In its February 2024 Patch Tuesday updates, Microsoft released a series of patches to address a total of 73 security flaws, which included two zero-day vulnerabilities that were being actively exploited. Of the 73 vulnerabilities addressed, five were classified as ‘Critical’, while 65 were termed ‘Important’, and three as ‘Moderate’ in severity.
The two zero-day vulnerabilities identified as being actively targeted were CVE-2024-21351 (Windows SmartScreen Security Bypass) and CVE-2024-21412 (Internet Shortcut Files Security Feature Bypass Vulnerability). The first vulnerability, with a CVSS score of 7.6, allowed attackers to insert code into SmartScreen and potentially execute code, leading to potential data disclosure or a lack of system availability. Microsoft stated that an authorized attacker must send the user a malicious file and convince them to open it, allowing an attacker to bypass the SmartScreen user experience. Microsoft did not disclose the extent of these attacks, although an increase in the number of exploits was anticipated. The second vulnerability allowed an unauthenticated attacker to send a specially crafted file to the targeted user to bypass displayed security checks.
According to a Trend Micro report, the Water Hydra APT has been using the CVE-2024-21412 vulnerability to infect victims with the malware DarkMe. Researchers found that Water Hydra developed a proof-of-concept (PoC) for additional testing and discovered that the original shortcut bypassed the CVE-2023-36025 patch while evading SmartScreen security measures.
In addition to these zero-day vulnerabilities, Microsoft addressed five critical security vulnerabilities, including those associated with privilege elevation, denial of service, remote code execution, and information disclosure, in its Patch Tuesday release. Other vendors, including Google, Adobe, Cisco, ExpressVPN, Ivanti, Fortinet, Linux, SAP, and JetBrains also provided security upgrades in recent weeks to address multiple vulnerabilities.
Microsoft released a complete list of the 73 CVEs addressed in the February 2024 Patch Tuesday updates. As cyber threats continue to evolve, staying updated on cybersecurity news, whitepapers, and infographics is crucial for individuals and organizations. Following reputable sources on platforms such as LinkedIn and Twitter can help users stay informed and protected.