⚡ TL;DR | Go Straight to the February 2024 Patch Tuesday Audit Report
Patch Tuesday is once again upon us. As always, our team has put together the monthly Patch Tuesday Report to help you manage your update progress. The audit report gives you a quick and clear overview of your Windows machines and their patching status. The February 2024 edition of Patch Tuesday brings us 73 new fixes, with 5 rated as critical. We’ve listed the most important changes below.
Internet Shortcut Files Security Feature Bypass Vulnerability
We start this Patch Tuesday off with CVE-2024-21412, while its not one of the critical vulnerabilities, the reason why we start with it is because Microsoft lists it as being exploited. Making it top priority since an unauthenticated attacker could a specially crafted file that is designed to bypass displayed security checks to users.
While there is no way for attackers to force exploitation, they would need to convince a user to interact with the malicious file.
Windows SmartScreen Security Feature Bypass Vulnerability
Similar to the previous vulnerability CVE-2024-21351 is not listed as critical, but has been exploited. Also similar is that an attacker must convince a user to interact with a malicious file. SmartScreen is part of the windows security features and provides a reputation check for downloaded files.
Microsoft Exchange Server Elevation of Privilege Vulnerability
The most critical vulnerability this month according to CVSS score is one in Microsoft Exchange Server. CVE-2024-21410 has not yet been found to be exploited, but Microsoft does list that exploitation is more likely.
An attacker could target an NTLM client such as Outlook with an NTLM credentials-leaking type vulnerability. The leaked credentials can then be relayed against the Exchange server to gain privileges as the victim client and to perform operations on the Exchange server on the victim’s behalf.
Microsoft has added additional guidance for Exchange server 2016 and patches are available for Exchange server 2019. It has also provided a powershell script to enable Extended Protection for Authentication (EPA).
Run the Patch Tuesday February 2024 Audit
To help manage your update progress, we’ve created the Patch Tuesday Audit that checks if the assets in your network are on the latest patch updates. The report has been color-coded to see which machines are up-to-date and which ones still need to be updated. As always, system administrators are urged to update their environment as soon as possible to ensure all endpoints are secured.
The Lansweeper Patch Tuesday report is automatically added to your Lansweeper Site. Lansweeper Sites is included in all our licenses without any additional cost and allows you to federate all your installations into one single view so all you need to do is look at one report, automatically added every patch Tuesday!
Patch Tuesday February 2024 CVE Codes & Titles
| CVE Number | CVE Title |
| CVE-2024-21357 | Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability |
| CVE-2024-21413 | Microsoft Outlook Remote Code Execution Vulnerability |
| CVE-2024-20684 | Windows Hyper-V Denial of Service Vulnerability |
| CVE-2024-21380 | Microsoft Dynamics Business Central/NAV Information Disclosure Vulnerability |
| CVE-2024-21410 | Microsoft Exchange Server Elevation of Privilege Vulnerability |
| CVE-2024-20667 | Azure DevOps Server Remote Code Execution Vulnerability |
| CVE-2023-50387 | MITRE: CVE-2023-50387 DNSSEC verification complexity can be exploited to exhaust CPU resources and stall DNS resolvers |
| CVE-2024-21327 | Microsoft Dynamics 365 Customer Engagement Cross-Site Scripting Vulnerability |
| CVE-2024-21329 | Azure Connected Machine Agent Elevation of Privilege Vulnerability |
| CVE-2024-21338 | Windows Kernel Elevation of Privilege Vulnerability |
| CVE-2024-21340 | Windows Kernel Information Disclosure Vulnerability |
| CVE-2024-21349 | Microsoft ActiveX Data Objects Remote Code Execution Vulnerability |
| CVE-2024-21350 | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability |
| CVE-2024-21352 | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability |
| CVE-2024-21354 | Microsoft Message Queuing (MSMQ) Elevation of Privilege Vulnerability |
| CVE-2024-21358 | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability |
| CVE-2024-21360 | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability |
