February 2024 Patch Tuesday: 10 Critical Vulnerabilities Amid 77 CVEs

Published on Feb 13, 2024 • Last updated on Nov 15, 2024

Total vulnerabilities
77
Critical vulnerabilities
10
Exploited vulnerabilities
9

February 2024 Risk Analysis

Most impacted products
Microsoft WDAC OLE DB provider for SQL
20%
Microsoft Dynamics
10%
Windows Kernel
8%
Windows Internet Connection Sharing (ICS)
5%
Windows Message Queuing
5%
Attribution of Malware Families
Phemedrone Stealer
8%
DarkMe
8%
BianLian
8%
Mallox Linux 1.0
8%
DarkGate
8%
Attribution of Threat Actors
APT28
50%
Lazarus Group
25%
DarkCasino
25%

Critical Vulnerabilities

CVE-2024-21410

Microsoft Exchange Server Elevation of Privilege Vulnerability

CVSS 9.8CWE-287

Exploit

A critical vulnerability in Microsoft Exchange Server enables unauthenticated attackers to perform NTLM relay attacks by exploiting inadequate Extended Protection for Authentication (EPA) settings, allowing them to intercept and relay NTLM credentials to gain unauthorized access with the privileges of legitimate users. The flaw enables full system compromise, potentially leading to data theft, system manipulation, and complete control of the affected Exchange server. This vulnerability is particularly concerning as it requires no user interaction, has a low attack complexity, and is actively being exploited in the wild.

CVE-2024-21345

Windows Kernel Elevation of Privilege Vulnerability

CVSS 8.8CWE-122

Exploit

A heap-based buffer overflow vulnerability in the Windows Kernel allows authenticated attackers with low privileges to execute arbitrary code by running specially crafted applications, potentially leading to complete SYSTEM privilege escalation and AppContainer isolation escape. The local attack vector requires no user interaction and can lead to a full system compromise with high impacts on confidentiality, integrity, and availability of the affected system. The presence of publicly available proof-of-concept exploits and the ability to escape contained execution environments makes this vulnerability particularly concerning for organizations running affected Windows Server installations.

CVE-2024-21378

Microsoft Outlook Remote Code Execution Vulnerability

CVSS 8.8CWE-94

Exploit

A remote code execution vulnerability in Microsoft Outlook enables authenticated attackers to execute arbitrary code through the Preview Pane without requiring user interaction, leveraging code injection techniques to gain elevated system privileges. The high-severity flaw affects multiple Microsoft Office products and can grant attackers full read, write, and delete capabilities, potentially leading to complete system compromise. The vulnerability is particularly critical as it has publicly available proof-of-concept exploits and confirmed instances of in-the-wild exploitation.

CVE-2024-21364

Microsoft Azure Site Recovery Elevation of Privilege Vulnerability

CVSS 9.3CWE-284

A privilege escalation vulnerability in Azure Site Recovery enables local attackers to execute code that can elevate privileges to IUSR and potentially expose MySQL root passwords, leading to the discovery of stored encrypted credentials. The vulnerability's scope change characteristic indicates it can affect resources beyond the security authority of the vulnerable component, though the impact is limited to the targeted system or database. Given the high impact on confidentiality, integrity, and availability, combined with low attack complexity and no required privileges or user interaction, this vulnerability represents a significant security risk for environments utilizing Azure Site Recovery.

CVE-2024-21338

Windows Kernel Elevation of Privilege Vulnerability

CVSS 7.8CWE-822

Exploit

A Windows Kernel privilege escalation vulnerability allows authenticated users to execute arbitrary code with SYSTEM privileges by running a specially crafted application that exploits an untrusted pointer dereference in the kernel. The vulnerability presents a critical security risk as successful exploitation enables complete system compromise, allowing attackers to bypass security boundaries, modify system data, and gain full administrative control over affected Windows systems. Given that this vulnerability is actively exploited in the wild by sophisticated threat actors and multiple proof-of-concept exploits are publicly available, immediate attention is required.

CVE-2024-21412

This vulnerability allows remote attackers to bypass the SmartScreen security feature to execute arbitrary code on affected installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.<br/>The specific flaw exists within the handling of Internet Shortcut (.URL) files. The issue results from the lack of a security check on chained Internet Shortcut files. An attacker can leverage this vulnerability to execute code in the context of the current user.<br/> Microsoft has issued an update to correct this vulnerability. More details can be found at: <br/><a href="https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21412">https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21412</a> <br/></td>

CVSS 8.1CWE-693

Exploit

A critical SmartScreen security bypass vulnerability in Windows allows remote attackers to execute arbitrary code by exploiting insufficient security checks on chained Internet Shortcut (.URL) files. While requiring user interaction to open a malicious file, successful exploitation enables attackers to execute code with current user privileges, potentially leading to system compromise and data theft. The active exploitation of this vulnerability in the wild by multiple malware families and threat actors, combined with its network-based attack vector and low complexity, makes it a significant security risk requiring immediate attention.

