On February 13, 2024, Microsoft published their February 2024 security update with patches for 73 vulnerabilities. Among these vulnerabilities, Arctic Wolf has highlighted 5 vulnerabilities in this bulletin that were categorized as critical or zero-day vulnerabilities. Two of these vulnerabilities have been reported to be exploited in the wild.
Impacted Product: Windows SmartScreen
CVE-2024-21412 | CVSS: 6.8 – Medium | Exploitation detected |
Windows SmartScreen Security Feature Bypass Vulnerability – A threat actor without authentication could send a specifically tailored file to the intended victim, aiming to bypass existing security measures. However, they cannot force the user to view the manipulated content; instead, they must persuade the user to take action by clicking on a provided file link. |
CVE-2024-21351 | CVSS: 7.6 – High | Exploitation detected |
Windows SmartScreen Security Feature Bypass Vulnerability – An authorized threat actor must send the victim a malicious file and convince them to open it to exploit this vulnerability. This vulnerability would allow a threat actor to insert code into SmartScreen, potentially achieving RCE. |
Impacted Product: Microsoft Exchange
CVE-2024-21410 | CVSS: 9.8 – Critical | No exploitation detected |
Microsoft Exchange Server Elevation of Privilege Vulnerability – A threat actor could exploit this vulnerability to target an NTLM client such as Outlook with an NTLM credentials-type vulnerability. If successful, a threat actor could authenticate as a user by relaying a user’s leaked Net-NETLMv2 hash to a vulnerable Exchange server, and would allow the threat actor to perform operations on the victim’s behalf. |
Impacted Product: Microsoft Outlook
CVE-2024-21413 | CVSS: 9.8 – Critical | No exploitation detected |
Microsoft Outlook Remote Code Execution Vulnerability – A threat actor could exploit this vulnerability by crafting a malicious link that bypasses the Protected View Protocol, which leads to the leaking of local NTLM credential information and remote code execution (RCE). |
Impacted Product: Microsoft Entra Jira Integration
CVE-2024-21401 | CVSS: 9.8 – Critical | No exploitation detected |
Microsoft Entra Jira Single-Sign-On Plugin Elevation of Privilege Vulnerability – A threat actor could exploit this vulnerability to fully update Entra ID SAML metadata and info for the plugin, and then modify the application’s authentication to their tenant. |
Recommendations CVE-2024-21410, CVE-2024-21413, and CVE-2024-21401
Recommendation: Apply Security Updates to Impacted Products
Arctic Wolf strongly recommends applying the available security updates to all impacted products to prevent potential exploitation of these vulnerabilities.
Affected and Fixed Products/Versions
Product | Vulnerability | Reference Article | Download |
Windows 10 for 32-bit Systems | CVE-2024-21351 | 5034774 | Security Update |
Windows 10 for x64-based Systems | CVE-2024-21351 | 5034774 | Security Update |
Windows 10 Version 1607 for 32-bit Systems | CVE-2024-21351 | 5034767 | Security Update |
Windows 10 Version 1607 for x64-based Systems | CVE-2024-21351 | 5034767 | Security Update |
Windows 10 Version 1809 for 32-bit Systems | CVE-2024-21351, CVE-2024-21412 | 5034768 | Security Update |
Windows 10 Version 1809 for ARM64-based Systems | CVE-2024-21351, CVE-2024-21412 | 5034768 | Security Update |
Windows 10 Version 1809 for x64-based Systems | CVE-2024-21351, CVE-2024-21412 | 5034768 | Security Update |
Windows 10 Version 21H2 for 32-bit Systems | CVE-2024-21351, CVE-2024-21412 | 5034763 | Security Update |
Windows 10 Version 21H2 for ARM64-based Systems | CVE-2024-21351, CVE-2024-21412 | 5034763 | Security Update |
Windows 10 Version 21H2 for x64-based Systems | CVE-2024-21351, CVE-2024-21412 | 5034763 | Security Update |
Windows 10 Version 22H2 for 32-bit Systems | CVE-2024-21351, CVE-2024-21412 | 5034763 | Security Update |
Windows 10 Version 22H2 for ARM64-based Systems | CVE-2024-21351, CVE-2024-21412 | 5034763 | Security Update |
Windows 10 Version 22H2 for x64-based Systems | CVE-2024-21351, CVE-2024-21412 | 5034763 | Security Update |
Windows 11 version 21H2 for ARM64-based Systems | CVE-2024-21351, CVE-2024-21412 | 5034766 | Security Update |
Windows 11 version 21H2 for x64-based Systems | CVE-2024-21351, CVE-2024-21412 | 5034766 | Security Update |
Windows 11 Version 22H2 for ARM64-based Systems | CVE-2024-21351, CVE-2024-21412 | 5034765 | Security Update |
Windows 11 Version 22H2 for x64-based Systems | CVE-2024-21351, CVE-2024-21412 | 5034765 | Security Update |
Windows 11 Version 23H2 for ARM64-based Systems | CVE-2024-21351, CVE-2024-21412 | 5034765 | Security Update |
Windows 11 Version 23H2 for x64-based Systems | CVE-2024-21351, CVE-2024-21412 | 5034765 | Security Update |
Windows Server 2016 | CVE-2024-21351 | 5034767 | Security Update |
Windows Server 2019 | CVE-2024-21351, CVE-2024-21412 | 5034768 | Security Update |
Windows Server 2022 | CVE-2024-21351, CVE-2024-21412 | 5034770 | Security Update |
Windows Server 2022, 23H2 Edition | CVE-2024-21412 | 5034769 | Security Update |
Microsoft 365 Apps for Enterprise for 32-bit Systems | CVE-2024-21413 | Release Notes | Security Update |
Microsoft 365 Apps for Enterprise for 64-bit Systems | CVE-2024-21413 | Release Notes | Security Update |
Microsoft Office 2016 (32-bit edition) | CVE-2024-21413 | ||
Microsoft Office 2016 (64-bit edition) | CVE-2024-21413 | ||
Microsoft Office 2019 for 32-bit editions | CVE-2024-21413 | Release Notes | Security Update |
Microsoft Office 2019 for 64-bit editions | CVE-2024-21413 | Release Notes | Security Update |
Microsoft Office LTSC 2021 for 32-bit editions | CVE-2024-21413 | Release Notes | Security Update |
Microsoft Office LTSC 2021 for 64-bit editions | CVE-2024-21413 | Release Notes | Security Update |
Microsoft Exchange Server 2019 Cumulative Update 13 | CVE-2024-21410 | 5035606 | Security Update |
Microsoft Exchange Server 2019 Cumulative Update 14 | CVE-2024-21410 | 5035606 | Security Update |
Microsoft Exchange Server 2016 Cumulative Update 23 | CVE-2024-21410 | – | – |
Microsoft Entra Jira Single-Sign-On Plugin | CVE-2024-21401 | Release Notes | Security Update |
Note: Please follow your organization’s patching and testing guidelines to avoid any operational impact.
References
- Microsoft February 2024 Release Notes
- CVE-2024-21401
- CVE-2024-21410
- CVE-2024-21413
- CVE-2024-21351
- CVE-2024-21412
See other important security bulletins from Arctic Wolf.