Microsoft’s February 2024 Patch Tuesday Addresses 73 Flaws and Two Zero-Days

February 13, 2024

The February 2024 Patch Tuesday from Microsoft addresses a total of 73 vulnerabilities, including two zero-days that are currently being exploited. The vulnerabilities range from critical issues such as denial of service and remote code execution to information disclosure and elevation of privileges.

The Patch Tuesday does not include fixes for 6 Microsoft Edge flaws that were addressed on February 8th and 1 Mariner flaw. More information on non-security updates released on the same day can be found in dedicated articles on the new Windows 11 KB5034765 cumulative update and the Windows 10 KB5034763 update.

Among the vulnerabilities addressed this month, two zero-day flaws were actively being exploited. These are classified by Microsoft as flaws that have been publicly disclosed or are being actively exploited with no official fix available.

The first zero-day, CVE-2024-21351, is a Windows SmartScreen Security Feature Bypass Vulnerability. Microsoft has addressed this vulnerability, which was being actively exploited, allowing attackers to bypass SmartScreen security checks. According to Microsoft, 'An authorized attacker must send the user a malicious file and convince the user to open it.' The company further explained that 'An attacker who successfully exploited this vulnerability could bypass the SmartScreen user experience.' The identity of the threat actor exploiting this flaw is unknown. The vulnerability was discovered by Eric Lawrence of Microsoft.

The second zero-day, CVE-2024-21412, is an Internet Shortcut Files Security Feature Bypass Vulnerability. Microsoft has addressed this flaw, which could enable an attacker to bypass Mark of the Web (MoTW) warnings in Windows. Microsoft explains that 'An unauthenticated attacker could send the targeted user a specially crafted file that is designed to bypass displayed security checks.' However, the attacker would have no way to force the user to view the attacker-controlled content. Instead, they would have to convince the user to take action by clicking on the file link. This flaw was discovered by Peter Girnus (gothburz) of Trend Micro's Zero Day Initiative and was actively exploited by the APT group DarkCasino (Water Hydra) in a campaign targeting financial traders. Other researchers including dwbzn with Aura Information Security and Dima Lenz and Vlad Stolyarov of Google's Threat Analysis Group also independently discovered the flaw. Details on how the CVE-2024-21351 flaw was exploited in attacks have not been provided by Microsoft.

The February 2024 Patch Tuesday updates resolve a comprehensive list of vulnerabilities. For a full description of each vulnerability and the systems it affects, a complete report is available.

Latest News

• Bumblebee Malware Resurfaces after Four Months, Targets US Organizations
• CISA Adds Roundcube Webmail XSS Vulnerability to its Known Exploited Vulnerabilities Catalog
• Ivanti SSRF Flaw Exploited by Hackers to Deploy New DSLog Backdoor
• C3RB3R Ransomware Exploits Confluence Vulnerability
• Raspberry Robin Worm Incorporates Two New 1-Day LPE Exploits