News

Microsoft’s February 2024 Patch Tuesday Update

February 20, 2024
Microsoft’s February 2024 Patch Tuesday Update

The first Tuesday of every month marks Microsoft’s Patch Tuesday update. This month’s update addresses security concerns by addressing 73 flaws, including two zero-day vulnerabilities currently being exploited.

Within this update, five critical vulnerabilities have been remedied. These include issues such as denial of service, remote code execution, information disclosure, and elevation of privileges vulnerabilities.

Below are the quantities of bugs within each vulnerability category:

• 16 Elevation of Privilege Vulnerabilities

• 3 Security Feature Bypass Vulnerabilities

• 30 Remote Code Execution Vulnerabilities

• 5 Information Disclosure Vulnerabilities

• 9 Denial of Service Vulnerabilities

• 10 Spoofing Vulnerabilities

The tally of 73 flaws does not incorporate 6 Microsoft Edge flaws addressed on February 8th, along with 1 Mariner flaw.

Two Zero-Days remediated

This month's Patch Tuesday addresses two zero-day vulnerabilities that are actively exploited, as defined by Microsoft as flaws that are publicly disclosed or currently being exploited without an official fix available.

The two zero-day vulnerabilities addressed in today's updates are:

CVE-2024-21351 - Windows SmartScreen Security Feature Bypass Vulnerability

Microsoft has addressed a Windows SmartScreen vulnerability that is actively exploited, enabling attackers to circumvent SmartScreen security checks.

It isn’t known how the flaw was abused in attacks or by what threat actor.

CVE-2024-21412 - Vulnerability in Internet Shortcut Files Bypassing Security Features

Microsoft has resolved a vulnerability in Internet Shortcut Files that was actively exploited and could circumvent Mark of the Web (MoTW) warnings in Windows.

According to Microsoft, "An unauthenticated attacker could send a specifically crafted file to the targeted user, aiming to bypass displayed security checks. However, the attacker lacks the ability to compel a user to view the content under their control. Instead, the user must voluntarily click on the file link."

The February 2024 Patch Tuesday Security Updates

To access the full description of each resolved vulnerability and the systems it affects, you can view the full report here.

All Posts

Let's talk

We’re here to help! Submit your information or call the office on +44 (0)1243 670 854 and a member of our team would be happy to help.

Who are Cybaverse?
How can we support your business?
Why work with us?
Langstone Technology Park,
Langstone Road, Havant,
Hampshire, PO9 1SA

Cirencester Growth Hub,
The Alliston Centre, Stroud Road,
Gloucestershire, GL7 6JR
+44 (0)1243 670 854
sales@cybaverse.co.uk
LinkedIn
Consulting Services
Managed Services
Security Operations Center (SOC) Services
Managed Awareness Training
Managed Compliance
Managed Penetration Testing
Managed Detection & Response
MSSP 360
Company
© YYYY Cybaverse LTD. All rights reserved.
Registered in England with Company Number 11537535.
By clicking “Accept”, you agree to the storing of cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts. View our Privacy Policy for more information.
Deny
Accept