Microsoft Patch Tuesday For February Addressed Two Zero-Days

Heads up, Microsoft users! It’s now time to update your devices as Microsoft rolled out its monthly Patch Tuesday updates for February 2024. This time, the tech giant addressed over 70 different vulnerabilities, including two zero-day flaws.

Microsoft February Patch Tuesday Updates Released

The most important security fixes in the February 2024 Patch Tuesday update bundle address two Microsoft zero-day vulnerabilities. The tech giant described both vulnerabilities as security feature bypass. Specifically, these include the following.

  • CVE-2024-21412 (CVSS 8.1): An important severity vulnerability affecting the Internet Shortcut Files. An adversary could exploit the flaw by tricking the target user into opening a maliciously crafted file designed to bypass displayed security checks. Microsoft confirmed detecting exploitation attempts for this flaw prior public disclosure.
  • CVE-2024-21351 (CVSS 7.6): A moderate severity vulnerability affecting Windows SmartScreen, compromising the Mark of the Web feature. An adversary could exploit the flaw by tricking the target user into opening a maliciously crafted file that could bypass Windows SmartScreen. Once done, the attacker could gain code execution on the target system. The tech giant confirmed detecting active exploitation of this vulnerability as well.

Besides these noteworthy security fixes, Microsoft released patches for three critical severity vulnerabilities. These include CVE-2024-21380 (CVSS 8.0) – an information disclosure flaw affecting the Microsoft Dynamics Business Central/NAV, CVE-2024-21357 (CVSS 7.5) – a remote code execution vulnerability in the Windows Pragmatic General Multicast (PGM), and CVE-2024-20684 (CVSS 6.5) – a Windows Hyper-V denial of service vulnerability.

In addition, the February Patch Tuesday update bundle addressed 66 other vulnerabilities, including 59 important severity issues and two moderate severity flaws. Moreover, the update bundle also includes numerous security fixes from third parties, facilitating users to patch their devices accordingly.

While these updates would automatically reach all eligible devices, users should still check for any updates manually to receive all bug fixes in time.

Let us know your thoughts in the comments.

Related posts

Water Facilities Must Secure Exposed HMIs – Warns CISA

Microsoft December Patch Tuesday Arrived With 70+ Bug Fixes

NachoVPN Attack Risks Corporate VPN Clients