Microsoft’s February 2024 Patch Tuesday Updates Fix Two Zero-Day Windows Flaws
Key Takeaways:
- Microsoft addressed two zero-day flaws actively exploited by attackers, underlining the importance of prompt patching to mitigate security risks.
- The February 2024 Patch Tuesday updates fixed 72 vulnerabilities, with five rated critical and 65 labeled as important.
- Microsoft fixed a critical Windows SmartScreen security feature bypass flaw that could lead to remote code execution.
Microsoft released yesterday the February 2024 Patch Tuesday updates for Windows 11 and Windows 10. As usual, the company addressed several vulnerabilities across a wide range of its products, including two zero-day flaws that are actively being exploited by attackers.
In addition to the zero-day vulnerabilities, Microsoft advises administrators to patch critical flaws in the Exchange Server and Microsoft Outlook. The company has also addressed an older Windows AppX installer spoofing vulnerability.
February 2024 Patch Tuesday updates fix 72 vulnerabilities
Microsoft has released updates to address 72 vulnerabilities in Windows, Microsoft Office, Exchange Server, Azure Active Directory, and other components. The company says that five security flaws are rated “critical,” and 65 are labeled as “important” in severity.
Here’s a list of the most important vulnerabilities you should know about.
- CVE-2024-21412: The internet shortcut file security feature bypass vulnerability affects Windows desktop and server machines. It enables threat actors to send a maliciously crafted shortcut file to a target user. The user needs to click the file to trigger the next stage of the attack without causing the security checks to appear on the screen.
- CVE-2024-21351: This is a Windows SmartScreen security feature bypass vulnerability that earned a 7.6 CVSS score. It enables threat actors to bypass SmartScreen protections in Microsoft Defender and gain remote code execution capabilities. The successful exploitation attempt could lead to system availability issues and limited data exposure.
- CVE-2024-21410: This is a critical elevation of privilege vulnerability that affects Exchange 2016 and Exchange 2019 systems. It could allow a remote unauthenticated hacker to disclose a Net-New Technology LAN Manager (NTLM) version 2 hash to impersonate the targeted user. Microsoft notes that administrators would need to perform some extra steps to patch the security flaw.
- CVE-2024-21413: This is a critical remote code execution vulnerability in Microsoft Outlook. It lets the attacker exploit the flaw through the Outlook preview pane and access NTLM credential information on the vulnerable system.
- CVE-2024-20684: The Windows Hyper-V denial-of-service vulnerability affects Windows 11 and Windows Server 2022 machines. An attacker could successfully exploit the flaw to disrupt the capabilities of the Hyper-V host.
- CVE-2024-21357: This a remote code execution in Windows Pragmatic General Multicast rated critical with a 7.5 CVSS score. The security flaw lets hackers compromise a corporate network and then move laterally across the environment.
You can find the full list of CVEs below:
| Product | Impact | Max Severity | Article | Download | Details |
| Microsoft Edge (Chromium-based) | Release Notes | Security Update | CVE-2024-0333 | ||
| Microsoft Edge (Chromium-based) Extended Stable | Elevation of Privilege | Moderate | Release Notes | Security Update | CVE-2024-21337 |
| NuGet 17.8.0 | Security Feature Bypass | Important | Release Notes | Security Update | CVE-2024-0057 |
| Nuget 17.6.0 | Security Feature Bypass | Important | Release Notes | Security Update | CVE-2024-0057 |
| NuGet 17.4.0 | Security Feature Bypass | Important | Release Notes | Security Update | CVE-2024-0057 |
| NuGet 5.11.0 | Security Feature Bypass | Important | Release Notes | Security Update | CVE-2024-0057 |
