Microsoft releases 72 fixes this month including 5 Critical Threats and 2 Weaponised Vulnerabilities.
We also have 65 Important and 2 Moderate severities fixed. Windows, Windows Components, Office Components, SQL Server, Hyper-V Hypervisor and .NET Framework have all received fixes this month.
Robert Brown, Head of Customer Success for Syxsense said, “February is back to the usual number of fixes we would expect, but as we assume many of these have not had a full “Preview” cycle from December and January we would recommend additional testing. If you count all the individual CVSS scores together, February has a combined CVSS score of 554.8 where the average CVSS score was 7.7 which is up on last month’s median score of 7.0.”
Based on the Vendor Severity & CVSS Score, we have made a few recommendations below. As usual we recommend our customers enter the CVE numbers below into your Patch Management solution and deploy as soon as testing is complete.
CVE-2024-21412 – Internet Shortcut Files Security Feature Bypass Vulnerability
Improper input validation when handling Internet shortcut files. A remote attacker can trick the victim into clicking on a specially crafted shortcut file and execute arbitrary code on the system.
This bug is currently targeting forex traders with a remote access trojan through forum posts and responses.
Note: The vulnerability is being Weaponised
Syxscore
- Vendor Severity: Important
- CVSS: 8.1
- Weaponised: Yes
- Public Aware: No
- Countermeasure: No
Risk
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope / Jump Point: Unchanged / No
CVE-2024-21351 – Windows SmartScreen Security Feature Bypass Vulnerability
When you download a file from the internet, Windows adds the zone identifier or Mark of the Web as an NTFS stream to the file. When you run the file, Windows SmartScreen checks if there is a zone identifier Alternate Data Stream (ADS) attached to the file. If the ADS indicates ZoneId=3 which means that the file was downloaded from the internet, the SmartScreen does a reputation check.
Note: The vulnerability is being Weaponised
Syxscore
- Vendor Severity: Moderate
- CVSS: 7.6
- Weaponised: Yes
- Public Aware: No
- Countermeasure: No
Risk
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope / Jump Point: Unchanged / No
CVE-2024-21413 – Microsoft Outlook Remote Code Execution Vulnerability
Successful exploitation of this vulnerability would allow an attacker to bypass the Office Protected View and open in editing mode rather than protected mode. The Preview Pane is an attack vector.
Note: The vulnerability has the highest CVSS score of 9.8
Syxscore
- Vendor Severity: Critical
- CVSS: 9.8
- Weaponised: No
- Public Aware: No
- Countermeasure: No
Risk
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope / Jump Point: Unchanged / No
| Reference | Description | Vendor Severity | CVSS Score | Weaponised | Publicly Aware | Countermeasure | Additional Details | Impact | Exploitability Assessment |
| CVE-2024-21412 | Internet Shortcut Files Security Feature Bypass Vulnerability | Important | 8.1 | Yes | No | No | Improper input validation when handling Internet shortcut files. A remote attacker can trick the victim into clicking on a specially crafted shortcut file and execute arbitrary code on the system. This bug is currently targeting forex traders with a remote access trojan through forum posts and responses. | Security Feature Bypass | Exploitation Detected |
| CVE-2024-21351 | Windows SmartScreen Security Feature Bypass Vulnerability | Moderate | 7.6 | Yes | No | No | When you download a file from the internet, Windows adds the zone identifier or Mark of the Web as an NTFS stream to the file. So, when you run the file, Windows SmartScreen checks if there is a zone identifier Alternate Data Stream (ADS) attached to the file. If the ADS indicates ZoneId=3 which means that the file was downloaded from the internet, the SmartScreen does a reputation check. | Security Feature Bypass | Exploitation Detected |
| CVE-2024-21413 | Microsoft Outlook Remote Code Execution Vulnerability | Critical | 9.8 | No | No | No | Successful exploitation of this vulnerability would allow an attacker to bypass the Office Protected View and open in editing mode rather than protected mode. The Preview Pane is an attack vector. | Remote Code Execution | Exploitation Less Likely |
| CVE-2024-21410 | Microsoft Exchange Server Elevation of Privilege Vulnerability | Critical | 9.8 | No | No | No | Elevation of Privilege | Exploitation More Likely | |
| CVE-2024-21401 | Microsoft Entra Jira Single-Sign-On Plugin Elevation of Privilege Vulnerability | Important | 9.3 | No | No | No | Elevation of Privilege | Exploitation Less Likely | |
