CVE-2024-21410, CVE-2024-21413, and CVE-2024-21401 Lead the list of Critical & Actively Exploited Vulnerabilities in Microsoft’s February 2024 Patch Tuesday

Share :

On February 13, 2024, Microsoft published their February 2024 security update with patches for 73 vulnerabilities. Among these vulnerabilities, Arctic Wolf has highlighted 5 vulnerabilities in this bulletin that were categorized as critical or zero-day vulnerabilities. Two of these vulnerabilities have been reported to be exploited in the wild. 

Impacted Product: Windows SmartScreen 

CVE-2024-21412  CVSS: 6.8 – Medium  Exploitation detected 
Windows SmartScreen Security Feature Bypass Vulnerability – A threat actor without authentication could send a specifically tailored file to the intended victim, aiming to bypass existing security measures. However, they cannot force the user to view the manipulated content; instead, they must persuade the user to take action by clicking on a provided file link. 
CVE-2024-21351  CVSS: 7.6 – High  Exploitation detected 
Windows SmartScreen Security Feature Bypass Vulnerability – An authorized threat actor must send the victim a malicious file and convince them to open it to exploit this vulnerability. This vulnerability would allow a threat actor to insert code into SmartScreen, potentially achieving RCE. 

Impacted Product: Microsoft Exchange 

CVE-2024-21410  CVSS: 9.8 – Critical  No exploitation detected 
Microsoft Exchange Server Elevation of Privilege Vulnerability – A threat actor could exploit this vulnerability to target an NTLM client such as Outlook with an NTLM credentials-type vulnerability. If successful, a threat actor could authenticate as a user by relaying a user’s leaked Net-NETLMv2 hash to a vulnerable Exchange server, and would allow the threat actor to perform operations on the victim’s behalf. 

Impacted Product: Microsoft Outlook 

CVE-2024-21413  CVSS: 9.8 – Critical  No exploitation detected 
Microsoft Outlook Remote Code Execution Vulnerability – A threat actor could exploit this vulnerability by crafting a malicious link that bypasses the Protected View Protocol, which leads to the leaking of local NTLM credential information and remote code execution (RCE). 

Impacted Product: Microsoft Entra Jira Integration 

CVE-2024-21401  CVSS: 9.8 – Critical  No exploitation detected 
Microsoft Entra Jira Single-Sign-On Plugin Elevation of Privilege Vulnerability – A threat actor could exploit this vulnerability to fully update Entra ID SAML metadata and info for the plugin, and then modify the application’s authentication to their tenant. 

Recommendations CVE-2024-21410, CVE-2024-21413, and CVE-2024-21401

Recommendation: Apply Security Updates to Impacted Products 

Arctic Wolf strongly recommends applying the available security updates to all impacted products to prevent potential exploitation of these vulnerabilities. 

Affected and Fixed Products/Versions 

Product  Vulnerability  Reference Article  Download 
Windows 10 for 32-bit Systems  CVE-2024-21351  5034774  Security Update 
Windows 10 for x64-based Systems  CVE-2024-21351  5034774  Security Update 
Windows 10 Version 1607 for 32-bit Systems  CVE-2024-21351  5034767  Security Update 
Windows 10 Version 1607 for x64-based Systems  CVE-2024-21351  5034767  Security Update 
Windows 10 Version 1809 for 32-bit Systems  CVE-2024-21351, CVE-2024-21412  5034768  Security Update 
Windows 10 Version 1809 for ARM64-based Systems  CVE-2024-21351, CVE-2024-21412  5034768  Security Update 
Windows 10 Version 1809 for x64-based Systems  CVE-2024-21351, CVE-2024-21412  5034768  Security Update 
Windows 10 Version 21H2 for 32-bit Systems  CVE-2024-21351, CVE-2024-21412  5034763  Security Update 
Windows 10 Version 21H2 for ARM64-based Systems  CVE-2024-21351, CVE-2024-21412  5034763  Security Update 
Windows 10 Version 21H2 for x64-based Systems  CVE-2024-21351, CVE-2024-21412  5034763  Security Update 
Windows 10 Version 22H2 for 32-bit Systems  CVE-2024-21351, CVE-2024-21412  5034763  Security Update 
Windows 10 Version 22H2 for ARM64-based Systems  CVE-2024-21351, CVE-2024-21412  5034763  Security Update 
Windows 10 Version 22H2 for x64-based Systems  CVE-2024-21351, CVE-2024-21412  5034763  Security Update 
Windows 11 version 21H2 for ARM64-based Systems  CVE-2024-21351, CVE-2024-21412  5034766  Security Update 
Windows 11 version 21H2 for x64-based Systems  CVE-2024-21351, CVE-2024-21412  5034766  Security Update 
Windows 11 Version 22H2 for ARM64-based Systems  CVE-2024-21351, CVE-2024-21412  5034765  Security Update 
Windows 11 Version 22H2 for x64-based Systems  CVE-2024-21351, CVE-2024-21412  5034765  Security Update 
Windows 11 Version 23H2 for ARM64-based Systems  CVE-2024-21351, CVE-2024-21412  5034765  Security Update 
Windows 11 Version 23H2 for x64-based Systems  CVE-2024-21351, CVE-2024-21412  5034765  Security Update 
Windows Server 2016  CVE-2024-21351  5034767  Security Update 
Windows Server 2019  CVE-2024-21351, CVE-2024-21412  5034768  Security Update 
Windows Server 2022  CVE-2024-21351, CVE-2024-21412  5034770  Security Update 
Windows Server 2022, 23H2 Edition  CVE-2024-21412  5034769  Security Update 
Microsoft 365 Apps for Enterprise for 32-bit Systems  CVE-2024-21413  Release Notes  Security Update 
Microsoft 365 Apps for Enterprise for 64-bit Systems  CVE-2024-21413  Release Notes  Security Update 
Microsoft Office 2016 (32-bit edition)  CVE-2024-21413 
Microsoft Office 2016 (64-bit edition)  CVE-2024-21413 
Microsoft Office 2019 for 32-bit editions  CVE-2024-21413  Release Notes  Security Update 
Microsoft Office 2019 for 64-bit editions  CVE-2024-21413  Release Notes  Security Update 
Microsoft Office LTSC 2021 for 32-bit editions  CVE-2024-21413  Release Notes  Security Update 
Microsoft Office LTSC 2021 for 64-bit editions  CVE-2024-21413  Release Notes  Security Update 
Microsoft Exchange Server 2019 Cumulative Update 13  CVE-2024-21410  5035606  Security Update 
Microsoft Exchange Server 2019 Cumulative Update 14  CVE-2024-21410  5035606  Security Update 
Microsoft Exchange Server 2016 Cumulative Update 23  CVE-2024-21410     
Microsoft Entra Jira Single-Sign-On Plugin  CVE-2024-21401  Release Notes  Security Update 

 

Note: Please follow your organization’s patching and testing guidelines to avoid any operational impact. 

References 

See other important security bulletins from Arctic Wolf.

Stefan Hostetler

Stefan Hostetler

Stefan is a Senior Threat Intelligence Researcher at Arctic Wolf. With over a decade of industry experience under his belt, he focuses on extracting actionable insight from novel threats to help organizations protect themselves effectively.
Share :
Table of Contents
Categories
Subscribe to our Monthly Newsletter