Microsoft Patch Tuesday for February 2024 Fixes 73 Vulnerabilities

Microsoft Patch Tuesday security updates for February 2024 addressed a total of 73 flaws, including five critical vulnerabilities.

Microsoft regularly releases an anticipated batch of security patches and updates for various products and services on every second Tuesday of the month. And keep this tradition today Microsoft addresses 73 security bugs in its February 2024 Patch Tuesday update. Five of the vulnerabilities fixed today were classified as Critical as they enable attackers to achieve remote code execution, privilege elevation, or spoofing, and 68 are rated Important or moderate in severity. It also includes two actively exploited zero-days (CVE-2024-21412 and CVE-2024-21351), both of which are security feature bypass flaws.

- Advertisement -

Five Critical Severity Vulnerabilities: 

  • CVE-2024-21410 (CVSS score: 9.8) – Microsoft Exchange Server Elevation of Privilege Vulnerability
  • CVE-2024-21413 (CVSS score: 9.8) – Microsoft Outlook Remote Code Execution Vulnerability
  • CVE-2024-21380 (CVSS score: 8.0) – Microsoft Dynamics Business Central/NAV Information Disclosure Vulnerability
  • CVE-2024-21357 (CVSS score: 7.5) – Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability
  • CVE-2024-20684 (CVSS score: 6.5) – Windows Hyper-V Denial of Service Vulnerability

 Microsoft addresses 73 CVEs in its February 2024 Patch Tuesday update including 5 rated as critical.

Microsoft Patch Tuesday for February 2024

February 2024 Microsoft Patch Tuesday, various products and components received updates to address vulnerabilities. These include Microsoft Office, .NET frameworks, Azure services, and more. The updates address issues like Denial of Service, Elevation of Privilege, Remote Code Execution, and more, contributing to a more secure software environment.

  • 16 Elevation of privilege (EoP) bugs, (Important 15, Critical 1)
  • 30 Remote code execution (RCE) vulnerabilities, (Important 29 Critical 2)
  • 5 Information disclosure bugs, (important 4, Critical 1)
  • 9 denial of service bugs, (Important 8, Critical 1)
  • 10 spoofing Vulnerability (Important 10)
  • 3 Security Feature Bypass Vulnerability (Important 3)

Two Zero-day vulnerabilities addressed

CVE-2024-21412 involves Internet Shortcut Files, allowing attackers to bypass security checks by targeting users with specially crafted files. Although rated Important by Microsoft, it has been confirmed exploited in the wild, warranting a critical priority treatment.

- Advertisement -

Similarly, CVE-2024-21351 pertains to Windows SmartScreen, enables attackers to send malicious files that bypass SmartScreen security measures. Despite Microsoft rating it as moderate, the confirmed exploitation demands it be treated as a critical priority.

Five Critical vulnerabilities addressed

CVE-2024-21357: Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability

  • PGM is a protocol used for reliable data transmission.
  • The vulnerability allows attackers on the same network to execute code on vulnerable systems.
  • However, it’s limited to systems within the same network segment as the attacker.
  • Before exploiting it, attackers need to make some preparations on the target environment.

CVE-2024-21413: Microsoft Office Remote Code Execution Vulnerability

- Advertisement -
  • Attackers can bypass Office Protected View, gaining high privileges like read, write, and delete functions.
  • This vulnerability allows attackers to execute code remotely.
  • By exploiting it, attackers can compromise the security of Office documents.

CVE-2024-20684: Windows Hyper-V Denial of Service Vulnerability

  • Hyper-V is used for virtualization, allowing professionals to run multiple operating systems.
  • This vulnerability can disrupt the functionality of Hyper-V hosts by exploiting guests.
  • It doesn’t allow attackers to gain control but can cause service disruptions.

CVE-2024-21380: Microsoft Dynamics Business Central/NAV Information Disclosure Vulnerability

  • Dynamics NAV is an ERP system used by businesses for various functions.
  • Attackers exploit a race condition to trick users into clicking specially crafted URLs.
  • Successful exploitation allows access to sensitive user data, potentially leading to unauthorized access or data compromise.

CVE-2024-21410: Microsoft Exchange Server Elevation of Privilege Vulnerability

  • Exchange Server provides email and collaboration services.
  • Attackers exploit a vulnerability in NTLM authentication, commonly used in Windows environments.
  • They steal NTLM credentials from users, gaining unauthorized access to the Exchange server.
  • This can lead to impersonation and unauthorized actions on the server, compromising user accounts and data.

Windows security updates

In addition to the security fixes, Microsoft has also published an update for the Windows Update service to improve its reliability and performance.

  • KB5034765 for Windows 11 version 23H2 (OS build 22631.3155) and 22H2 (OS Build 22621.3155)
  • KB5034766 for Windows 11 version 21H1 (OS Build 22000.2777)
  • KB5034763 for windows 10 version 22H2 (OS build 19045.4046)
  • KB5034768 for Windows 10 version 1809 (OS Build 17763.5456)
  • KB5034767 for Windows 10 version 1607 (OS Build 14393.6709)

Windows 11 KB5034765 and Windows 10 KB5034763 address the following vulnerabilities.

  • Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability — CVE-2024-21357
  • Windows Hyper-V Denial of Service Vulnerability — CVE-2024-20684

Also, address various issues including the explorer.exe issue that could cause it to stop responding. Improves downloads of Windows Metadata and Internet Services (WMIS) by enabling HTTPS support. Another fixed issue involves a bug that affects the Certificate Authority snap-in. The Delta CRL option could not be selected. Furthermore, the update corrects Windows 11 upgrade error 0xd0000034 occur when updating “eligible devices to Windows 11” using Windows Update.

In addition to this Windows 11 KB5034765 fixes a Narrator issue that caused it to be slow when using Natural Voices.

You can read the complete changelog on the Microsoft support site here.

Windows 7 and Windows 8.1 reached the End of support from Microsoft, which means the company no longer provides frequent updates or security patches for these operating systems. For more information please visit the Microsoft lifecycle page at https://learn.microsoft.com/en-us/lifecycle/end-of-support/end-of-support-2023

Download the Windows 10 update

All these security updates are automatically downloaded and installed via Windows update. Or you can force Windows update from settings, update & security check for updates to install February 2024 patch updates immediately on your device.

Windows 10 update KB5034763

If you are Looking for Windows 10 22H2 Update ISO image click here Or check How to Upgrade to Windows 10 version 22H2 Using the media creation tool.

If you face any difficulty while installing these updates, Check the Windows 10 Update troubleshooting guide to fix the Windows 10 Cumulative update stuck downloading, failed to install with different errors, etc.

What time do Patch Tuesday patches come out?

  • Microsoft schedules the release of security updates on “Patch Tuesday,” the second Tuesday of each month at 10:00 AM PST.

Is Patch Tuesday weekly or monthly?

  • Patch Tuesday falls on the second Tuesday of each month. The upcoming Patch Tuesday is on March 12, 2024.

Why did the second Tuesday of every month called Patch Tuesday?

  • The second Tuesday of the month is referred to as “Patch Tuesday” because Microsoft attempts to combine the largest updates into this maintenance window.

What is the latest update for Windows 11 February 2024?

  • The latest Windows 11 KB5034765 for version 22H2 and 23H2 and KB5034763 for Windows 10 version 22H/21H2.

What is the zero-day patch?

  • The term “Zero-Day” is used when security teams are unaware of their software vulnerability, and they’ve had “0” days to work on a security patch or an update to fix the issue.

Also read:

- Advertisement -

More from this stream

Recomended