{
    "file_item": {
        "filepath": "security-advisories",
        "filename": "CERT-EU-SA2024-019.pdf"
    },
    "title": "Critical Vulnerabilities in Microsoft Products",
    "serial_number": "2024-019",
    "publish_date": "14-02-2024 10:31:11",
    "description": "On February 13, 2024, Microsoft released its February 2024 Patch Tuesday advisory, addressing 73 vulnerabilities, two of which are exploited in the wild.<br>\nIt recommended applying updates as soon as possible on affected products.<br>\n",
    "url_title": "2024-019",
    "content_markdown": "---\ntitle: 'Critical Vulnerabilities in\u00a0Microsoft\u00a0Products'\nnumber: '2024-019'\nversion: '1.0'\noriginal_date: 'February 13, 2024'\ndate: 'February 14, 2024'\n---\n\n_History:_\n\n* _14/02/2024 --- v1.0 -- Initial publication_\n\n# Summary\n\nOn February 13, 2024, Microsoft released its February 2024 Patch Tuesday advisory [1,2], addressing 73 vulnerabilities, two of which are exploited in the wild.\n\nIt recommended applying updates as soon as possible on affected products.\n\n# Technical Details\n\nAmong the 73 vulnerability:\n\n- The vulnerability **CVE-2024-21351**, with a CVSS score of 7.6, is a security feature bypass vulnerability in Windows SmartScreen. An attacker should convince a user to open a malicious file, which could result in bypassing the SmartScreen user experience and potentially code injection into SmartScreen to achieve remote code execution. Microsoft has already seen evidence of exploitation in the wild.\n- The vulnerability **CVE-2024-21412**, with a CVSS score of 8.1, is also a security feature bypass vulnerability. An attacker who convinces a user to open a malicious Internet Shortcut file can bypass the typical dialog, which warns that \u201cfiles from the Internet can potentially harm your computer\u201d. Microsoft has already seen evidence of exploitation in the wild.\n- The vulnerability **CVE-2024-21413**, with a CVSS score of 9.8, is a critical RCE vulnerability in Office. To exploit this vulnerability, an attacker could craft a malicious link that bypasses the Protected View Protocol, which leads to the leaking of local NTLM credential information and remote code execution (RCE). The Outlook Preview Pane is listed as an attack vector, and no user interaction is required.\n- The vulnerability **CVE-2024-21410**, with a CVSS score of 9.8, is a critical elevation of privilege vulnerability in Exchange. An attacker could use NTLM credentials previously acquired via another means to act as the victim on the Exchange server using an NTLM relay attack.\n- The vulnerability **CVE-2024-21315**, with a CVSS score of 7.8, is an elevation of privilege vulnerability in Defender for Endpoint Protection. Exploiting this vulnerability, an attacker could gain SYSTEM privileges on the affected asset.\n\n# Affected Products\n\nFixes have been released for the following Microsoft products:\n\n- Windows;\n- Defender for Endpoint Protection;\n- Office;\n- Exchange Server;\n- Dynamics;\n- DotNET;\n- Edge;\n- Azure.\n\nThe affected versions list is available in the Microsoft advisory [1].\n\n\n# Recommendations\n\nIt is recommended applying updates as soon as possible.\n\n# References\n\n[1] <https://msrc.microsoft.com/update-guide/releaseNote/2024-Feb>\n\n[2] <https://www.rapid7.com/blog/post/2024/02/13/patch-tuesday-february-2024/>\n",
    "content_html": "<p><em>History:</em></p><ul><li><em>14/02/2024 --- v1.0 -- Initial publication</em></li></ul><h2 id=\"summary\">Summary</h2><p>On February 13, 2024, Microsoft released its February 2024 Patch Tuesday advisory [1,2], addressing 73 vulnerabilities, two of which are exploited in the wild.</p><p>It recommended applying updates as soon as possible on affected products.</p><h2 id=\"technical-details\">Technical Details</h2><p>Among the 73 vulnerability:</p><ul><li>The vulnerability <strong>CVE-2024-21351</strong>, with a CVSS score of 7.6, is a security feature bypass vulnerability in Windows SmartScreen. An attacker should convince a user to open a malicious file, which could result in bypassing the SmartScreen user experience and potentially code injection into SmartScreen to achieve remote code execution. Microsoft has already seen evidence of exploitation in the wild.</li><li>The vulnerability <strong>CVE-2024-21412</strong>, with a CVSS score of 8.1, is also a security feature bypass vulnerability. An attacker who convinces a user to open a malicious Internet Shortcut file can bypass the typical dialog, which warns that \u201cfiles from the Internet can potentially harm your computer\u201d. Microsoft has already seen evidence of exploitation in the wild.</li><li>The vulnerability <strong>CVE-2024-21413</strong>, with a CVSS score of 9.8, is a critical RCE vulnerability in Office. To exploit this vulnerability, an attacker could craft a malicious link that bypasses the Protected View Protocol, which leads to the leaking of local NTLM credential information and remote code execution (RCE). The Outlook Preview Pane is listed as an attack vector, and no user interaction is required.</li><li>The vulnerability <strong>CVE-2024-21410</strong>, with a CVSS score of 9.8, is a critical elevation of privilege vulnerability in Exchange. An attacker could use NTLM credentials previously acquired via another means to act as the victim on the Exchange server using an NTLM relay attack.</li><li>The vulnerability <strong>CVE-2024-21315</strong>, with a CVSS score of 7.8, is an elevation of privilege vulnerability in Defender for Endpoint Protection. Exploiting this vulnerability, an attacker could gain SYSTEM privileges on the affected asset.</li></ul><h2 id=\"affected-products\">Affected Products</h2><p>Fixes have been released for the following Microsoft products:</p><ul><li>Windows;</li><li>Defender for Endpoint Protection;</li><li>Office;</li><li>Exchange Server;</li><li>Dynamics;</li><li>DotNET;</li><li>Edge;</li><li>Azure.</li></ul><p>The affected versions list is available in the Microsoft advisory [1].</p><h2 id=\"recommendations\">Recommendations</h2><p>It is recommended applying updates as soon as possible.</p><h2 id=\"references\">References</h2><p>[1] <a rel=\"noopener\" target=\"_blank\" href=\"https://msrc.microsoft.com/update-guide/releaseNote/2024-Feb\">https://msrc.microsoft.com/update-guide/releaseNote/2024-Feb</a></p><p>[2] <a rel=\"noopener\" target=\"_blank\" href=\"https://www.rapid7.com/blog/post/2024/02/13/patch-tuesday-february-2024/\">https://www.rapid7.com/blog/post/2024/02/13/patch-tuesday-february-2024/</a></p>",
    "licence": {
        "title": "Creative Commons Attribution 4.0 International (CC-BY 4.0)",
        "link": "https://creativecommons.org/licenses/by/4.0/",
        "restrictions": "https://cert.europa.eu/legal-notice",
        "author": "The Cybersecurity Service for the Union institutions, bodies, offices and agencies"
    }
}