Microsoft’s February Patch Tuesday security update, scheduled for release, will include fixes for two zero-day security vulnerabilities known to be under active attack by cybercriminals. The update will also address 71 other flaws affecting a wide range of Microsoft products with the potential to cause significant harm.
In total, five of the vulnerabilities that are being patched in February are rated as critical, indicating a high risk of exploitation by attackers. Furthermore, 66 of the issues have been deemed important, and two have been classified as moderate. The need for prompt patching is evident given the potential consequences of these vulnerabilities.
The update is aimed at addressing vulnerabilities in several key Microsoft products, including Microsoft Office, Windows, Microsoft Exchange Server, the company’s Chromium-based Edge browser, Azure Active Directory, Microsoft Defender for Endpoint, and Skype for business. These patches are expected to cover a range of issues, from remote code execution (RCE) vulnerabilities and privilege escalation to distributed denial-of-service attacks, information disclosure flaws, and security bypass issues.
One of the zero-day vulnerabilities, identified as CVE-2024-21412, has been exploited by a threat actor known as Water Hydra (or Dark Casino). This flaw allows attackers to bypass a security feature involving Internet Shortcut Files, which has given them the ability to target organizations in the financial sector. Using this vulnerability, attackers have been able to gain initial access to systems belonging to financial traders and drop the DarkMe remote access Trojan on targeted systems. This type of attack, if left unaddressed, has the potential to cause severe damage to the financial sector.
The other zero-day vulnerability disclosed by Microsoft this month affects Defender SmartScreen and is noted as CVE-2024-21351. It is a medium-severity bug that allows attackers to bypass SmartScreen protections and inject code to potentially gain remote code execution capabilities. Though details about attackers exploiting this vulnerability are not readily available, its existence poses a potential risk to systems where it is not patched.
One of the critical vulnerabilities that has received attention in this update is CVE-2024-21410, a privilege escalation vulnerability in Exchange Server, known to be a valuable target for attackers. This flaw exposes a user’s Net-New Technology LAN Manager (NTLM) version 2 hash, which attackers can then exploit to authenticate to an affected Exchange Server as the user. Because vulnerabilities like these can disclose sensitive information, Microsoft recommends that Exchange admins install the necessary updates and enable the Extended Protection for Authentication (EPA) feature to mitigate the risk of exploitation.
In summary, the patches to be issued by Microsoft in February, while numerous, address several critical and high-priority vulnerabilities with the potential for severe exploitation. Admins are strongly advised to apply these patches promptly to mitigate the risk of potential attacks and protect their systems from zero-day attacks and other vulnerabilities.