PRUEBA AHORA
Patch Tuesday

Microsoft Patch Tuesday – February 2024

6 min. read
13/02/2024
By Esben Dochy
Microsoft-Patch-Tuesday-May-2022

⚡ TL;DR | Go Straight to the February 202Patch Tuesday Audit Report

Patch Tuesday is once again upon us. As always, our team has put together the monthly Patch Tuesday Report to help you manage your update progress. The audit report gives you a quick and clear overview of your Windows machines and their patching status. The February 2024 edition of Patch Tuesday brings us 73 new fixes, with 5 rated as critical. We’ve listed the most important changes below.

Internet Shortcut Files Security Feature Bypass Vulnerability

We start this Patch Tuesday off with CVE-2024-21412, while its not one of the critical vulnerabilities, the reason why we start with it is because Microsoft lists it as being exploited. Making it top priority since an unauthenticated attacker could a specially crafted file that is designed to bypass displayed security checks to users.

While there is no way for attackers to force exploitation, they would need to convince a user to interact with the malicious file.

Windows SmartScreen Security Feature Bypass Vulnerability

Similar to the previous vulnerability CVE-2024-21351 is not listed as critical, but has been exploited. Also similar is that an attacker must convince a user to interact with a malicious file. SmartScreen is part of the windows security features and provides a reputation check for downloaded files.

Microsoft Exchange Server Elevation of Privilege Vulnerability

The most critical vulnerability this month according to CVSS score is one in Microsoft Exchange Server. CVE-2024-21410 has not yet been found to be exploited, but Microsoft does list that exploitation is more likely.

An attacker could target an NTLM client such as Outlook with an NTLM credentials-leaking type vulnerability. The leaked credentials can then be relayed against the Exchange server to gain privileges as the victim client and to perform operations on the Exchange server on the victim’s behalf. 

Microsoft has added additional guidance for Exchange server 2016 and patches are available for Exchange server 2019. It has also provided a powershell script to enable Extended Protection for Authentication (EPA).

Run the Patch Tuesday February 2024 Audit

To help manage your update progress, we’ve created the Patch Tuesday Audit that checks if the assets in your network are on the latest patch updates. The report has been color-coded to see which machines are up-to-date and which ones still need to be updated. As always, system administrators are urged to update their environment as soon as possible to ensure all endpoints are secured.

The Lansweeper Patch Tuesday report is automatically added to your Lansweeper Site. Lansweeper Sites is included in all our licenses without any additional cost and allows you to federate all your installations into one single view so all you need to do is look at one report, automatically added every patch Tuesday!

