Microsoft’s February 2024 Patch Tuesday Addresses 73 CVEs (CVE-2024-21351, CVE-2024-21412)
2024-2-14 02:51:8 Author: www.tenable.com(查看原文) 阅读量:25 收藏

Tenable Security Response Team

A blog header image featuring the Tenable Research logo and title card about Microsoft Patch Tuesday mentioning zero-day vulnerabilities exploited. Microsoft’s February 2024 Patch Tuesday Addresses 73 CVEs including two zero-day vulnerabilities exploited in the wild.

  1. 5Critical
  2. 66Important
  3. 2Moderate
  4. 0Low

Microsoft addresses 73 CVEs, including two zero-day vulnerabilities that were exploited in the wild.

Microsoft patched 73 CVEs in its February Patch Tuesday release, with five rated critical, 66 rated as important and two rated as moderate.

A pie chart showing the severity distribution across the Patch Tuesday CVEs patched in February 2024. 66 (or 90.4%) were rated important, while 5 (or 6.8%) rated critical, and 2 (or 2.7%) were rated moderate.

This month’s update includes patches for:

  • .NET
  • Azure Active Directory
  • Azure Connected Machine Agent
  • Azure DevOps
  • Azure File Sync
  • Azure Site Recovery
  • Azure Stack
  • Internet Shortcut Files
  • Microsoft ActiveX
  • Microsoft Azure Kubernetes Service
  • Microsoft Defender for Endpoint
  • Microsoft Dynamics
  • Microsoft Edge (Chromium-based)
  • Microsoft Exchange Server
  • Microsoft Office
  • Microsoft Office OneNote
  • Microsoft Office Outlook
  • Microsoft Office Word
  • Microsoft Teams for Android
  • Microsoft WDAC ODBC Driver
  • Microsoft WDAC OLE DB provider for SQL
  • Microsoft Windows
  • Microsoft Windows DNS
  • Role: DNS Server
  • SQL Server
  • Skype for Business
  • Trusted Compute Base
  • Windows Hyper-V
  • Windows Internet Connection Sharing (ICS)
  • Windows Kernel
  • Windows LDAP - Lightweight Directory Access Protocol
  • Windows Message Queuing
  • Windows OLE
  • Windows SmartScreen
  • Windows USB Serial Driver
  • Windows Win32K - ICOMP

A pie chart showing the count by impact of CVEs patched in the February 2024 Patch Tuesday release, led by Remote Code Execution vulnerabilities at 30, followed by Elevation of Privilege at 16, Spoofing at 10, Denial of Service at 9, Information Disclosure at 5 and Security Feature Bypass at 3.

Remote code execution (RCE) vulnerabilities accounted for 41.1% of the vulnerabilities patched this month, followed by elevation of privilege (EoP) vulnerabilities at 21.9%.

CVE-2024-21351 | Windows SmartScreen Security Feature Bypass Vulnerability

CVE-2024-21351 is a security feature bypass vulnerability in Windows SmartScreen. It was assigned a CVSSv3 score of 7.6 and is rated moderate. An attacker could exploit this vulnerability by convincing a target to open a malicious file. Successful exploitation would bypass SmartScreen security features. According to Microsoft, this vulnerability has been exploited in the wild as a zero-day, though no specific details about exploitation were available at the time this blog was published.

Since 2022, there have been five Windows SmartScreen vulnerabilities disclosed across Patch Tuesday. All five have been exploited in the wild as zero-days.

CVE-2024-21412 | Internet Shortcut Files Security Feature Bypass Vulnerability

CVE-2024-21412 is a security feature bypass in Internet Shortcut Files. It was assigned a CVSSv3 score of 8.1 and is rated important. Exploitation of this flaw requires an attacker to convince their intended target to open a malicious Internet Shortcut File using social engineering.

According to Microsoft, this vulnerability was exploited in the wild as a zero-day. It was disclosed to Microsoft by several researchers including Pter Girnus of Trend Micro’s Zero Day Initiative, Dima Lenz and Vlad Stolyarov of Google’s Threat Analysis Group (TAG) and dwbzn with Aura Information Security. No specific details about this zero-day vulnerability was available at the time of the February Patch Tuesday release.