| CVE-2024-21364 | Microsoft Azure Site Recovery Elevation of Privilege Vulnerability | Moderate | 9.3 | No | No | No | Elevation of Privilege | Exploitation Less Likely | |
| CVE-2024-21376 | Microsoft Azure Kubernetes Service Confidential Container Remote Code Execution Vulnerability | Important | 9 | No | No | No | Scope = Changed, Jump Point = True. An attacker who successfully exploited this vulnerability could steal credentials and affect resources beyond the security scope managed by Azure Kubernetes Service Confidential Containers (AKSCC). | Remote Code Execution | Exploitation Less Likely |
| CVE-2024-21403 | Microsoft Azure Kubernetes Service Confidential Container Elevation of Privilege Vulnerability | Important | 9 | No | No | No | Scope = Changed, Jump Point = True. An attacker who successfully exploited this vulnerability could steal credentials and affect resources beyond the security scope managed by Azure Kubernetes Service Confidential Containers (AKSCC). | Elevation of Privilege | Exploitation Less Likely |
| CVE-2024-21345 | Windows Kernel Elevation of Privilege Vulnerability | Important | 8.8 | No | No | No | Scope = Changed, Jump Point = True. This vulnerability could lead to a contained execution environment escape. | Elevation of Privilege | Exploitation More Likely |
| CVE-2024-21349 | Microsoft ActiveX Data Objects Remote Code Execution Vulnerability | Important | 8.8 | No | No | No | Remote Code Execution | Exploitation Less Likely | |
| CVE-2024-21350 | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | Important | 8.8 | No | No | No | An attacker could exploit the vulnerability by tricking an authenticated user into attempting to connect to a malicious SQL server via OLEDB, which could result in the server receiving a malicious networking packet. This could allow the attacker to execute code remotely on the client. | Remote Code Execution | Exploitation Less Likely |
| CVE-2024-21352 | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | Important | 8.8 | No | No | No | Remote Code Execution | Exploitation Less Likely | |
| CVE-2024-21353 | Microsoft WDAC ODBC Driver Remote Code Execution Vulnerability | Important | 8.8 | No | No | No | Remote Code Execution | Exploitation Less Likely | |
| CVE-2024-21358 | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | Important | 8.8 | No | No | No | Remote Code Execution | Exploitation Less Likely | |
| CVE-2024-21359 | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | Important | 8.8 | No | No | No | Remote Code Execution | Exploitation Less Likely | |
| CVE-2024-21360 | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | Important | 8.8 | No | No | No | Remote Code Execution | Exploitation Less Likely | |
| CVE-2024-21361 | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | Important | 8.8 | No | No | No | Remote Code Execution | Exploitation Less Likely | |
| CVE-2024-21365 | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | Important | 8.8 | No | No | No | Remote Code Execution | Exploitation Less Likely | |
| CVE-2024-21366 | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | Important | 8.8 | No | No | No | Remote Code Execution | Exploitation Less Likely | |
| CVE-2024-21367 | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | Important | 8.8 | No | No | No | Remote Code Execution | Exploitation Less Likely | |
| CVE-2024-21368 | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | Important | 8.8 | No | No | No | Remote Code Execution | Exploitation Less Likely | |
| CVE-2024-21369 | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | Important | 8.8 | No | No | No | Remote Code Execution | Exploitation Less Likely | |
| CVE-2024-21370 | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | Important | 8.8 | No | No | No | Remote Code Execution | Exploitation Less Likely | |
| CVE-2024-21372 | Windows OLE Remote Code Execution Vulnerability | Important | 8.8 | No | No | No | Remote Code Execution | Exploitation Less Likely | |
| CVE-2024-21375 | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | Important | 8.8 | No | No | No | Remote Code Execution | Exploitation Less Likely | |
| CVE-2024-21391 | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | Important | 8.8 | No | No | No | Remote Code Execution | Exploitation Less Likely | |
| CVE-2024-21420 | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | Important | 8.8 | No | No | No | Remote Code Execution | Exploitation Less Likely | |
| CVE-2024-21395 | Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | Important | 8.2 | No | No | No | Scope = Changed, Jump Point = True. The vulnerability is in the web server, but the malicious scripts execute in the victim’s browser on their machine. | Spoofing | Exploitation Less Likely |
