ION Threat Advisory: February Update

Zusammenfassung

Diese February Update consists of 80 patches for Microsoft products. Of these, five are critical and two are being actively exploited as reported in the CISA Known Exploited Vulnerabilities Catalogue.

Aktiv ausgenutzte Schwachstellen

• CVE-2024-21412 Microsoft Windows Internet Shortcut Files Security Feature Bypass Vulnerability CVSS 8.1 – An unauthenticated attacker could send the targeted user a specially crafted file that is designed to bypass displayed security checks. However, attacker would have to convince a victim to click on the file link.
• CVE-2024-21351 Microsoft Windows SmartScreen Security Feature Bypass Vulnerability CVSS 7.6 – Allows a malicious actor to inject code into SmartScreen and potentially gain code execution, which could potentially lead to some data exposure, lack of system availability, or both.

Kritische Schwachstellen

The following vulnerabilities are classified as critical but have noch nicht aktiv ausgenutzt oder öffentlich bekannt gemacht wurden.

• CVE-2024-21380 Microsoft Dynamics Business Central/NAV Information Disclosure Vulnerability
• CVE-2024-21410 Microsoft Exchange Server Elevation of Privilege Vulnerability
• CVE-2024-21413 Microsoft Outlook Remote Code Execution Vulnerability
• CVE-2024-20684 Windows Hyper-V Denial of Service Vulnerability
• CVE-2024-21357 Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability

The Microsoft Exchange Server Elevation of Privilege Vulnerability (CVE-2024-21410) is noteworthy as an attacker who successfully exploited this vulnerability could relay a user’s leaked Net-NTLMv2 hash against a vulnerable Exchange Server and authenticate as the user. The CVSS for this vulnerability is 9.8 – the highest for this month.

Additionally, the Microsoft Outlook Remote Code Execution Vulnerability (CVE-2024-21413) can allow an attacker to bypass the Office Protected View and open in editing mode rather than protected mode. An attacker could craft a malicious link that bypasses the Protected View Protocol, which leads to the leaking of local NTLM credential information and remote code execution (RCE). The CVSS for this vulnerability is 9.8 as well.

Gegenmaßnahmen und Patches

• Bringen Sie Patches so schnell wie möglich nach entsprechenden Tests an.

Referenzen

Sans Report: https://isc.sans.edu/diary/Microsoft+February+2024+Patch+Tuesday/30646/