HomeCII/OTFat Patch Tuesday: February 2024 Edition - Krebs on Security

Fat Patch Tuesday: February 2024 Edition – Krebs on Security

Published on

spot_img

Microsoft Corp. released software updates on Tuesday to fix over 70 security holes in its Windows operating systems and related products. Included in these patches are fixes for two zero-day vulnerabilities that have been actively exploited.

One of the zero-day flaws, identified as CVE-2024-21412, is classified as a “security feature bypass” in the way Windows handles Internet Shortcut Files. This bug has been targeted in active exploits, and attackers would need to trick a user into opening a malicious shortcut file. The ongoing exploitation of CVE-2024-21412 has been linked to an advanced persistent threat group known as “Water Hydra,” which exploits the vulnerability to unload a remote access trojan (RAT) onto infected Windows systems.

The second zero-day flaw, known as CVE-2024-21351, is another security feature bypass in the Windows SmartScreen component, which screens out potentially malicious files downloaded from the Web. This vulnerability alone is not enough for an attacker to compromise a user’s workstation. However, it could be used in conjunction with a spear phishing attack to deliver a malicious file.

According to Satnam Narang, senior staff research engineer at Tenable, the zero-day vulnerability related to Microsoft Exchange Server, known as CVE-2024-21410, can be leveraged to disclose sensitive information like NTLM hashes, which could be utilized in an NTLM relay or “pass the hash” attack. It is important to note that attackers could potentially carry out these types of attacks if the Exchange Server 2019 Cumulative Update 14 (CU14) does not enable Extended Protection for Authentication (EPA) by default.

Another critical remote code execution bug, CVE-2024-21413, was also highlighted by Rapid7’s lead software engineer, Adam Barnett. This vulnerability affects Microsoft Office and could be exploited by just viewing a specially-crafted message in the Outlook Preview pane.

With this latest wave of patches, Microsoft hopes to address the increasing trend of zero-day vulnerabilities being exploited in the wild. However, Microsoft Office 2016 administrators who apply patches outside of Microsoft Update should take note of the various patches that must be installed to achieve remediation of CVE-2024-21413.

It’s essential for Windows end-users to stay current with the latest security updates from Microsoft. It’s generally a good idea to update within a few days of Patch Tuesday to allow time for Microsoft to fix any issues with its patches. Additionally, keeping an eye on websites like Askwoody.com can provide valuable information about potential problems with specific Microsoft updates.

For a more detailed breakdown of the individual flaws addressed by Microsoft in the recent update, you can refer to the SANS Internet Storm Center’s list. These updates are critical to ensuring the security and integrity of Windows operating systems and should be implemented as soon as possible.

Source link

Latest articles

Opera Browser Introduces Native Paste Protection to Prevent Clipboard Hijacking and Code Injection Attacks

Opera Software has recently rolled out a new native security feature known as “Paste...

Navigating Identity, Access, and Data Protection for AI Agents Webinar

Navigating the Complexities of AI Security: Insights from Okta and Zscaler In today's rapidly advancing...

Criminals Impersonate Interpol in Phishing Emails to Distribute Ransomware

Cybercriminals Masking as Law Enforcement Agencies Launch Phishing Campaign Targeting Businesses In a worrying development...

Argo CD Vulnerability Highlights the Need to Treat GitOps Infrastructure as Tier Zero

Evaluating Security Measures in GitOps Infrastructure: The Insights from Experts In the realm of modern...

More like this

Opera Browser Introduces Native Paste Protection to Prevent Clipboard Hijacking and Code Injection Attacks

Opera Software has recently rolled out a new native security feature known as “Paste...

Navigating Identity, Access, and Data Protection for AI Agents Webinar

Navigating the Complexities of AI Security: Insights from Okta and Zscaler In today's rapidly advancing...

Criminals Impersonate Interpol in Phishing Emails to Distribute Ransomware

Cybercriminals Masking as Law Enforcement Agencies Launch Phishing Campaign Targeting Businesses In a worrying development...