| Microsoft Visual Studio 2019 version 16.11 (includes 16.0 – 16.10) | Security Feature Bypass | Important | Release Notes | Security Update | CVE-2024-0057 |
| 3D Viewer | Remote Code Execution | Important | Release Notes | Security Update | CVE-2024-20677 |
| PowerShell 7.4 | Security Feature Bypass | Important | Release Notes | Security Update | CVE-2024-0057 |
| PowerShell 7.3 | Security Feature Bypass | Important | Release Notes | Security Update | CVE-2024-0057 |
| PowerShell 7.2 | Security Feature Bypass | Important | Release Notes | Security Update | CVE-2024-0057 |
| Remote Desktop client for Windows Desktop | Remote Code Execution | Important | Release Notes | Security Update | CVE-2024-21307 |
| Microsoft .NET Framework 2.0 Service Pack 2 | Security Feature Bypass | Important | 5034280 | Monthly Rollup | CVE-2024-0056 |
| Microsoft .NET Framework 2.0 Service Pack 2 | Security Feature Bypass | Important | 5034270 | Security Only | CVE-2024-0056 |
| Microsoft .NET Framework 3.5 AND 4.8.1 | Security Feature Bypass | Important | 5033920 | Security Update | CVE-2024-0056 |
| Microsoft .NET Framework 3.5 AND 4.8.1 | Security Feature Bypass | Important | 5034272 | Security Update | CVE-2024-0056 |
| Microsoft .NET Framework 3.5 AND 4.8.1 | Security Feature Bypass | Important | 5034275 | Security Update | CVE-2024-0056 |
| Microsoft .NET Framework 3.5 AND 4.8.1 | Security Feature Bypass | Important | 5034274 | Security Update | CVE-2024-0056 |
| Microsoft .NET Framework 3.5 AND 4.8.1 | Security Feature Bypass | Important | 5034276 | Security Update | CVE-2024-0056 |
| Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 | Security Feature Bypass | Important | 5034279 | Monthly Rollup | CVE-2024-0056 |
| Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 | Security Feature Bypass | Important | 5034278 | Monthly Rollup | CVE-2024-0056 |
| Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 | Security Feature Bypass | Important | 5034269 | Security Only | CVE-2024-0056 |
| Microsoft .NET Framework 3.5 AND 4.7.2 | Security Feature Bypass | Important | 5034119 | Security Update | CVE-2024-0056 |
| Microsoft .NET Framework 3.5 AND 4.7.2 | Security Feature Bypass | Important | 5034273 | Security Update | CVE-2024-0056 |
| Microsoft .NET Framework 3.5 AND 4.8 | Security Feature Bypass | Important | 5034275 | Security Update | CVE-2024-0056 |
| Microsoft .NET Framework 3.5 AND 4.8 | Security Feature Bypass | Important | 5034274 | Security Update | CVE-2024-0056 |
| Microsoft .NET Framework 3.5 AND 4.8 | Security Feature Bypass | Important | 5034276 | Security Update | CVE-2024-0056 |
| Microsoft .NET Framework 3.5 AND 4.8 | Security Feature Bypass | Important | 5034272 | Security Update | CVE-2024-0056 |
| Microsoft .NET Framework 3.5 AND 4.8 | Security Feature Bypass | Important | 5034273 | Security Update | CVE-2024-0056 |
| Microsoft .NET Framework 4.8 | Security Feature Bypass | Important | 5034279 | Monthly Rollup | CVE-2024-0056 |
| Microsoft .NET Framework 4.8 | Security Feature Bypass | Important | 5034278 | Monthly Rollup | CVE-2024-0056 |
| Microsoft .NET Framework 4.8 | Security Feature Bypass | Important | 5034277 | Monthly Rollup | CVE-2024-0056 |
| Microsoft .NET Framework 4.8 | Security Feature Bypass | Important | 5034269 | Security Only | CVE-2024-0056 |
| Microsoft .NET Framework 4.8 | Security Feature Bypass | Important | 5033910 | Security Update | CVE-2024-0056 |
| Microsoft .NET Framework 3.5 | Denial of Service | Important | 5034279 | Monthly Rollup | CVE-2024-21312 |
| Microsoft .NET Framework 3.5 | Denial of Service | Important | 5034278 | Monthly Rollup | CVE-2024-21312 |
| Microsoft .NET Framework 3.0 Service Pack 2 | Security Feature Bypass | Important | 5034280 | Monthly Rollup | CVE-2024-0057 |
| Microsoft .NET Framework 3.0 Service Pack 2 | Security Feature Bypass | Important | 5034270 | Security Only | CVE-2024-0057 |
| Microsoft Identity Model v5.0.0 for Nuget | Denial of Service | Important | Release Notes | Security Update | CVE-2024-21319 |