CVE-2024-21410 | Microsoft Exchange Server Elevation of Privilege Vulnerability

CVE-2024-21410 is a critical EoP vulnerability with a CVSSv3 score of 9.8 and is rated “Exploitation More Likely” according to the Microsoft Exploitability Index. Successful exploitation of this flaw would allow an attacker to relay a New Technology LAN Manager Version 2 (NTLMv2) hash against a vulnerable server. NTLM hashes could be abused in NTLM relay or pass-the-hash attacks to further an attacker's foothold into an organization.

According to Microsoft, Exchange Server 2019 Cumulative Update 14 and prior did not enable NTLM credentials Relay Protections by default. Microsoft’s advisory provides a link to a script to enable the protection and recommends installing the latest cumulative update, even if the script to enable the NTLM credentials Relay Protections has been run.

Microsoft Exchange Server has been a favored target by threat actors and ransomware groups alike, with multiple vulnerabilities having been exploited in-the-wild and encompassing some of the top routinely exploited vulnerabilities of 2022. Vulnerabilities like ProxyLogon (CVE-2021-26855), ProxyShell (CVE-2021-34473, CVE-2021-34523 and CVE-2021-31207) and ProxyNotShell (CVE-2022-41040 and CVE-2022-41082) have been heavily used by threat actors and have been discussed in multiple blog posts by our team, including being featured in our 2021 and 2022 Threat Landscape Reports.

At the time this blog was published, no known exploitation has been observed for CVE-2024-21410, however with opportunistic attackers favoring Microsoft Exchange, this is a vulnerability to remediate as quickly as possible.

CVE-2024-21378 | Microsoft Outlook Remote Code Execution Vulnerability

CVE-2024-21378 is a RCE vulnerability affecting Microsoft Outlook. This flaw is rated as “Exploitation More Likely” and was assigned a CVSSv3 score of 8.0. In order to exploit this flaw, an attacker would need to be authenticated with LAN-access and have a valid login for an Exchange user. If the attacker meets those requirements, they would then have to send their maliciously crafted file to a user and entice them to open it. According to Microsoft, the preview pane is an attack vector, meaning that simply previewing a specially crafted file can cause the exploit to trigger.

CVE-2024-21338, CVE-2024-21345 and CVE-2024-21371 | Windows Kernel Elevation of Privilege Vulnerability

CVE-2024-21338, CVE-2024-21345 and CVE-2024-21371 are EoP vulnerabilities affecting the Windows Kernel. The vulnerabilities were each given different CVSSv3 scores varying from 8.8 for CVE-2024-21345 to 7.0 for CVE-2024-21371 with each rated as “Exploitation More Likely.” An attacker could exploit these vulnerabilities as part of post-compromise activity to elevate privileges to SYSTEM.

In addition to these EoP vulnerabilities, three additional Windows Kernel vulnerabilities were patched this month:

CVEDescriptionCVSSv3
CVE-2024-21340Windows Kernel Information Disclosure Vulnerability4.6
CVE-2024-21341Windows Kernel Remote Code Execution Vulnerability6.8
CVE-2024-21362Windows Kernel Security Feature Bypass Vulnerability5.5

Tenable Solutions

A list of all the plugins released for Tenable’s February 2024 Patch Tuesday update can be found here. As always, we recommend patching systems as soon as possible and regularly scanning your environment to identify those systems yet to be patched.

For more specific guidance on best practices for vulnerability assessments, please refer to our blog post on How to Perform Efficient Vulnerability Assessments with Tenable.

Get more information

Join Tenable's Security Response Team on the Tenable Community.

Learn more about Tenable One, the Exposure Management Platform for the modern attack surface.

Tenable Security Response Team

Tenable Security Response Team

The Tenable Security Response Team (SRT) tracks threat and vulnerability intelligence feeds to ensure our research teams can deliver sensor coverage to our products as quickly as possible. The SRT also works to analyze and assess technical details and writes white papers, blogs and additional communications to ensure stakeholders are fully informed of the latest risks and threats. The SRT provides breakdowns for the latest vulnerabilities on the Tenable blog.

