On 13 February 2024, Microsoft published their February 2024 security update with patches for 73 vulnerabilities. Among these vulnerabilities, Arctic Wolf has highlighted 5 vulnerabilities in this bulletin that were categorised as critical or zero-day vulnerabilities. Two of these vulnerabilities have been reported to be exploited in the wild.?
Impacted Product: Windows SmartScreen?
| ? | CVSS: 6.8 – Medium? | Exploitation detected? |
| Windows SmartScreen Security Feature Bypass Vulnerability – A threat actor without authentication could send a specifically tailored file to the intended victim, aiming to bypass existing security measures. However, they cannot force the user to view the manipulated content; instead, they must persuade the user to take action by clicking on a provided file link.? | ||
| ? | CVSS: 7.6 – High? | Exploitation detected? |
| Windows SmartScreen Security Feature Bypass Vulnerability – An authorised threat actor must send the victim a malicious file and convince them to open it to exploit this vulnerability. This vulnerability would allow a threat actor to insert code into SmartScreen, potentially achieving RCE.? | ||
Impacted Product: Microsoft Exchange?
| ? | CVSS: 9.8 – Critical? | No exploitation detected? |
| Microsoft Exchange Server Elevation of Privilege Vulnerability – A threat actor could exploit this vulnerability to target an NTLM client such as Outlook with an NTLM credentials-type vulnerability. If successful, a threat actor could authenticate as a user by relaying a user¡¯s leaked Net-NETLMv2 hash to a vulnerable Exchange server, and would allow the threat actor to perform operations on the victim¡¯s behalf.? | ||
Impacted Product: Microsoft Outlook?
| ? | CVSS: 9.8 – Critical? | No exploitation detected? |
| Microsoft Outlook Remote Code Execution Vulnerability – A threat actor could exploit this vulnerability by crafting a malicious link that bypasses the Protected View Protocol, which leads to the leaking of local NTLM credential information and remote code execution (RCE).? | ||
Impacted Product: Microsoft Entra Jira Integration?
| ? | CVSS: 9.8 – Critical? | No exploitation detected? |
| Microsoft Entra Jira Single-Sign-On Plugin Elevation of Privilege Vulnerability – A threat actor could exploit this vulnerability to fully update Entra ID SAML metadata and info for the plugin, and then modify the application¡¯s authentication to their tenant.? | ||
Recommendations CVE-2024-21410, CVE-2024-21413, and CVE-2024-21401
Recommendation: Apply Security Updates to Impacted Products?
Arctic Wolf strongly recommends applying the available security updates to all impacted products to prevent potential exploitation of these vulnerabilities.?
Affected and Fixed Products/Versions?
| Product? | Vulnerability? | Reference Article? | Download? |
| Windows 10 for 32-bit Systems? | CVE-2024-21351? | ? | ? |
| Windows 10 for x64-based Systems? | CVE-2024-21351? | ? | ? |
| Windows 10 Version 1607 for 32-bit Systems? | CVE-2024-21351? | ? | ? |
| Windows 10 Version 1607 for x64-based Systems? | CVE-2024-21351? | ? | ? |
| Windows 10 Version 1809 for 32-bit Systems? | CVE-2024-21351, CVE-2024-21412? | ? | ? |
| Windows 10 Version 1809 for ARM64-based Systems? | CVE-2024-21351, CVE-2024-21412? | ? | ? |
| Windows 10 Version 1809 for x64-based Systems? | CVE-2024-21351, CVE-2024-21412? | ? | ? |
| Windows 10 Version 21H2 for 32-bit Systems? | CVE-2024-21351, CVE-2024-21412? | ? | ? |
| Windows 10 Version 21H2 for ARM64-based Systems? | CVE-2024-21351, CVE-2024-21412? | ? | ? |
| Windows 10 Version 21H2 for x64-based Systems? | CVE-2024-21351, CVE-2024-21412? | ? | ? |
| Windows 10 Version 22H2 for 32-bit Systems? | CVE-2024-21351, CVE-2024-21412? | ? | ? |
| Windows 10 Version 22H2 for ARM64-based Systems? | CVE-2024-21351, CVE-2024-21412? | ? | ? |
| Windows 10 Version 22H2 for x64-based Systems? | CVE-2024-21351, CVE-2024-21412? | ? | ? |
| Windows 11 version 21H2 for ARM64-based Systems? | CVE-2024-21351, CVE-2024-21412? | ? | ? |
| Windows 11 version 21H2 for x64-based Systems? | CVE-2024-21351, CVE-2024-21412? | ? | ? |
| Windows 11 Version 22H2 for ARM64-based Systems? | CVE-2024-21351, CVE-2024-21412? | ? | ? |
| Windows 11 Version 22H2 for x64-based Systems? | CVE-2024-21351, CVE-2024-21412? | ? | ? |
| Windows 11 Version 23H2 for ARM64-based Systems? | CVE-2024-21351, CVE-2024-21412? | ? | ? |
| Windows 11 Version 23H2 for x64-based Systems? | CVE-2024-21351, CVE-2024-21412? | ? | ? |
| Windows Server 2016? | CVE-2024-21351? | ? | ? |
| Windows Server 2019? | CVE-2024-21351, CVE-2024-21412? | ? | ? |
| Windows Server 2022? | CVE-2024-21351, CVE-2024-21412? | ? | ? |
| Windows Server 2022, 23H2 Edition? | CVE-2024-21412? | ? | ? |
| Microsoft 365 Apps for Enterprise for 32-bit Systems? | CVE-2024-21413? | ? | ? |
| Microsoft 365 Apps for Enterprise for 64-bit Systems? | CVE-2024-21413? | ? | ? |
| Microsoft Office 2016 (32-bit edition)? | CVE-2024-21413? |
|
|
| Microsoft Office 2016 (64-bit edition)? | CVE-2024-21413? |
|
|
| Microsoft Office 2019 for 32-bit editions? | CVE-2024-21413? | ? | ? |
| Microsoft Office 2019 for 64-bit editions? | CVE-2024-21413? | ? | ? |
| Microsoft Office LTSC 2021 for 32-bit editions? | CVE-2024-21413? | ? | ? |
| Microsoft Office LTSC 2021 for 64-bit editions? | CVE-2024-21413? | ? | ? |
| Microsoft Exchange Server 2019 Cumulative Update 13? | CVE-2024-21410? | ? | ? |
| Microsoft Exchange Server 2019 Cumulative Update 14? | CVE-2024-21410? | ? | ? |
| Microsoft Exchange Server 2016 Cumulative Update 23? | CVE-2024-21410? | –? | –? |
| Microsoft Entra Jira Single-Sign-On Plugin? | CVE-2024-21401? | ? | ? |
Note: Please follow your organisation’s patching and testing guidelines to avoid any operational impact.?
References?
- ?
- ?
- ?
- ?
- ?