| Microsoft Identity Model v7.0.0 | Denial of Service | Important | Release Notes | Security Update | CVE-2024-21319 |
| Microsoft Identity Model v5.0.0 | Denial of Service | Important | Release Notes | Security Update | CVE-2024-21319 |
| Microsoft Identity Model v6.0.0 | Denial of Service | Important | Release Notes | Security Update | CVE-2024-21319 |
| Microsoft Identity Model v7.0.0 for Nuget | Denial of Service | Important | Release Notes | Security Update | CVE-2024-21319 |
| Microsoft Identity Model v6.0.0 for Nuget | Denial of Service | Important | Release Notes | Security Update | CVE-2024-21319 |
| .NET 8.0 | Denial of Service | Important | 5033741 | Security Update | CVE-2024-21319 |
| .NET 7.0 | Denial of Service | Important | 5033734 | Security Update | CVE-2024-21319 |
| Microsoft Office LTSC 2021 for 32-bit editions | Remote Code Execution | Important | Click to Run | Security Update | CVE-2024-20677 |
| Microsoft Office LTSC 2021 for 64-bit editions | Remote Code Execution | Important | Click to Run | Security Update | CVE-2024-20677 |
| Microsoft Office LTSC for Mac 2021 | Remote Code Execution | Important | Release Notes | Security Update | CVE-2024-20677 |
| Microsoft 365 Apps for Enterprise for 64-bit Systems | Remote Code Execution | Important | Click to Run | Security Update | CVE-2024-20677 |
| Microsoft 365 Apps for Enterprise for 32-bit Systems | Remote Code Execution | Important | Click to Run | Security Update | CVE-2024-20677 |
| Microsoft Office 2019 for 64-bit editions | Remote Code Execution | Important | Click to Run | Security Update | CVE-2024-20677 |
| Microsoft Office 2019 for 32-bit editions | Remote Code Execution | Important | Click to Run | Security Update | CVE-2024-20677 |
| Microsoft SQL Server 2022 for x64-based Systems (CU 10) | Security Feature Bypass | Important | 5033592 | Security Update | CVE-2024-0056 |
| Microsoft Visual Studio 2022 version 17.8 | Security Feature Bypass | Important | Release Notes | Security Update | CVE-2024-0056 |
| Microsoft Visual Studio 2022 version 17.6 | Security Feature Bypass | Important | Release Notes | Security Update | CVE-2024-0056 |
| Microsoft Visual Studio 2022 version 17.4 | Security Feature Bypass | Important | Release Notes | Security Update | CVE-2024-0056 |
| Microsoft Visual Studio 2022 version 17.2 | Security Feature Bypass | Important | Release Notes | Security Update | CVE-2024-0056 |
| Windows Server 2012 R2 (Server Core installation) | Spoofing | Important | 5034171 | Monthly Rollup | CVE-2024-21320 |
| Windows Server 2012 R2 | Spoofing | Important | 5034171 | Monthly Rollup | CVE-2024-21320 |
| Windows Server 2012 (Server Core installation) | Spoofing | Important | 5034184 | Monthly Rollup | CVE-2024-21320 |
| Windows Server 2012 | Spoofing | Important | 5034184 | Monthly Rollup | CVE-2024-21320 |
| Windows Server 2016 (Server Core installation) | Spoofing | Important | 5034119 | Security Update | CVE-2024-21320 |
| Windows Server 2016 | Spoofing | Important | 5034119 | Security Update | CVE-2024-21320 |
| Windows 10 Version 1607 for x64-based Systems | Spoofing | Important | 5034119 | Security Update | CVE-2024-21320 |
| Windows 10 Version 1607 for 32-bit Systems | Spoofing | Important | 5034119 | Security Update | CVE-2024-21320 |
| Windows 10 for x64-based Systems | Spoofing | Important | 5034134 | Security Update | CVE-2024-21320 |
| Windows 10 for 32-bit Systems | Spoofing | Important | 5034134 | Security Update | CVE-2024-21320 |
| Windows 11 Version 23H2 for x64-based Systems | Spoofing | Important | 5034123 | Security Update | CVE-2024-21320 |
| Windows 11 Version 23H2 for ARM64-based Systems | Spoofing | Important | 5034123 | Security Update | CVE-2024-21320 |
| Windows 10 Version 22H2 for 32-bit Systems | Spoofing | Important | 5034122 | Security Update | CVE-2024-21320 |
| Windows 10 Version 22H2 for ARM64-based Systems | Spoofing | Important | 5034122 | Security Update | CVE-2024-21320 |