CVE-2024-21357

Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability

CVSS 8.1CWE-843

A remote code execution vulnerability in Windows Pragmatic General Multicast (PGM) allows unauthenticated attackers to execute arbitrary code by sending specially crafted malicious network traffic to vulnerable servers, requiring no user interaction but demanding specific pre-exploitation preparation. Despite the high attack complexity, successful exploitation could grant an attacker complete control over the affected system, enabling data theft, malware deployment, and other malicious activities through the compromised multicast implementation that operates at network layer 4.

CVE-2024-21401

Microsoft Entra Jira Single-Sign-On Plugin Elevation of Privilege Vulnerability

CVSS 9.8CWE-284

Exploit

A critical elevation of privilege vulnerability in the Microsoft Entra Jira Single-Sign-On Plugin allows unauthenticated remote attackers to modify SAML metadata and configuration settings without requiring user interaction or authentication. The flaw enables attackers to potentially hijack authentication by redirecting SSO to their own tenant, effectively compromising access control and administrative capabilities for the affected Jira instance, making this an especially severe security risk for organizations relying on Azure AD authentication.

CVE-2024-21413

Microsoft Outlook Remote Code Execution Vulnerability

CVSS 9.8CWE-20

Exploit

A critical remote code execution vulnerability in Microsoft Outlook allows unauthenticated attackers to bypass Protected View Protocol through maliciously crafted messages, which can lead to NTLM credential theft and arbitrary code execution, with the Preview Pane serving as an attack vector. The vulnerability enables attackers to gain elevated privileges with full read, write, and delete capabilities, potentially resulting in complete system compromise, data theft, and deployment of malware. Given the availability of multiple proof-of-concept exploits and active exploitation in the wild, this vulnerability poses an immediate risk to organizations using affected versions of Microsoft Office products.

CVE-2024-21351

Windows SmartScreen Security Feature Bypass Vulnerability

CVSS 7.6CWE-94

Exploit

This Windows SmartScreen security feature bypass vulnerability allows attackers to circumvent security protections by exploiting the Mark of the Web (MOTW) mechanism, enabling code injection through specially crafted files downloaded from the internet. When successfully exploited through user interaction with a malicious file, the vulnerability can lead to arbitrary code execution, potentially resulting in data exposure and system availability issues. The bypass of SmartScreen's protective features is particularly concerning as it undermines a critical security control designed to protect users from untrusted internet-sourced files, making this an attractive target for threat actors conducting social engineering attacks.

All vulnerabilities

CVE ID
CVSS Score
ProductTrend
Exploit
CVE-2024-26196Microsoft Edge for Android (Chromium-based) Information Disclosure Vulnerability
CVSS 4.3

edge

-
CVE-2024-26192Microsoft Edge (Chromium-based) Information Disclosure Vulnerability
CVSS 8.2

edge

-
CVE-2024-26188Microsoft Edge (Chromium-based) Spoofing Vulnerability
CVSS 4.3

edge

-
CVE-2024-21423Microsoft Edge (Chromium-based) Information Disclosure Vulnerability
CVSS 4.8

edge

-
CVE-2024-21420Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
CVSS 8.8

windows_10_1507

+13 more

-
CVE-2024-21413Microsoft Outlook Remote Code Execution Vulnerability
CVSS 9.8

365_apps

+2 more

Feb 14, 2024
CVE-2024-21412This vulnerability allows remote attackers to bypass the SmartScreen security feature to execute arbitrary code on affected installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.<br/>The specific flaw exists within the handling of Internet Shortcut (.URL) files. The issue results from the lack of a security check on chained Internet Shortcut files. An attacker can leverage this vulnerability to execute code in the context of the current user.<br/> Microsoft has issued an update to correct this vulnerability. More details can be found at: <br/><a href="https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21412">https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21412</a> <br/></td>
CVSS 8.1

windows_10_1809

+8 more

Feb 13, 2024
CVE-2024-21410Microsoft Exchange Server Elevation of Privilege Vulnerability
CVSS 9.8

exchange_server

Feb 14, 2024
CVE-2024-21406Windows Printing Service Spoofing Vulnerability
CVSS 7.5

windows_10_1607

+12 more

-
CVE-2024-21405Microsoft Message Queuing (MSMQ) Elevation of Privilege Vulnerability
CVSS 7