Related Articles

  • Exposure Management
  • Vulnerability Management

Cybersecurity News You Can Use

Enter your email and never miss timely alerts and security guidance from the experts at Tenable.

Tenable Vulnerability Management

Formerly Tenable.io

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

Tenable Vulnerability Management

Formerly Tenable.io

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose Your Subscription Option:

Thank You

Thank you for your interest in Tenable Vulnerability Management. A representative will be in touch soon.

Tenable Vulnerability Management

Formerly Tenable.io

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

Tenable Vulnerability Management

Formerly Tenable.io

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose Your Subscription Option:

Thank You

Thank you for your interest in Tenable.io. A representative will be in touch soon.

Tenable Vulnerability Management

Formerly Tenable.io

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

Tenable Vulnerability Management

Formerly Tenable.io

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose Your Subscription Option:

Thank You

Thank you for your interest in Tenable Vulnerability Management. A representative will be in touch soon.

Try Tenable Web App Scanning

Formerly Tenable.io Web Application Scanning

Enjoy full access to our latest web application scanning offering designed for modern applications as part of the Tenable One Exposure Management platform. Safely scan your entire online portfolio for vulnerabilities with a high degree of accuracy without heavy manual effort or disruption to critical web applications. Sign up now.

Your Tenable Web App Scanning trial also includes Tenable Vulnerability Management and Tenable Lumin.

Buy Tenable Web App Scanning

Formerly Tenable.io Web Application Scanning

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

Try Tenable Lumin

Visualize and explore your exposure management, track risk reduction over time and benchmark against your peers with Tenable Lumin.

Your Tenable Lumin trial also includes Tenable Vulnerability Management and Tenable Web App Scanning.

Buy Tenable Lumin

Contact a Sales Representative to see how Tenable Lumin can help you gain insight across your entire organization and manage cyber risk.

Thank You

Thank you for your interest in Tenable Lumin. A representative will be in touch soon.

Request a demo of Tenable Security Center

Formerly Tenable.sc

Please fill out this form with your contact information.

A sales representative will contact you shortly to schedule a demo.

* Field is required

Request a demo of Tenable OT Security

Formerly Tenable.ot

Get the Operational Technology Security You Need.

Reduce the Risk You Don’t.

Request a demo of Tenable Identity Exposure

Formerly Tenable.ad

Continuously detect and respond to Active Directory attacks. No agents. No privileges.

On-prem and in the cloud.

Request a Demo of Tenable Cloud Security

Exceptional unified cloud security awaits you!

We’ll show you exactly how Tenable Cloud Security helps you deliver multi-cloud asset discovery, prioritized risk assessments and automated compliance/audit reports.

See
Tenable One
In Action

Exposure management for the modern attack surface.

See Tenable Attack Surface Management In Action

Formerly Tenable.asm

Know the exposure of every asset on any platform.

Thank You

Thank you for your interest in Tenable Attack Surface Management. A representative will be in touch soon.

Try Tenable Nessus Professional Free

FREE FOR 7 DAYS

Tenable Nessus is the most comprehensive vulnerability scanner on the market today.

NEW - Tenable Nessus Expert
Now Available

Nessus Expert adds even more features, including external attack surface scanning, and the ability to add domains and scan cloud infrastructure. Click here to Try Nessus Expert.

Fill out the form below to continue with a Nessus Pro Trial.

Buy Tenable Nessus Professional

Tenable Nessus is the most comprehensive vulnerability scanner on the market today. Tenable Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy a multi-year license and save. Add Advanced Support for access to phone, community and chat support 24 hours a day, 365 days a year.

Try Tenable Nessus Expert Free

FREE FOR 7 DAYS

Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.

Already have Tenable Nessus Professional?
Upgrade to Nessus Expert free for 7 days.

Buy Tenable Nessus Expert

Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.

Learn How Tenable Helps Achieve SLCGP Cybersecurity Plan Requirements

Tenable solutions help fulfill all SLCGP requirements. Connect with a Tenable representative to learn more.


文章来源: https://www.tenable.com/blog/microsofts-feb-2024-patch-tuesday-cve-2024-21351-cve-2024-21412
如有侵权请联系:admin#unsafe.sh