| Windows 10 Version 22H2 for x64-based Systems | Spoofing | Important | 5034122 | Security Update | CVE-2024-21320 |
| Windows 11 Version 22H2 for x64-based Systems | Spoofing | Important | 5034123 | Security Update | CVE-2024-21320 |
| Windows 11 Version 22H2 for ARM64-based Systems | Spoofing | Important | 5034123 | Security Update | CVE-2024-21320 |
| Windows 10 Version 21H2 for x64-based Systems | Spoofing | Important | 5034122 | Security Update | CVE-2024-21320 |
| Windows 10 Version 21H2 for ARM64-based Systems | Spoofing | Important | 5034122 | Security Update | CVE-2024-21320 |
| Windows 10 Version 21H2 for 32-bit Systems | Spoofing | Important | 5034122 | Security Update | CVE-2024-21320 |
| Windows 11 version 21H2 for ARM64-based Systems | Spoofing | Important | 5034121 | Security Update | CVE-2024-21320 |
| Windows 11 version 21H2 for x64-based Systems | Spoofing | Important | 5034121 | Security Update | CVE-2024-21320 |
| Windows Server 2022 (Server Core installation) | Spoofing | Important | 5034129 | Security Update | CVE-2024-21320 |
| Windows Server 2022 | Spoofing | Important | 5034129 | Security Update | CVE-2024-21320 |
| Windows Server 2019 (Server Core installation) | Spoofing | Important | 5034127 | Security Update | CVE-2024-21320 |
| Windows Server 2019 | Spoofing | Important | 5034127 | Security Update | CVE-2024-21320 |
| Windows 10 Version 1809 for ARM64-based Systems | Spoofing | Important | 5034127 | Security Update | CVE-2024-21320 |
| Windows 10 Version 1809 for x64-based Systems | Spoofing | Important | 5034127 | Security Update | CVE-2024-21320 |
| Windows 10 Version 1809 for 32-bit Systems | Spoofing | Important | 5034127 | Security Update | CVE-2024-21320 |
| Microsoft SharePoint Server Subscription Edition | Remote Code Execution | Important | 5002540 | Security Update | CVE-2024-21318 |
| Microsoft SharePoint Server 2019 | Remote Code Execution | Important | 5002539 | Security Update | CVE-2024-21318 |
| Microsoft SharePoint Enterprise Server 2016 | Remote Code Execution | Important | 5002541 | Security Update | CVE-2024-21318 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | Remote Code Execution | Important | 5034169 | Monthly Rollup | CVE-2024-21307 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | Remote Code Execution | Important | 5034167 | Security Only | CVE-2024-21307 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | Remote Code Execution | Important | 5034169 | Monthly Rollup | CVE-2024-21307 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | Remote Code Execution | Important | 5034167 | Security Only | CVE-2024-21307 |
| Windows Server 2022, 23H2 Edition (Server Core installation) | Spoofing | Important | 5034130 | Security Update | CVE-2024-21306 |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | Information Disclosure | Important | 5034173 | Monthly Rollup | CVE-2024-20692 |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | Information Disclosure | Important | 5034176 | Security Only | CVE-2024-20692 |
| Windows Server 2008 for x64-based Systems Service Pack 2 | Information Disclosure | Important | 5034173 | Monthly Rollup | CVE-2024-20692 |
| Windows Server 2008 for x64-based Systems Service Pack 2 | Information Disclosure | Important | 5034176 | Security Only | CVE-2024-20692 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | Information Disclosure | Important | 5034173 | Monthly Rollup | CVE-2024-20692 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | Information Disclosure | Important | 5034176 | Security Only | CVE-2024-20692 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | Information Disclosure | Important | 5034173 | Monthly Rollup | CVE-2024-20692 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | Information Disclosure | Important | 5034176 | Security Only | CVE-2024-20692 |