windows_10_1507

+13 more

-
CVE-2024-21404.NET Denial of Service Vulnerability
CVSS 7.5

asp.net_core

+1 more

-
CVE-2024-21403Microsoft Azure Kubernetes Service Confidential Container Elevation of Privilege Vulnerability
CVSS 9

azure_cli

+1 more

-
CVE-2024-21402Microsoft Outlook Elevation of Privilege Vulnerability
CVSS 7.1

365_apps

-
CVE-2024-21401Microsoft Entra Jira Single-Sign-On Plugin Elevation of Privilege Vulnerability
CVSS 9.8

entra_jira_sso_plugin

Feb 21, 2024
CVE-2024-21399Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
CVSS 8.3

edge_chromium

Feb 5, 2024
CVE-2024-21397Microsoft Azure File Sync Elevation of Privilege Vulnerability
CVSS 5.3

azure_file_sync

-
CVE-2024-21396Dynamics 365 Sales Spoofing Vulnerability
CVSS 7.6

dynamics_365

-
CVE-2024-21395Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability
CVSS 8.2

dynamics_365

-
CVE-2024-21394Dynamics 365 Field Service Spoofing Vulnerability
CVSS 7.6

dynamics_365

-
CVE-2024-21393Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability
CVSS 7.6

dynamics_365

-
CVE-2024-21391Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
CVSS 8.8

windows_10_1507

+13 more

-
CVE-2024-21389Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability
CVSS 7.6

dynamics_365

-
CVE-2024-21386Microsoft is releasing this security advisory to provide information about a vulnerability in ASP.NET 6.0, ASP.NET 7.0 and, ASP.NET 8.0 . This advisory also provides guidance on what developers can do to update their applications to address this vulnerability. A vulnerability exists in ASP.NET applications using SignalR where a malicious client can result in a denial-of-service.
CVSS 7.5

asp.net_core

+1 more

-
CVE-2024-21384Microsoft Office OneNote Remote Code Execution Vulnerability
CVSS 7.8

365_apps

+1 more

-
CVE-2024-21381Microsoft Azure Active Directory B2C Spoofing Vulnerability
CVSS 6.8

azure_active_directory

-
CVE-2024-21380Microsoft Dynamics Business Central/NAV Information Disclosure Vulnerability
CVSS 8

dynamics_365_business_central

-
CVE-2024-21379This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Office Word. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.<br/>The specific flaw exists within the parsing of PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current user.<br/> Microsoft has issued an update to correct this vulnerability. More details can be found at: <br/><a href="https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21379">https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21379</a> <br/></td>
CVSS 7.8

365_apps

+3 more

-
CVE-2024-21378Microsoft Outlook Remote Code Execution Vulnerability
CVSS 8.8

365_apps

+3 more

Mar 11, 2024
CVE-2024-21377Windows DNS Information Disclosure Vulnerability
CVSS 5.5

windows_10_1507

+12 more

-
CVE-2024-21376Microsoft Azure Kubernetes Service Confidential Container Remote Code Execution Vulnerability
CVSS 9

azure_kubernetes_service

-
CVE-2024-21375Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
CVSS 8.8

windows_10_1507

+13 more

-
CVE-2024-21374Microsoft Teams for Android Information Disclosure
CVSS 5

teams

-
CVE-2024-21372Windows OLE Remote Code Execution Vulnerability
CVSS 8.8

windows_10_1507

+13 more

-
CVE-2024-21371This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.<br/>The specific flaw exists within the handling of NTFS junctions. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the kernel.<br/> Microsoft has issued an update to correct this vulnerability. More details can be found at: <br/><a href="https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21371">https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21371</a> <br/></td>
CVSS 7

windows_10_1507

+12 more

-
CVE-2024-21370Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
CVSS 8.8

windows_10_1507

+13 more

-
CVE-2024-21369Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
CVSS 8.8

windows_10_1507

+13 more

-
CVE-2024-21368Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
CVSS 8.8

windows_10_1507

+13 more

-
CVE-2024-21367Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
CVSS 8.8

windows_10_1507

+13 more

-
CVE-2024-21366Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
CVSS 8.8

windows_10_1507

+13 more

-
CVE-2024-21365Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
CVSS 8.8

windows_10_1507

+13 more

-
CVE-2024-21364Microsoft Azure Site Recovery Elevation of Privilege Vulnerability
CVSS 9.3

azure_site_recovery

-
CVE-2024-21363Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability
CVSS 7.8