Patch Tuesday February 2024 CVE Codes & Titles

CVE NumberCVE Title
CVE-2024-21357Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability
CVE-2024-21413Microsoft Outlook Remote Code Execution Vulnerability
CVE-2024-20684Windows Hyper-V Denial of Service Vulnerability
CVE-2024-21380Microsoft Dynamics Business Central/NAV Information Disclosure Vulnerability
CVE-2024-21410Microsoft Exchange Server Elevation of Privilege Vulnerability
CVE-2024-20667Azure DevOps Server Remote Code Execution Vulnerability
CVE-2023-50387MITRE: CVE-2023-50387 DNSSEC verification complexity can be exploited to exhaust CPU resources and stall DNS resolvers
CVE-2024-21327Microsoft Dynamics 365 Customer Engagement Cross-Site Scripting Vulnerability
CVE-2024-21329Azure Connected Machine Agent Elevation of Privilege Vulnerability
CVE-2024-21338Windows Kernel Elevation of Privilege Vulnerability
CVE-2024-21340Windows Kernel Information Disclosure Vulnerability
CVE-2024-21349Microsoft ActiveX Data Objects Remote Code Execution Vulnerability
CVE-2024-21350Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
CVE-2024-21352Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
CVE-2024-21354Microsoft Message Queuing (MSMQ) Elevation of Privilege Vulnerability
CVE-2024-21358Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
CVE-2024-21360Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
CVE-2024-21361Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
CVE-2024-21366Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
CVE-2024-21369Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
CVE-2024-21371Windows Kernel Elevation of Privilege Vulnerability
CVE-2024-21372Windows OLE Remote Code Execution Vulnerability
CVE-2024-21375Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
CVE-2024-21379Microsoft Word Remote Code Execution Vulnerability
CVE-2024-21381Microsoft Azure Active Directory B2C Spoofing Vulnerability
CVE-2024-21386.NET Denial of Service Vulnerability
CVE-2024-21389Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability
CVE-2024-21393Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability
CVE-2024-21394Dynamics 365 Field Service Spoofing Vulnerability
CVE-2024-21396Dynamics 365 Sales Spoofing Vulnerability
CVE-2024-21401Microsoft Entra Jira Single-Sign-On Plugin Elevation of Privilege Vulnerability
CVE-2024-21402Microsoft Outlook Elevation of Privilege Vulnerability
CVE-2024-21404.NET Denial of Service Vulnerability
CVE-2024-21420Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
CVE-2024-20673Microsoft Office Remote Code Execution Vulnerability
CVE-2024-20679Azure Stack Hub Spoofing Vulnerability
CVE-2024-21304Trusted Compute Base Elevation of Privilege Vulnerability
CVE-2024-21315Microsoft Defender for Endpoint Protection Elevation of Privilege Vulnerability
CVE-2024-20695Skype for Business Information Disclosure Vulnerability
CVE-2024-21328Dynamics 365 Sales Spoofing Vulnerability
CVE-2024-21339Windows USB Generic Parent Driver Remote Code Execution Vulnerability
CVE-2024-21341Windows Kernel Remote Code Execution Vulnerability
CVE-2024-21342Windows DNS Client Denial of Service Vulnerability
CVE-2024-21343Windows Network Address Translation (NAT) Denial of Service Vulnerability
CVE-2024-21344Windows Network Address Translation (NAT) Denial of Service Vulnerability
CVE-2024-21345Windows Kernel Elevation of Privilege Vulnerability
CVE-2024-21346Win32k Elevation of Privilege Vulnerability
CVE-2024-21347Microsoft ODBC Driver Remote Code Execution Vulnerability
CVE-2024-21348Internet Connection Sharing (ICS) Denial of Service Vulnerability
CVE-2024-21353Microsoft WDAC ODBC Driver Remote Code Execution Vulnerability
CVE-2024-21355Microsoft Message Queuing (MSMQ) Elevation of Privilege Vulnerability
CVE-2024-21356Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability
CVE-2024-21359Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
CVE-2024-21362Windows Kernel Security Feature Bypass Vulnerability
CVE-2024-21363Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability
CVE-2024-21365Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
CVE-2024-21367Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
CVE-2024-21368Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
CVE-2024-21370Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
CVE-2024-21374Microsoft Teams for Android Information Disclosure
CVE-2024-21376Microsoft Azure Kubernetes Service Confidential Container Remote Code Execution Vulnerability
CVE-2024-21377Windows DNS Information Disclosure Vulnerability
CVE-2024-21378Microsoft Outlook Remote Code Execution Vulnerability
CVE-2024-21384Microsoft Office OneNote Remote Code Execution Vulnerability
CVE-2024-21391Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
CVE-2024-21395Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability
CVE-2024-21397Microsoft Azure File Sync Elevation of Privilege Vulnerability
CVE-2024-21403Microsoft Azure Kubernetes Service Confidential Container Elevation of Privilege Vulnerability
CVE-2024-21405Microsoft Message Queuing (MSMQ) Elevation of Privilege Vulnerability
CVE-2024-21406Windows Printing Service Spoofing Vulnerability
CVE-2024-21412Internet Shortcut Files Security Feature Bypass Vulnerability
CVE-2024-21351Windows SmartScreen Security Feature Bypass Vulnerability
CVE-2024-21364Microsoft Azure Site Recovery Elevation of Privilege Vulnerability