| Microsoft Visual Studio 2015 Update 3 | Elevation of Privilege | Important | 5030979 | Security Update | CVE-2024-20656 |
| Microsoft Visual Studio 2017 version 15.9 (includes 15.0 – 15.8) | Elevation of Privilege | Important | Release Notes | Security Update | CVE-2024-20656 |
| Windows Server 2012 R2 (Server Core installation) | Security Feature Bypass | Important | 5034120 | IE Cumulative | CVE-2024-20652 |
| Windows Server 2012 R2 | Security Feature Bypass | Important | 5034120 | IE Cumulative | CVE-2024-20652 |
| Windows Server 2012 (Server Core installation) | Security Feature Bypass | Important | 5034120 | IE Cumulative | CVE-2024-20652 |
| Windows Server 2012 | Security Feature Bypass | Important | 5034120 | IE Cumulative | CVE-2024-20652 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | Security Feature Bypass | Important | 5034120 | IE Cumulative | CVE-2024-20652 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | Security Feature Bypass | Important | 5034120 | IE Cumulative | CVE-2024-20652 |
| .NET 6.0 | Denial of Service | Important | 5033733 | Security Update | CVE-2024-20672 |
| CBL Mariner 2.0 x64 | sqlite | CBL-Mariner | CVE-2022-35737 | ||
| CBL Mariner 2.0 ARM | sqlite | CBL-Mariner | CVE-2022-35737 | ||
| CBL Mariner 1.0 x64 | sqlite | CBL-Mariner | CVE-2022-35737 | ||
| CBL Mariner 1.0 ARM | sqlite | CBL-Mariner | CVE-2022-35737 | ||
| System.Data.SqlClient | Security Feature Bypass | Important | Release Notes | Security Update | CVE-2024-0056 |
| Microsoft.Data.SqlClient 5.1 | Security Feature Bypass | Important | Release Notes | Security Update | CVE-2024-0056 |
| Microsoft.Data.SqlClient 4.0 | Security Feature Bypass | Important | Release Notes | Security Update | CVE-2024-0056 |
| Microsoft.Data.SqlClient 3.1 | Security Feature Bypass | Important | Release Notes | Security Update | CVE-2024-0056 |
| Microsoft.Data.SqlClient 2.1 | Security Feature Bypass | Important | Release Notes | Security Update | CVE-2024-0056 |
| Microsoft Printer Metadata Troubleshooter Tool | Remote Code Execution | Important | Release Notes | Security Update | CVE-2024-21325 |
| Azure Storage Mover Agent | Remote Code Execution | Important | Release Notes | Security Update | CVE-2024-20676 |
| Microsoft SQL Server 2022 for x64-based Systems (GDR) | Security Feature Bypass | Important | 5032968 | Security Update | CVE-2024-0056 |
Quality and experience updates
Microsoft released the KB5034765 patch for Windows 11 versions 23H2 and 22H2, which moves the Copilot shortcut in the taskbar to the right side of the system tray. Moreover, the latest update has disabled the ‘Show desktop’ option at the rightmost corner of the taskbar by default. Microsoft has also fixed a bug that was previously causing the announcements to slow down for people who use the new Natural Voices in Narrator.
Microsoft has also started rolling out a richer weather experience for users running Windows 10 version 22H2. This new feature allows users to view interactive weather updates on a bigger card on their lock screens. They can also choose to click or tap the weather card to open the MSN weather forecast in Microsoft Edge.
Windows Update testing and best practices
Organizations looking to deploy this month’s patches should conduct thorough testing before deploying them widely on production systems. That said, applying the patches widely shouldn’t be delayed longer than necessary as hackers start to work out how to weaponize newly reported vulnerabilities.
A best practice is to make sure you have backed up systems before applying updates. Every month, users experience issues with Windows updates that lead to systems not booting, application and hardware compatibility issues, or even data loss in extreme cases.
There are backup tools built into Windows and Windows Server that you can use to restore systems in the event a patch causes a problem. The backup features in Windows can be used to restore an entire system, or files and folders on a granular basis.