As has happened for 20 years now on the occasion of Microsoft Patch Tuesday, the Redmond company has released a large number of security updates for Windows and for a wide range of software, intended for the world consumer than to the more distinctly business segment. In February 2024, on the second Tuesday of the month, it is 80 vulnerability that Microsoft has resolved: 5 of them are indicated as “critical”, at least 2 already used by criminals to launch cyber attacks. Below we see what they are corrections more important ones that deserve more attention.
What are the most important Microsoft patches for the month of February
Let’s start with the security gaps that attackers are already exploiting. Let’s start with the one that reports the identifier CVE-2024-2142 and that Microsoft presents as “Internet Shortcut Files Security Feature Bypass Vulnerability“.
In this case the attacker sends the victim what at first glance appears to be a connection to an Internet service. Do you know the links (file .lnk) that are usually used in the Windows environment? Here, in this case, the malicious user who manages to double click on his “malicious link” can direct the victim to dangerous resources, possibly arranging their automatic download. All overcoming the security checks normally exercised by Windows.
The second noteworthy security flaw (also exploited by attackers) once again concerns Windows SmartScreen, i.e. the feature capable of block sitesapplications and file potentially harmful. Security issue CVE-2024-21351, if not resolved through Microsoft patch installation, could allow an attacker to inject code in SmartScreen and be able to perform arbitrary operations.
Vulnerabilities also in Exchange Server and Outlook
For the benefit of administrators and users of Microsoft Exchange Server, we also draw attention to the issue CVE-2024-21410. According to what Microsoft reveals, an attacker who managed to exploit the vulnerability could use thehash Non-NTLMv2 of a user and authenticate on Exchange Server by impersonating the latter.
Non-NTLMv2 is a type of hash used in authentication protocol NTLMv2 (NT LAN Manager version 2) and is used to verify the identity of a user or system. Once again, in short, we are dealing with an example of relay attack which Microsoft intends to combat with the use of more robust protocols, such as Kerberos for example.
Another particularly critical vulnerability concerns Microsoft Outlook (CVE-2024-21413): An exploiting attacker can execute malicious code on the victim’s machine, even if the victim simply previews the contents of the email without opening it. The attack mechanism can also be used to steal local NTLM credentials as well as remote code execution (RCE).
The other most important security gaps
Other security flaws that deserve special attention include CVE-2024-21379: concerns users of Microsoft Word and can be triggered on all systems that use the word processor of the Redmond company simply by inducing the victim to open a “artfully” prepared document. Even the mere visualization of thefile preview Word may result in arbitrary code execution.
The Redmond company indicates Word 2016, Office LTSC 2021, Microsoft 365 Apps for Enterprise and Office 2019 as vulnerable, both in 64-bit and 32-bit versions.
Vulnerability CVE-2024-21357Furthermore, it appears quite relevant because it concerns the implementation of the protocol Pragmatic General Multicast (PGM) on Windows. An attacker connected to the same network used by the systems he intends to attack may be able to run code on other people’s cars.
Finally, the problem cannot be overlooked CVE-2024-20684: an attacker who has the “titles” to interact with a system Hyper-V guest could cause a DoS attack (Denial of Service) on the host and, consequently, “knock out” all the other Hyper-V virtual machines configured and running on the same machine.
The complete list of vulnerabilities fixed by Microsoft this month is available in the usual ISC-SANS review.