Latest Cyber Security News

You are here: Home / General Cyber Security News / Microsoft Rolls Out Patches for 73 Flaws, Including 2 Windows Zero-Days
February 14, 2024

Microsoft has produced patches to tackle 73 security flaws spanning its program lineup as aspect of its Patch Tuesday updates for February 2024, which include two zero-times that have come below active exploitation.

Of the 73 vulnerabilities, 5 are rated Critical, 65 are rated Important, and three and rated Moderate in severity. This is in addition to 24 flaws that have been fastened in the Chromium-centered Edge browser because the launch of the January 24 Patch Tuesday updates.

The two flaws that are stated as under active attack at the time of release are under –

✔ Approved Seller From Our Partners
Mullvad VPN Discount

Protect your privacy by Mullvad VPN. Mullvad VPN is one of the famous brands in the security and privacy world. With Mullvad VPN you will not even be asked for your email address. No log policy, no data from you will be saved. Get your license key now from the official distributor of Mullvad with discount: SerialCart® (Limited Offer).

➤ Get Mullvad VPN with 12% Discount


  • CVE-2024-21351 (CVSS score: 7.6) – Windows SmartScreen Security Characteristic Bypass Vulnerability
  • CVE-2024-21412 (CVSS rating: 8.1) – Internet Shortcut Files Security Aspect Bypass Vulnerability

“The vulnerability lets a malicious actor to inject code into SmartScreen and likely attain code execution, which could perhaps lead to some info exposure, absence of program availability, or each,” Microsoft said about CVE-2024-21351.

Successful exploitation of the flaw could allow for an attacker to circumvent SmartScreen protections and run arbitrary code. Nevertheless, for the attack to perform, the danger actor will have to ship the person a destructive file and convince the user to open up it.

CVE-2024-21412, in a comparable fashion, permits an unauthenticated attacker to bypass displayed security checks by sending a specially crafted file to a focused consumer.

“On the other hand, the attacker would have no way to power a consumer to watch the attacker-controlled content material.” Redmond noted. “As a substitute, the attacker would have to influence them to just take motion by clicking on the file link.”

Cybersecurity

CVE-2024-21351 is the second bypass bug to be learned in SmartScreen after CVE-2023-36025 (CVSS score: 8.8), which was plugged by the tech giant in November 2023. The flaw has due to the fact been exploited by various hacking groups to proliferate DarkGate, Phemedrone Stealer, and Mispadu.

Development Micro, which thorough an attack marketing campaign undertaken by H2o Hydra (aka DarkCasino) focusing on economic market traders by implies of a refined zero-day attack chain leveraging CVE-2024-21412, described CVE-2024-21412 as a bypass for CVE-2023-36025, thus enabling danger actors to evade SmartScreen checks.

H2o Hydra, initial detected in 2021, has a keep track of report of launching attacks from banking companies, cryptocurrency platforms, trading products and services, gambling web pages, and casinos to provide a trojan called DarkMe applying zero-day exploits, such as the WinRAR flaw that arrived to gentle in August 2023 (CVE-2023-38831, CVSS rating: 7.8).

Late previous year, Chinese cybersecurity enterprise NSFOCUS graduated the “economically inspired” hacking group to an solely new sophisticated persistent threat (APT).

“In January 2024, Drinking water Hydra updated its an infection chain exploiting CVE-2024-21412 to execute a destructive Microsoft Installer File (.MSI), streamlining the DarkMe infection process,” Pattern Micro mentioned.

Both vulnerabilities have given that been extra to the Regarded Exploited Vulnerabilities (KEV) catalog by the U.S. Cybersecurity and Infrastructure Security Company (CISA), urging federal agencies to implement the latest updates by March 5, 2024.

Also patched by Microsoft are five critical flaws –

  • CVE-2024-20684 (CVSS score: 6.5) – Windows Hyper-V Denial of Service Vulnerability
  • CVE-2024-21357 (CVSS score: 7.5) – Windows Pragmatic Standard Multicast (PGM) Remote Code Execution Vulnerability
  • CVE-2024-21380 (CVSS rating: 8.) – Microsoft Dynamics Business Central/NAV Information Disclosure Vulnerability
  • CVE-2024-21410 (CVSS rating: 9.8) – Microsoft Trade Server Elevation of Privilege Vulnerability
  • CVE-2024-21413 (CVSS rating: 9.8) – Microsoft Outlook Distant Code Execution Vulnerability

“CVE-2024-21410 is an elevation of privilege vulnerability in Microsoft Trade Server,” Satnam Narang, senior staff exploration engineer at Tenable, said in a assertion. “This flaw is more likely to be exploited by attackers according to Microsoft.”

“Exploiting this vulnerability could result in the disclosure of a focused user’s Net-New Technology LAN Manager (NTLM) variation 2 hash, which could be relayed back again to a vulnerable Trade Server in an NTLM relay or pass-the-hash attack, which would allow the attacker to authenticate as the focused person.”

Cybersecurity

The security update even more resolves 15 remote code execution flaws in Microsoft WDAC OLE DB company for SQL Server that an attacker could exploit by tricking an authenticated person into making an attempt to connect to a destructive SQL server by way of OLEDB.

Rounding off the patch is a correct for CVE-2023-50387 (CVSS rating: 7.5), a 24-calendar year-aged structure flaw in the DNSSEC specification that can be abused to exhaust CPU methods and stall DNS resolvers, resulting in a denial-of-service (DoS).

The vulnerability has been codenamed KeyTrap by the Countrywide Investigate Center for Used Cybersecurity (ATHENE) in Darmstadt.

“They demonstrated that just with a single DNS packet the attack can exhaust the CPU and stall all broadly employed DNS implementations and community DNS companies, this sort of as Google General public DNS and Cloudflare,” the researchers explained. “In point, the preferred BIND 9 DNS implementation can be stalled for as very long as 16 several hours.”

Application Patches from Other Vendors

In addition to Microsoft, security updates have also been unveiled by other sellers due to the fact the get started of the month to rectify a number of vulnerabilities, which includes —

  • Adobe
  • AMD
  • Android
  • Arm
  • ASUS
  • Atos
  • Canon
  • Cisco
  • Dell
  • Drupal
  • ExpressVPN
  • F5
  • Fortinet
  • GitLab
  • Google Chrome
  • Google Cloud
  • Hitachi Vitality
  • HP
  • IBM
  • Intel
  • ISC BIND 9
  • Ivanti
  • JetBrains TeamCity
  • Juniper Networks
  • Lenovo
  • Linux distributions Debian, Oracle Linux, Crimson Hat, SUSE, and Ubuntu
  • Mastodon
  • MediaTek
  • Mitsubishi Electrical
  • Mozilla Firefox, Firefox ESR, and Thunderbird
  • NVIDIA
  • PowerDNS
  • QNAP (additional specifics about CVE-2023-47218 and CVE-2023-50358)
  • Qualcomm
  • Rockwell Automation
  • Samsung
  • SAP
  • Schneider Electric
  • Siemens
  • SolarWinds
  • SonicWall
  • Spring Framework
  • Synology
  • Veeam
  • Veritas
  • VMware
  • WordPress
  • Zoom, and
  • Zyxel

Found this report fascinating? Observe us on Twitter  and LinkedIn to go through a lot more distinctive content we write-up.


Some sections of this report are sourced from:
thehackernews.com

Reader Interactions

Leave a Reply

Your email address will not be published. Required fields are marked *