February 14, 2024 at 12:51AM
Microsoft has released 73 patches to address security flaws in its software lineup for February 2024’s Patch Tuesday updates. This includes 5 Critical, 65 Important, and 3 Moderate vulnerabilities, along with fixes for the Chromium-based Edge browser. Among the critical flaws is a bypass vulnerability in Windows SmartScreen and Internet Shortcut Files, actively exploited by threat actors. Trend Micro detailed an advanced zero-day attack chain leveraging one of these vulnerabilities. Additionally, five critical flaws were patched, along with 15 remote code execution flaws in Microsoft WDAC OLE DB provider for SQL Server and a 24-year-old design flaw in the DNSSEC specification. Other vendors have also released security updates to address various vulnerabilities.
From the meeting notes, the key takeaways regarding the recent Microsoft Patch Tuesday updates for February 2024 are as follows:
– Microsoft has released patches to address 73 security flaws across its software lineup, including two zero-day vulnerabilities that are actively exploited.
– Of the 73 vulnerabilities, 5 are rated Critical, 65 are rated Important, and 3 are rated Moderate in severity.
– The two zero-day vulnerabilities are CVE-2024-21351 and CVE-2024-21412, both of which allow for bypassing security features.
– Trend Micro has detailed an attack campaign by Water Hydra targeting financial market traders using a zero-day vulnerability (CVE-2024-21412).
– Both CVE-2024-21351 and CVE-2024-21412 have been added to the Known Exploited Vulnerabilities (KEV) catalog by the U.S. Cybersecurity and Infrastructure Security Agency (CISA), urging federal agencies to apply the latest updates by March 5, 2024.
– Five critical flaws have also been patched, including vulnerabilities in Windows Hyper-V, Pragmatic General Multicast, Microsoft Dynamics Business Central/NAV, Microsoft Exchange Server, and Microsoft Outlook.
– Other vendors have also released security updates to address vulnerabilities.
These are the main points highlighted in the meeting notes.