< Go Back
Blog

ION Threat Advisory: February Update

Executive Summary

This February Update consists of 80 patches for Microsoft products. Of these, five are critical and two are being actively exploited as reported in the CISA Known Exploited Vulnerabilities Catalogue.

Actively Exploited Vulnerabilities

  • CVE-2024-21412 Microsoft Windows Internet Shortcut Files Security Feature Bypass Vulnerability CVSS 8.1 – An unauthenticated attacker could send the targeted user a specially crafted file that is designed to bypass displayed security checks. However, attacker would have to convince a victim to click on the file link.
  • CVE-2024-21351 Microsoft Windows SmartScreen Security Feature Bypass Vulnerability CVSS 7.6 – Allows a malicious actor to inject code into SmartScreen and potentially gain code execution, which could potentially lead to some data exposure, lack of system availability, or both.

Critical Vulnerabilities

The following vulnerabilities are classified as critical but have not yet been actively exploited or publicly disclosed.

  • CVE-2024-21380 Microsoft Dynamics Business Central/NAV Information Disclosure Vulnerability
  • CVE-2024-21410 Microsoft Exchange Server Elevation of Privilege Vulnerability
  • CVE-2024-21413 Microsoft Outlook Remote Code Execution Vulnerability
  • CVE-2024-20684 Windows Hyper-V Denial of Service Vulnerability
  • CVE-2024-21357 Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability

The Microsoft Exchange Server Elevation of Privilege Vulnerability (CVE-2024-21410) is noteworthy as an attacker who successfully exploited this vulnerability could relay a user’s leaked Net-NTLMv2 hash against a vulnerable Exchange Server and authenticate as the user. The CVSS for this vulnerability is 9.8 – the highest for this month.

Additionally, the Microsoft Outlook Remote Code Execution Vulnerability (CVE-2024-21413) can allow an attacker to bypass the Office Protected View and open in editing mode rather than protected mode. An attacker could craft a malicious link that bypasses the Protected View Protocol, which leads to the leaking of local NTLM credential information and remote code execution (RCE). The CVSS for this vulnerability is 9.8 as well.

Countermeasures and Patches

  • Apply patches as soon as possible, after appropriate testing.

References

Sans Report: https://isc.sans.edu/diary/Microsoft+February+2024+Patch+Tuesday/30646/

Sharing
Article By

Advanced Threat Operations Team
Ontinue - ATO

Ontinue’s Advanced Threat Operations (ATO) team leverages proactive threat identification, analysis, and mitigation to empower our customers with the resilience needed to tackle the constantly evolving threat landscape.

Carlo Keay

Balazs Greksza

Domenico de Vitto

 

Related Links
  • ION Cyber Defense Center

    The Ontinue ION Cyber Defense Center is much more than a SOC. It is an entire SecOps team working alongside you to deliver 24/7 security with eyes on glass continuous monitoring — backed by Ontinue employees supporting the entire security lifecycle with threat hunting, intelligence, automation and engineering.

    About Us >
  • Your Career at Ontinue

    We’re committed to making Ontinue a place where you can be your best self every day, in every way. We’re proud of our recent recognition as a Great Place To Work—in all SEVEN countries where we maintain offices. Care to join us?

    Join Us >
Keywords

Related Articles

Blog
Defining “Weird” and Other Ways to Spot Phishing Attacks

View Blog >
Blog
Cybersecurity Awareness Must Move from Attendance to Understanding

View Blog >
Blog
The State of AI in Cybersecurity

View Blog >