VERT Threat Alert: February 2024 Patch Tuesday Analysis


Today’s VERT Alert addresses Microsoft’s February 2024 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1093 as soon as coverage is completed.

In-The-Wild & Disclosed CVEs

CVE-2024-21351

This CVE describes a bypass in the Windows SmartScreen Security Feature. At this point, these bypasses have become relatively common and are frequently featured within the Patch Tuesday updates. SmartScreen prompts you when running certain files downloaded from the Internet to warn you that you should exercise caution before proceeding. SmartScreen does this using the zone identifier Alternate Data Stream (ADS) or Mark of the Web. When the Zone Identifier is set to 3, SmartScreen knows that the file was downloaded from the Internet. An attacker must convince the user to open the file, but this vulnerability could allow for SmartScreen to be bypassed. Microsoft has reported this vulnerability as Exploitation Detected.

CVE-2024-21412

This CVE describes a bypass in an Internet Shortcut Files Security Feature. An attacker could send a user a malicious file and convince them to open it, bypassing security checks that might prevent this attack. Microsoft has reported this vulnerability as Exploitation Detected.

 

CVE Breakdown by Tag

While historical Microsoft Security Bulletin groupings are gone, Microsoft vulnerabilities are tagged with an identifier. This list provides a breakdown of the CVEs on a per-tag basis. Vulnerabilities are also color-coded to aid in identifying key issues.

  • Traditional Software
  • Mobile Software
  • Cloud or Cloud Adjacent
  • Vulnerabilities that are being exploited or that have been disclosed will be highlighted.

Tag

CVE Count

CVEs

Microsoft Edge (Chromium-based)

6

CVE-2024-1283, CVE-2024-1284, CVE-2024-21399, CVE-2024-1060, CVE-2024-1059, CVE-2024-1077

Azure DevOps

1

CVE-2024-20667

Role: DNS Server

2

CVE-2023-50387, CVE-2024-21342

Microsoft Dynamics

8

CVE-2024-21327, CVE-2024-21389, CVE-2024-21393, CVE-2024-21394, CVE-2024-21396, CVE-2024-21328, CVE-2024-21380, CVE-2024-21395

Azure Connected Machine Agent

1

CVE-2024-21329

Windows Kernel

6

CVE-2024-21338, CVE-2024-21340, CVE-2024-21371, CVE-2024-21341, CVE-2024-21345, CVE-2024-21362

Microsoft ActiveX

1

CVE-2024-21349

Microsoft WDAC OLE DB provider for SQL

15

CVE-2024-21350, CVE-2024-21352, CVE-2024-21358, CVE-2024-21360, CVE-2024-21361, CVE-2024-21366, CVE-2024-21369, CVE-2024-21375, CVE-2024-21420, CVE-2024-21359, CVE-2024-21365, CVE-2024-21367, CVE-2024-21368, CVE-2024-21370, CVE-2024-21391

Windows SmartScreen

1

CVE-2024-21351

Windows Message Queuing

4

CVE-2024-21354, CVE-2024-21355, CVE-2024-21363, CVE-2024-21405

Windows Internet Connection Sharing (ICS)

4

CVE-2024-21357, CVE-2024-21343, CVE-2024-21344, CVE-2024-21348

Windows OLE

1

CVE-2024-21372

Microsoft Office Word

1

CVE-2024-21379

Azure Active Directory

2

CVE-2024-21381, CVE-2024-21401

.NET

2

CVE-2024-21386, CVE-2024-21404

Microsoft Office Outlook

2

CVE-2024-21402, CVE-2024-21378

Microsoft Office

2

CVE-2024-21413, CVE-2024-20673

Azure Stack

1

CVE-2024-20679

Trusted Compute Base

1

CVE-2024-21304

Microsoft Defender for Endpoint

1

CVE-2024-21315

Skype for Business

1

CVE-2024-20695

Windows Hyper-V

1

CVE-2024-20684

Windows USB Serial Driver

1

CVE-2024-21339

Windows Win32K – ICOMP

1

CVE-2024-21346

SQL Server

1

CVE-2024-21347

Microsoft WDAC ODBC Driver

1

CVE-2024-21353

Windows LDAP – Lightweight Directory Access Protocol

1

CVE-2024-21356

Azure Site Recovery

1

CVE-2024-21364

Microsoft Teams for Android

1

CVE-2024-21374

Microsoft Azure Kubernetes Service

2

CVE-2024-21376, CVE-2024-21403

Microsoft Windows DNS

1

CVE-2024-21377

Microsoft Office OneNote

1

CVE-2024-21384

Azure File Sync

1

CVE-2024-21397

Microsoft Windows

1

CVE-2024-21406

Microsoft Exchange Server

1

CVE-2024-21410

Internet Shortcut Files

1

CVE-2024-21412

Mariner

1

CVE-2024-21626

Other Information

At the time of publication, there were no new advisories included with the February Security Guidance.

 



Source link