< BACK TO BLOG

20 Feb, 2024
by Stefan Hostetler

CVE-2024-21410, CVE-2024-21413, and CVE-2024-21401 Lead the list of Critical & Actively Exploited Vulnerabilities in Microsoft’s February 2024 Patch Tuesday

On 13 February 2024, Microsoft published their February 2024 security update with patches for 73 vulnerabilities. Among these vulnerabilities, Arctic Wolf has highlighted 5 vulnerabilities in this bulletin that were categorised as critical or zero-day vulnerabilities. Two of these vulnerabilities have been reported to be exploited in the wild.

Impacted Product: Windows SmartScreen

CVE-2024-21412	CVSS: 6.8 – Medium	Exploitation detected
Windows SmartScreen Security Feature Bypass Vulnerability – A threat actor without authentication could send a specifically tailored file to the intended victim, aiming to bypass existing security measures. However, they cannot force the user to view the manipulated content; instead, they must persuade the user to take action by clicking on a provided file link.

CVE-2024-21351	CVSS: 7.6 – High	Exploitation detected
Windows SmartScreen Security Feature Bypass Vulnerability – An authorised threat actor must send the victim a malicious file and convince them to open it to exploit this vulnerability. This vulnerability would allow a threat actor to insert code into SmartScreen, potentially achieving RCE.

Impacted Product: Microsoft Exchange

CVE-2024-21410	CVSS: 9.8 – Critical	No exploitation detected
Microsoft Exchange Server Elevation of Privilege Vulnerability – A threat actor could exploit this vulnerability to target an NTLM client such as Outlook with an NTLM credentials-type vulnerability. If successful, a threat actor could authenticate as a user by relaying a user’s leaked Net-NETLMv2 hash to a vulnerable Exchange server, and would allow the threat actor to perform operations on the victim’s behalf.

Impacted Product: Microsoft Outlook

CVE-2024-21413	CVSS: 9.8 – Critical	No exploitation detected
Microsoft Outlook Remote Code Execution Vulnerability – A threat actor could exploit this vulnerability by crafting a malicious link that bypasses the Protected View Protocol, which leads to the leaking of local NTLM credential information and remote code execution (RCE).

Impacted Product: Microsoft Entra Jira Integration

CVE-2024-21401	CVSS: 9.8 – Critical	No exploitation detected
Microsoft Entra Jira Single-Sign-On Plugin Elevation of Privilege Vulnerability – A threat actor could exploit this vulnerability to fully update Entra ID SAML metadata and info for the plugin, and then modify the application’s authentication to their tenant.

Recommendations CVE-2024-21410, CVE-2024-21413, and CVE-2024-21401

Recommendation: Apply Security Updates to Impacted Products

Arctic Wolf strongly recommends applying the available security updates to all impacted products to prevent potential exploitation of these vulnerabilities.