| CVE-2024-21380 | Microsoft Dynamics Business Central/NAV Information Disclosure Vulnerability | Critical | 8 | No | No | No | Scope = Changed, Jump Point = True. This vulnerability could lead to the attacker gaining the ability to interact with other tenant’s applications and content. | Information Disclosure | Exploitation Less Likely |
| CVE-2024-21378 | Microsoft Outlook Remote Code Execution Vulnerability | Important | 8 | No | No | No | Remote Code Execution | Exploitation More Likely | |
| CVE-2024-20673 | Microsoft Office Remote Code Execution Vulnerability | Important | 7.8 | No | No | No | An attacker who successfully exploited this vulnerability could gain high privileges, which include read, write, and delete functionality. | Remote Code Execution | Exploitation Less Likely |
| CVE-2024-21315 | Microsoft Defender for Endpoint Protection Elevation of Privilege Vulnerability | Important | 7.8 | No | No | No | An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. | Elevation of Privilege | Exploitation Less Likely |
| CVE-2024-21338 | Windows Kernel Elevation of Privilege Vulnerability | Important | 7.8 | No | No | No | An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. | Elevation of Privilege | Exploitation More Likely |
| CVE-2024-21346 | Win32k Elevation of Privilege Vulnerability | Important | 7.8 | No | No | No | An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. | Elevation of Privilege | Exploitation More Likely |
| CVE-2024-21354 | Microsoft Message Queuing (MSMQ) Elevation of Privilege Vulnerability | Important | 7.8 | No | No | No | An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. | Elevation of Privilege | Exploitation Less Likely |
| CVE-2024-21363 | Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability | Important | 7.8 | No | No | No | Remote Code Execution | Exploitation Less Likely | |
| CVE-2024-21379 | Microsoft Word Remote Code Execution Vulnerability | Important | 7.8 | No | No | No | Remote Code Execution | Exploitation More Likely | |
| CVE-2024-21384 | Microsoft Office OneNote Remote Code Execution Vulnerability | Important | 7.8 | No | No | No | Remote Code Execution | Exploitation Less Likely | |
| CVE-2024-21327 | Microsoft Dynamics 365 Customer Engagement Cross-Site Scripting Vulnerability | Important | 7.6 | No | No | No | Scope = Changed, Jump Point = True. The vulnerability is in the web server, but the malicious scripts execute in the victim’s browser on their machine. | Spoofing | Exploitation Less Likely |
| CVE-2024-21328 | Dynamics 365 Sales Spoofing Vulnerability | Important | 7.6 | No | No | No | Scope = Changed, Jump Point = True. The vulnerability is in the web server, but the malicious scripts execute in the victim’s browser on their machine. | Spoofing | Exploitation Less Likely |
| CVE-2024-21389 | Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | Important | 7.6 | No | No | No | Scope = Changed, Jump Point = True. The vulnerability is in the web server, but the malicious scripts execute in the victim’s browser on their machine. | Spoofing | Exploitation Less Likely |
| CVE-2024-21393 | Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | Important | 7.6 | No | No | No | Scope = Changed, Jump Point = True. The vulnerability is in the web server, but the malicious scripts execute in the victim’s browser on their machine. | Spoofing | Exploitation Less Likely |
| CVE-2024-21394 | Dynamics 365 Field Service Spoofing Vulnerability | Important | 7.6 | No | No | No | Scope = Changed, Jump Point = True. The vulnerability is in the web server, but the malicious scripts execute in the victim’s browser on their machine. | Spoofing | Exploitation Less Likely |
| CVE-2024-21396 | Dynamics 365 Sales Spoofing Vulnerability | Important | 7.6 | No | No | No | Scope = Changed, Jump Point = True. The vulnerability is in the web server, but the malicious scripts execute in the victim’s browser on their machine. | Spoofing | Exploitation Less Likely |
| CVE-2024-21357 | Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability | Critical | 7.5 | No | No | No | Remote Code Execution | Exploitation More Likely | |
| CVE-2024-20667 | Azure DevOps Server Remote Code Execution Vulnerability | Important | 7.5 | No | No | No | Successful exploitation of this vulnerability requires the attacker to have Queue Build permissions and for the target Azure DevOps pipeline to meet certain conditions for an attacker to exploit this vulnerability. | Remote Code Execution | Exploitation Less Likely |
