CVE-2024-21351 & CVE-2024-21412: Two 0-days flaws in Microsoft February 2024 Patch Tuesday

CVE-2024-21351 and CVE-2024-21412

Microsoft’s February 2024 Patch Tuesday release was critical. 79 vulnerabilities received fixes this month, including five rated as critical—the highest severity level. Of grave concern, two of these were ‘zero-days’ (CVE-2024-21351 and CVE-2024-21412), meaning hackers have already been exploiting them in the wild!

Furthermore, Microsoft has reinforced the bulwarks of its Chromium-based Edge browser by patching six vulnerabilities, ensuring users can navigate the web with increased confidence and safety.

CVE-2024-21351 and CVE-2024-21412

The scope of this month’s patches is broad, fortifying a range of Microsoft’s products and services. From the ubiquitous Microsoft Office suite and Exchange Server to the foundational elements of Azure File Sync and Active Directory, no stone is left unturned. The updates span across SQL Server, the Windows Kernel, DNS Server, and even the less frequently spotlighted areas like Windows Internet Connection Sharing (ICS).

Zero-day Vulnerabilities Patched in February Patch Tuesday

  • CVE-2024-21351: Windows SmartScreen Security Feature Bypass Vulnerability SmartScreen is your built-in defense against malicious websites and downloads. Exploiting this flaw allowed attackers to trick SmartScreen into opening untrusted content, paving the way for serious compromises.

  • CVE-2024-21412: Internet Shortcut Files Security Feature Bypass Vulnerability Attackers could craft malicious files that looked harmless, fooling users into opening them and bypassing those pesky security warnings.

The urgency of patching these can’t be overstated. CISA, the US Cybersecurity and Infrastructure Security Agency, has listed both on their ‘Known Exploited Vulnerabilities Catalog’, demanding rapid action.

The Other Critical Flaws

Three more critical bugs also got squashed:

  • CVE-2024-21357: Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability – A way for attackers to remotely run malicious code on your system if they’re on the same network.
  • CVE-2024-21413: Microsoft Office Remote Code Execution Vulnerability – Opening a rigged Office file could grant hackers control over your machine.
  • CVE-2024-20684: Windows Hyper-V Denial of Service Vulnerability – Used to crash Hyper-V virtual machines, disrupting operations that depend on them.

Action Items for users, IT and Security Professionals

  1. Prioritize Patching: Rapidly deploy patches for the zero-day vulnerabilities, followed by those rated critical. Refer to Microsoft’s vulnerability bulletins for precise patch deployment instructions.

  2. Review Patch Documentation: Familiarize yourself with the full list of vulnerabilities and associated CVEs to assess your organization’s risk profile and any potential downstream impacts of patches.

  3. Enhance Threat Monitoring: Actively monitor systems for anomalous activity that could indicate attempts to exploit residual vulnerabilities.