| CVE-2024-21361 | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability |
| CVE-2024-21366 | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability |
| CVE-2024-21369 | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability |
| CVE-2024-21371 | Windows Kernel Elevation of Privilege Vulnerability |
| CVE-2024-21372 | Windows OLE Remote Code Execution Vulnerability |
| CVE-2024-21375 | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability |
| CVE-2024-21379 | Microsoft Word Remote Code Execution Vulnerability |
| CVE-2024-21381 | Microsoft Azure Active Directory B2C Spoofing Vulnerability |
| CVE-2024-21386 | .NET Denial of Service Vulnerability |
| CVE-2024-21389 | Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability |
| CVE-2024-21393 | Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability |
| CVE-2024-21394 | Dynamics 365 Field Service Spoofing Vulnerability |
| CVE-2024-21396 | Dynamics 365 Sales Spoofing Vulnerability |
| CVE-2024-21401 | Microsoft Entra Jira Single-Sign-On Plugin Elevation of Privilege Vulnerability |
| CVE-2024-21402 | Microsoft Outlook Elevation of Privilege Vulnerability |
| CVE-2024-21404 | .NET Denial of Service Vulnerability |
| CVE-2024-21420 | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability |
| CVE-2024-20673 | Microsoft Office Remote Code Execution Vulnerability |
| CVE-2024-20679 | Azure Stack Hub Spoofing Vulnerability |
| CVE-2024-21304 | Trusted Compute Base Elevation of Privilege Vulnerability |
| CVE-2024-21315 | Microsoft Defender for Endpoint Protection Elevation of Privilege Vulnerability |
| CVE-2024-20695 | Skype for Business Information Disclosure Vulnerability |
| CVE-2024-21328 | Dynamics 365 Sales Spoofing Vulnerability |
| CVE-2024-21339 | Windows USB Generic Parent Driver Remote Code Execution Vulnerability |
| CVE-2024-21341 | Windows Kernel Remote Code Execution Vulnerability |
| CVE-2024-21342 | Windows DNS Client Denial of Service Vulnerability |
| CVE-2024-21343 | Windows Network Address Translation (NAT) Denial of Service Vulnerability |
| CVE-2024-21344 | Windows Network Address Translation (NAT) Denial of Service Vulnerability |
| CVE-2024-21345 | Windows Kernel Elevation of Privilege Vulnerability |
| CVE-2024-21346 | Win32k Elevation of Privilege Vulnerability |
| CVE-2024-21347 | Microsoft ODBC Driver Remote Code Execution Vulnerability |
| CVE-2024-21348 | Internet Connection Sharing (ICS) Denial of Service Vulnerability |
| CVE-2024-21353 | Microsoft WDAC ODBC Driver Remote Code Execution Vulnerability |
| CVE-2024-21355 | Microsoft Message Queuing (MSMQ) Elevation of Privilege Vulnerability |
| CVE-2024-21356 | Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability |
| CVE-2024-21359 | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability |
| CVE-2024-21362 | Windows Kernel Security Feature Bypass Vulnerability |
| CVE-2024-21363 | Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability |
| CVE-2024-21365 | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability |
| CVE-2024-21367 | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability |
| CVE-2024-21368 | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability |
| CVE-2024-21370 | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability |
| CVE-2024-21374 | Microsoft Teams for Android Information Disclosure |
| CVE-2024-21376 | Microsoft Azure Kubernetes Service Confidential Container Remote Code Execution Vulnerability |
| CVE-2024-21377 | Windows DNS Information Disclosure Vulnerability |
| CVE-2024-21378 | Microsoft Outlook Remote Code Execution Vulnerability |
| CVE-2024-21384 | Microsoft Office OneNote Remote Code Execution Vulnerability |
| CVE-2024-21391 | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability |
| CVE-2024-21395 | Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability |
| CVE-2024-21397 | Microsoft Azure File Sync Elevation of Privilege Vulnerability |
| CVE-2024-21403 | Microsoft Azure Kubernetes Service Confidential Container Elevation of Privilege Vulnerability |
| CVE-2024-21405 | Microsoft Message Queuing (MSMQ) Elevation of Privilege Vulnerability |
| CVE-2024-21406 | Windows Printing Service Spoofing Vulnerability |
| CVE-2024-21412 | Internet Shortcut Files Security Feature Bypass Vulnerability |
| CVE-2024-21351 | Windows SmartScreen Security Feature Bypass Vulnerability |
| CVE-2024-21364 | Microsoft Azure Site Recovery Elevation of Privilege Vulnerability |