Affected and Fixed Products/Versions

Product	Vulnerability	Reference Article	Download
Windows 10 for 32-bit Systems	CVE-2024-21351	5034774	Security Update
Windows 10 for x64-based Systems	CVE-2024-21351	5034774	Security Update
Windows 10 Version 1607 for 32-bit Systems	CVE-2024-21351	5034767	Security Update
Windows 10 Version 1607 for x64-based Systems	CVE-2024-21351	5034767	Security Update
Windows 10 Version 1809 for 32-bit Systems	CVE-2024-21351, CVE-2024-21412	5034768	Security Update
Windows 10 Version 1809 for ARM64-based Systems	CVE-2024-21351, CVE-2024-21412	5034768	Security Update
Windows 10 Version 1809 for x64-based Systems	CVE-2024-21351, CVE-2024-21412	5034768	Security Update
Windows 10 Version 21H2 for 32-bit Systems	CVE-2024-21351, CVE-2024-21412	5034763	Security Update
Windows 10 Version 21H2 for ARM64-based Systems	CVE-2024-21351, CVE-2024-21412	5034763	Security Update
Windows 10 Version 21H2 for x64-based Systems	CVE-2024-21351, CVE-2024-21412	5034763	Security Update
Windows 10 Version 22H2 for 32-bit Systems	CVE-2024-21351, CVE-2024-21412	5034763	Security Update
Windows 10 Version 22H2 for ARM64-based Systems	CVE-2024-21351, CVE-2024-21412	5034763	Security Update
Windows 10 Version 22H2 for x64-based Systems	CVE-2024-21351, CVE-2024-21412	5034763	Security Update
Windows 11 version 21H2 for ARM64-based Systems	CVE-2024-21351, CVE-2024-21412	5034766	Security Update
Windows 11 version 21H2 for x64-based Systems	CVE-2024-21351, CVE-2024-21412	5034766	Security Update
Windows 11 Version 22H2 for ARM64-based Systems	CVE-2024-21351, CVE-2024-21412	5034765	Security Update
Windows 11 Version 22H2 for x64-based Systems	CVE-2024-21351, CVE-2024-21412	5034765	Security Update
Windows 11 Version 23H2 for ARM64-based Systems	CVE-2024-21351, CVE-2024-21412	5034765	Security Update
Windows 11 Version 23H2 for x64-based Systems	CVE-2024-21351, CVE-2024-21412	5034765	Security Update
Windows Server 2016	CVE-2024-21351	5034767	Security Update
Windows Server 2019	CVE-2024-21351, CVE-2024-21412	5034768	Security Update
Windows Server 2022	CVE-2024-21351, CVE-2024-21412	5034770	Security Update
Windows Server 2022, 23H2 Edition	CVE-2024-21412	5034769	Security Update
Microsoft 365 Apps for Enterprise for 32-bit Systems	CVE-2024-21413	Release Notes	Security Update
Microsoft 365 Apps for Enterprise for 64-bit Systems	CVE-2024-21413	Release Notes	Security Update
Microsoft Office 2016 (32-bit edition)	CVE-2024-21413	5002537 5002467 5002522 5002519	Security Update Security Update Security Update Security Update
Microsoft Office 2016 (64-bit edition)	CVE-2024-21413	5002537 5002467 5002522 5002519	Security Update Security Update Security Update Security Update
Microsoft Office 2019 for 32-bit editions	CVE-2024-21413	Release Notes	Security Update
Microsoft Office 2019 for 64-bit editions	CVE-2024-21413	Release Notes	Security Update
Microsoft Office LTSC 2021 for 32-bit editions	CVE-2024-21413	Release Notes	Security Update
Microsoft Office LTSC 2021 for 64-bit editions	CVE-2024-21413	Release Notes	Security Update
Microsoft Exchange Server 2019 Cumulative Update 13	CVE-2024-21410	5035606	Security Update
Microsoft Exchange Server 2019 Cumulative Update 14	CVE-2024-21410	5035606	Security Update
Microsoft Exchange Server 2016 Cumulative Update 23	CVE-2024-21410	–	–
Microsoft Entra Jira Single-Sign-On Plugin	CVE-2024-21401	Release Notes	Security Update

Note: Please follow your organisation’s patching and testing guidelines to avoid any operational impact.

References

Stefan Hostetler

Stefan is a Senior Threat Intelligence Researcher at Arctic Wolf. With over a decade of industry experience under his belt, he focuses on extracting actionable insight from novel threats to help organizations protect themselves effectively.

Continue Reading

CVE-2024-29204, CVE-2024-24996: Critical Vulnerabilities in Ivanti Avalanche

© 2024 Arctic Wolf Networks Inc. All Rights Reserved.
Privacy Notice	Terms of Use	Cookie Policy	Customer Portal Policy	Accessibility Statement	Sustainability Statement	Information Security	Cookies Settings

SOLUTIONS

INDUSTRIES

Quickly detect, respond, and recover from advanced threats.

Detect and respond to advanced threats targeting your cloud infrastructure and applications.

Discover, assess, and harden your environment against digital risks.

Explore, harden, and simplify your cloud environment against misconfiguration vulnerabilities.

Engage and prepare employees to recognise and neutralise social engineering attacks.

Recover quickly from cyber attacks and breaches, from threat containment to business restoration.

HOW IT WORKS

Delivering security operations outcomes.

Collect, enrich, analyse.

Ecosystem integrations and technology partnerships.

Tailored security expertise and guided risk mitigation.

Security experts proactively protecting you 24×7.

Meet some of the security experts working alongside you and your team.

TRENDING RESOURCES

NIS2 aims to make the EU as a whole more resilient to cyber threats and strengthen cooperation between Member States on cybersecurity.

Oracle Red Bull Racing trusts Arctic Wolf to secure its expansive IT environment and the mission-critical proprietary data it contains.

The elite security researchers, data scientists, and security developers of Arctic Wolf Labs share forward-thinking insights along with practical guidance you can apply to protect your organisation.

SECURITY BULLETINS

CVE-2024-29204, CVE-2024-24996: Critical Vulnerabilities in Ivanti Avalanche

CVE-2024-3400: Follow Up: Patches Released for Actively Exploited Critical Vulnerability in GlobalProtect Feature of PAN-OS

CVE-2024-26234 for Windows and CVE-2024-29053 for Defender for IOT highlighted in Microsoft’s April 2024 Patch Tuesday

COMPANY