{"id":52375,"date":"2024-02-15T11:06:07","date_gmt":"2024-02-15T11:06:07","guid":{"rendered":"https:\/\/www.n-able.com\/?p=52375"},"modified":"2024-03-04T14:59:57","modified_gmt":"2024-03-04T14:59:57","slug":"patch-tuesday-february-2024","status":"publish","type":"post","link":"https:\/\/www.n-able.com\/de\/blog\/patch-tuesday-february-2024","title":{"rendered":"Patch Tuesday February 2024: High Impact Exchange Vulnerability Uprated on Day After Release as Exploitation Detected"},"content":{"rendered":"

Microsoft addressed 74 new vulnerabilities this month, two of which were marked as zero-day vulnerabilities that are relatively low impact as they provide bypasses for security flagging features in Windows. The bigger news is a third possible zero-day vulnerability that Microsoft re-categorized one day after release on February 14<\/span>th<\/sup><\/span>, upgrading it from Exploitation More Likely to Exploitation Detected. We\u2019ll get into the semantics of if it really qualifies as a zero-day below, but it should definitely have your attention.<\/span><\/p>\n

\n

Set your sights on the future of the MSP industry with the first ever MSP Horizons Report<\/a>, jointly produced by N\u2011able and international MSP-focused research firm, Canalys\u2026<\/strong>
\n\"\"<\/a><\/p>\n

\n

Microsoft Vulnerabilities <\/span><\/h2>\n

Of the new vulnerabilities addressed this month, five are rated Critical. On the day of release there were only two vulnerabilities that were marked as Exploitation Detected, CVE-2024-21351<\/span><\/a> and CVE-2024-21412<\/span><\/a>. One day later, on February 14<\/span>th<\/sup><\/span>, Microsoft updated CVE-2024-21410<\/span><\/a> to indicate that it \u201cwas aware of exploitation of this vulnerability\u201d by changing it from Exploitation More Likely to Exploitation Detected. As there is no further information about when Microsoft knew it was under active exploitation this could have been just an informational change based on new information provided to Microsoft, or it may have already been known to Microsoft. Either way this makes it a little fuzzy on whether you can call this a zero-day or not. <\/span><\/p>\n

CVE-2024-21412, an Internet Shortcut Files Security Feature Bypass, and CVE-2024-21351, a Windows SmartScreen Security Feature Bypass, were both designated as under active exploitation on the day they were published, so giving them the label of zero-day is fairly cut and dry. While they are under active exploitation, the fact that they are only bypasses of Windows in-built security warning prompts means if you are using a modern endpoint security solution any impact should be mitigated\u2014although not eliminated. <\/span><\/p>\n

However, CVE-2024-21410 is an Exchange Server Elevation of Privilege vulnerability affecting Microsoft Exchange Server 2019 and 2016. This vulnerability is an NTLM hash disclosure that allows an attacker to capture and relay NTLM hashes against an Exchange Server to perform actions as the compromised user. Depending on the user\u2019s permissions and scope of access this could allow an attacker to pivot and further compromise an environment. There is extensive additional information and mitigation instructions available from Microsoft here:<\/span><\/p>\n