Article Details

Microsoft February 2024 Patch Tuesday fixes 2 zero-days, 73 flaws. Today is Microsoft's February 2024 Patch Tuesday, which includes security updates for 73 flaws and two actively exploited zero-days. This Patch Tuesday fixes five critical vulnerabilities, including denial of service, Remote code execution, information disclosure, and elevation of privileges vulnerabilities. The number of bugs in each vulnerability category is listed below: The total count of 73 flaws does not include 6 Microsoft Edge flaws fixed on February 8th and 1 Mariner flaw. To learn more about the non-security updates released today, you can review our dedicated articles on the new Windows 11 KB5034765 cumulative update and the Windows 10 KB5034763 update. Two zero-days fixed This month's Patch Tuesday fixes two actively exploited zero-day vulnerabilities, which Microsoft classifies as a flaw that is publicly disclosed or actively exploited with no official fix available. The two actively exploited zero-day vulnerabilities in today's updates are: CVE-2024-21351 - Windows SmartScreen Security Feature Bypass Vulnerability Microsoft has fixed an actively exploited Windows SmartScreen vulnerability that allows attackers to bypass SmartScreen security checks. "An authorized attacker must send the user a malicious file and convince the user to open it," explains Microsoft. "An attacker who successfully exploited this vulnerability could bypass the SmartScreen user experience," continued Microsoft. It is not known how the flaw was abused in attacks or by what threat actor. The flaw was discovered by Eric Lawrence of Microsoft. CVE-2024-21412 - Internet Shortcut Files Security Feature Bypass Vulnerability Microsoft has fixed an actively exploited Internet Shortcut File flaw that could bypass Mark of the Web (MoTW) warnings in Windows. "An unauthenticated attacker could send the targeted user a specially crafted file that is designed to bypass displayed security checksk," explains Microsoft. "However, the attacker would have no way to force a user to view the attacker-controlled content. Instead, the attacker would have to convince them to take action by clicking on the file link." Peter Girnus (gothburz) of Trend Micro's Zero Day Initiative, who discovered the flaw, released a report today on how it was actively exploited by the APT group DarkCasino (Water Hydra) in a campaign targeting financial traders. Microsoft says that other researchers discovered the flaw independently, including dwbzn with Aura Information Security and Dima Lenz and Vlad Stolyarov of Google's Threat Analysis Group. Microsoft has not provided details on how the CVE-2024-21351 flaw was exploited in attacks. Recent updates from other companies Other vendors who released updates or advisories in February 2023 include: The February 2024 Patch Tuesday Security Updates Below is the complete list of resolved vulnerabilities in the February 2024 Patch Tuesday updates. To access the full description of each vulnerability and the systems it affects, you can view the full report here.