation mechanism has been disclosed.

Impact

Successful exploitation of CVE-2024-21410 could allow an attacker to gain control over the Exchange Server via a Net-NTLMv2 relay attack.

Successful exploitation of CVE-2024-21413 could allow an attacker to leak NTLM hashes and perform RCE attacks.

Successful exploitation of CVE-2024-20684 would disrupt the service of platforms operating on Hyper-V.

In summary, exploitation of the vulnerabilities outlined above could lead to a total loss of confidentiality, availability, and integrity of data.

Vulnerability Detection

Security patches for these vulnerabilities have been released by Microsoft. Previous product versions therefore remain vulnerable to potential exploitation.

Affected Products

A full list of the affected products pertaining to the February 2024 Patch Tuesday can be found on the Microsoft February 2024 Security Update page.

Containment, Mitigations & Remediations

It is strongly recommended that the relevant security patches are applied to the respective Microsoft products as soon as possible. The patches can be found directly at the Microsoft Patch Tuesday February 2024 Security Guide

Indicators of Compromise

No specific Indicators of Compromise (IoCs) are available currently.

Threat Landscape

Last month, Microsoft published remediations for 49 security flaws in the January 2024 Patch Tuesday release, including 12 RCE vulnerabilities. Moving into the February disclosure, RCE remains a concern and focus of Microsoft and Security Researchers.

Threat Group

No attribution to specific threat actors or groups has been identified at the time of writing.

Mitre Methodologies

Tactics:

TA0002 – Execution

TA0004 – Privilege Escalation