windows_10_1507

+13 more

-
CVE-2024-21362Windows Kernel Security Feature Bypass Vulnerability
CVSS 5.5

windows_10_1507

+11 more

-
CVE-2024-21361Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
CVSS 8.8

windows_10_1507

+13 more

-
CVE-2024-21360Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
CVSS 8.8

windows_10_1507

+13 more

-
CVE-2024-21359Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
CVSS 8.8

windows_10_1507

+13 more

-
CVE-2024-21358Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
CVSS 8.8

windows_10_1507

+13 more

-
CVE-2024-21357Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability
CVSS 8.1

windows_10_1507

+13 more

-
CVE-2024-21356Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability
CVSS 6.5

windows_10_1507

+13 more

-
CVE-2024-21355Microsoft Message Queuing (MSMQ) Elevation of Privilege Vulnerability
CVSS 7

windows_10_1507

+12 more

-
CVE-2024-21354Microsoft Message Queuing (MSMQ) Elevation of Privilege Vulnerability
CVSS 7.8

windows_10_1507

+12 more

-
CVE-2024-21353Microsoft WDAC ODBC Driver Remote Code Execution Vulnerability
CVSS 8.8

windows_server_2022_23h2

-
CVE-2024-21352Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
CVSS 8.8

windows_10_1507

+13 more

-
CVE-2024-21351Windows SmartScreen Security Feature Bypass Vulnerability
CVSS 7.6

windows_10_1507

+11 more

Feb 13, 2024
CVE-2024-21350Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
CVSS 8.8

windows_10_1507

+13 more

-
CVE-2024-21349Microsoft ActiveX Data Objects Remote Code Execution Vulnerability
CVSS 8.8

windows_10_1507

+13 more

-
CVE-2024-21348Internet Connection Sharing (ICS) Denial of Service Vulnerability
CVSS 7.5

windows_10_1507

+12 more

-
CVE-2024-21347Microsoft ODBC Driver Remote Code Execution Vulnerability
CVSS 7.5

windows_10_1507

+13 more

-
CVE-2024-21346Win32k Elevation of Privilege Vulnerability
CVSS 7.8

windows_11_21h2

+3 more

-
CVE-2024-21345Windows Kernel Elevation of Privilege Vulnerability
CVSS 8.8

windows_server_2022_23h2

Apr 26, 2024
CVE-2024-21344Windows Network Address Translation (NAT) Denial of Service Vulnerability
CVSS 5.9

windows_10_1507

+12 more

-
CVE-2024-21343Windows Network Address Translation (NAT) Denial of Service Vulnerability
CVSS 7.5

windows_10_1507

+12 more

-
CVE-2024-21342Windows DNS Client Denial of Service Vulnerability
CVSS 7.5

windows_11_22h2

+2 more

-
CVE-2024-21341Windows Kernel Remote Code Execution Vulnerability
CVSS 6.8

windows_10_1809

+8 more

-
CVE-2024-21340Windows Kernel Information Disclosure Vulnerability
CVSS 4.6

windows_10_1507

+13 more

-
CVE-2024-21339Windows USB Generic Parent Driver Remote Code Execution Vulnerability
CVSS 6.4

windows_10_1809

+8 more

-
CVE-2024-21338Windows Kernel Elevation of Privilege Vulnerability
CVSS 7.8

cyber_security

+9 more

Feb 28, 2024
CVE-2024-21329Azure Connected Machine Agent Elevation of Privilege Vulnerability
CVSS 7.3

azure_connected_machine_agent

-
CVE-2024-21328Dynamics 365 Sales Spoofing Vulnerability
CVSS 7.6

dynamics_365

-
CVE-2024-21327Microsoft Dynamics 365 Customer Engagement Cross-Site Scripting Vulnerability
CVSS 7.6

dynamics_365

-
CVE-2024-21315Microsoft Defender for Endpoint Protection Elevation of Privilege Vulnerability
CVSS 7.8

defender_for_endpoint

-
CVE-2024-21304Trusted Compute Base Elevation of Privilege Vulnerability
CVSS 4.1

windows_10_1809

+7 more

-
CVE-2024-20695Skype for Business Information Disclosure Vulnerability
CVSS 5.7

skype_for_business_server

-
CVE-2024-20684Windows Hyper-V Denial of Service Vulnerability
CVSS 6.5

windows_11_21h2

+4 more

-
CVE-2024-20679Azure Stack Hub Spoofing Vulnerability
CVSS 6.5

azure_stack_hub

-
CVE-2024-20673Microsoft Office Remote Code Execution Vulnerability
CVSS 7.8

excel

+6 more

-
CVE-2024-20667Azure DevOps Server Remote Code Execution Vulnerability
CVSS 7.5

azure_devops_server

-