| CVE-2024-21342 | Windows DNS Client Denial of Service Vulnerability | Important | 7.5 | No | No | No | Denial of Service | Exploitation Less Likely | |
| CVE-2024-21347 | Microsoft ODBC Driver Remote Code Execution Vulnerability | Important | 7.5 | No | No | No | Remote Code Execution | Exploitation Less Likely | |
| CVE-2024-21348 | Internet Connection Sharing (ICS) Denial of Service Vulnerability | Important | 7.5 | No | No | No | Denial of Service | Exploitation Less Likely | |
| CVE-2024-21386 | .NET Denial of Service Vulnerability | Important | 7.5 | No | No | No | Denial of Service | Exploitation Less Likely | |
| CVE-2024-21404 | .NET Denial of Service Vulnerability | Important | 7.5 | No | No | No | Denial of Service | Exploitation Less Likely | |
| CVE-2024-21406 | Windows Printing Service Spoofing Vulnerability | Important | 7.5 | No | No | No | Spoofing | Exploitation Less Likely | |
| CVE-2024-21329 | Azure Connected Machine Agent Elevation of Privilege Vulnerability | Important | 7.3 | No | No | No | An attacker who successfully exploited the vulnerability could add symlinks and cause an arbitrary file delete as SYSTEM. | Elevation of Privilege | Exploitation Less Likely |
| CVE-2024-21377 | Windows DNS Information Disclosure Vulnerability | Important | 7.1 | No | No | No | Information Disclosure | Exploitation Less Likely | |
| CVE-2024-21402 | Microsoft Outlook Elevation of Privilege Vulnerability | Important | 7.1 | No | No | No | Elevation of Privilege | Exploitation Less Likely | |
| CVE-2024-21355 | Microsoft Message Queuing (MSMQ) Elevation of Privilege Vulnerability | Important | 7 | No | No | No | An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. | Elevation of Privilege | Exploitation Less Likely |
| CVE-2024-21371 | Windows Kernel Elevation of Privilege Vulnerability | Important | 7 | No | No | No | An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. | Elevation of Privilege | Exploitation More Likely |
| CVE-2024-21405 | Microsoft Message Queuing (MSMQ) Elevation of Privilege Vulnerability | Important | 7 | No | No | No | An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. | Elevation of Privilege | Exploitation Less Likely |
| CVE-2024-21341 | Windows Kernel Remote Code Execution Vulnerability | Important | 6.8 | No | No | No | Remote Code Execution | Exploitation Less Likely | |
| CVE-2024-21381 | Microsoft Azure Active Directory B2C Spoofing Vulnerability | Important | 6.8 | No | No | No | Spoofing | Exploitation Less Likely | |
| CVE-2024-20684 | Windows Hyper-V Denial of Service Vulnerability | Critical | 6.5 | No | No | No | Scope = Changed, Jump Point = True. Successful exploitation of this vulnerability could allow a Hyper-V guest to affect the functionality of the Hyper-V host. | Denial of Service | Exploitation Less Likely |
| CVE-2024-20679 | Azure Stack Hub Spoofing Vulnerability | Important | 6.5 | No | No | No | Spoofing | Exploitation Less Likely | |
| CVE-2024-21356 | Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability | Important | 6.5 | No | No | No | Denial of Service | Exploitation Less Likely | |
| CVE-2024-21339 | Windows USB Generic Parent Driver Remote Code Execution Vulnerability | Important | 6.4 | No | No | No | Remote Code Execution | Exploitation Less Likely | |
| CVE-2024-21343 | Windows Network Address Translation (NAT) Denial of Service Vulnerability | Important | 5.9 | No | No | No | Denial of Service | Exploitation Less Likely | |
| CVE-2024-21344 | Windows Network Address Translation (NAT) Denial of Service Vulnerability | Important | 5.9 | No | No | No | Denial of Service | Exploitation Less Likely | |
| CVE-2024-20695 | Skype for Business Information Disclosure Vulnerability | Important | 5.7 | No | No | No | Information Disclosure | Exploitation Less Likely | |
| CVE-2024-21362 | Windows Kernel Security Feature Bypass Vulnerability | Important | 5.5 | No | No | No | Security Feature Bypass | Exploitation Less Likely | |
| CVE-2024-21397 | Microsoft Azure File Sync Elevation of Privilege Vulnerability | Important | 5.3 | No | No | No | Elevation of Privilege | Exploitation Less Likely | |
| CVE-2024-21374 | Microsoft Teams for Android Information Disclosure | Important | 5 | No | No | No | Elevation of Privilege | Exploitation Less Likely | |
| CVE-2024-21340 | Windows Kernel Information Disclosure Vulnerability | Important | 4.6 | No | No | No | An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory. | Information Disclosure | Exploitation Less Likely |
| CVE-2024-21304 | Trusted Compute Base Elevation of Privilege Vulnerability | Important | 4.1 | No | No | No | An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. | Elevation of Privilege | Exploitation Less Likely |
