Microsoft patch addresses 2 vulnerabilities (February 2024)

Microsoft's February 2024 Patch Tuesday security patches address a total of 72 Patch Tuesday security vulnerabilities, two of which are actively exploited by attackers. Microsoft's security updates for February 2024 address a total of 72 vulnerabilities, including two actively exploited zero-days. These vulnerabilities affect Microsoft Windows, Office, Azure, .NET Framework, ASP.NET, SQL Server, Windows Hyper-V and Microsoft Dynamics. Five vulnerabilities are rated critical, 65 are rated important, and two are rated moderate in severity.

Two actively exploited vulnerabilities:

CVE-2024-21412 (CVSS score 8.1)

Vulnerability to bypass the Internet Label Opening security feature. An unauthorized attacker can cause a vulnerability by sending a specially crafted file to a victim that bypasses the security check function.

CVE-2024-21351 (CVSS score 7.6)

Vulnerability to bypass SmartScreen feature in Windows. An authorized attacker can exploit a vulnerability to bypass a user's SmartScreen feature. An attacker could exploit this vulnerability by sending a malicious file to a user and convincing the user to open it.

Below is a list of critical vulnerabilities patched by Microsoft Patch Tuesday security updates for February 2024. As usual, ZDI has published the full list of released CVE identifiers for February 2024 at this link:

• [link].