Skip to content

Microsoft’s February 2024 Patch Tuesday Update

News
| 1 minute read

The first Tuesday of every month marks Microsoft’s Patch Tuesday update. This month’s update addresses security concerns by addressing 73 flaws, including two zero-day vulnerabilities currently being exploited.

Within this update, five critical vulnerabilities have been remedied. These include issues such as denial of service, remote code execution, information disclosure, and elevation of privileges vulnerabilities.

Below are the quantities of bugs within each vulnerability category:

• 16 Elevation of Privilege Vulnerabilities

• 3 Security Feature Bypass Vulnerabilities

• 30 Remote Code Execution Vulnerabilities

• 5 Information Disclosure Vulnerabilities

• 9 Denial of Service Vulnerabilities

• 10 Spoofing Vulnerabilities

The tally of 73 flaws does not incorporate 6 Microsoft Edge flaws addressed on February 8th, along with 1 Mariner flaw.

Two Zero-Days remediated

This month's Patch Tuesday addresses two zero-day vulnerabilities that are actively exploited, as defined by Microsoft as flaws that are publicly disclosed or currently being exploited without an official fix available.

The two zero-day vulnerabilities addressed in today's updates are:

CVE-2024-21351 - Windows SmartScreen Security Feature Bypass Vulnerability

Microsoft has addressed a Windows SmartScreen vulnerability that is actively exploited, enabling attackers to circumvent SmartScreen security checks.

It isn’t known how the flaw was abused in attacks or by what threat actor.

CVE-2024-21412 - Vulnerability in Internet Shortcut Files Bypassing Security Features

Microsoft has resolved a vulnerability in Internet Shortcut Files that was actively exploited and could circumvent Mark of the Web (MoTW) warnings in Windows.

According to Microsoft, "An unauthenticated attacker could send a specifically crafted file to the targeted user, aiming to bypass displayed security checks. However, the attacker lacks the ability to compel a user to view the content under their control. Instead, the user must voluntarily click on the file link."

The February 2024 Patch Tuesday Security Updates

To access the full description of each resolved vulnerability and the systems it affects, you can view the full report here.

Latest insights and articles

 
Careers

Job Vacancy | SOC Analyst

As part of our ambitious growth plans, we are seeking an experienced SOC Analyst to enhance our dynamic team.

 
Success Stories

CybaVerse Success Stories – Maxwell Adams

At CybaVerse, we believe every team member has a unique and different story to share.

 
News

Microsoft’s November 2024 Patch Tuesday Update

On November 12, 2024, Microsoft rolled out its latest Patch Tuesday updates addressing 91 vulnerabilities,...

The Future of Cyber Security.

Contact us