Microsoft releases critical security updates for 73 vulnerabilities, including active Zero-Day threats

In a significant step to strengthen cybersecurity, Microsoft has addressed a total of 73 security vulnerabilities in its latest Patch Tuesday updates for February 2024. Among these, two zero-day flaws that are being actively exploited have called for urgent attention from the tech giant.

Critical Vulnerabilities and Zero-Day Exploits

The updates patch a wide variety of vulnerabilities, with 5 rated critical, 65 important and three moderate in severity. In particular, the Chromium-based Edge browser has received fixes for an additional 24 bugs since the January updates. With special attention are two zero-days that are currently being used:

  • CVE-2024-21351: This zero-day involves a bypass vulnerability in the Windows SmartScreen security feature, rated with a CVSS score of 7.6. Attackers could exploit this flaw to bypass security measures and execute arbitrary code, potentially leading to data breaches or system downtime.
  • CVE-2024-21412: With a CVSS score of 8.1, this vulnerability allows cyber attackers to bypass Internet Shortcut security features, posing significant risk without having to authenticate their actions.
Insight into the exploited vulnerabilities

CVE-2024-21351 marks the second SmartScreen bypass vulnerability discovered after a similar case was patched in November 2023. This flaw has been exploited by various hacker groups to spread malware such as DarkGate and Mispadu. CVE-2024-21412, identified by Trend Micro, allows attackers to evade SmartScreen controls, a critical cybersecurity concern.

Water Hydra, a notorious hacker group, has exploited CVE-2024-21412 in sophisticated attacks targeting the financial sector, underscoring the evolving threats in cybersecurity.

Critical errors and their impacts

Among the patched vulnerabilities, five critical flaws stand out, including vulnerabilities in Windows Hyper-V, Microsoft Dynamics, Exchange Server and Outlook. These vulnerabilities could allow attackers to execute remote code, expose sensitive information, or elevate privileges, posing significant risks to organizations’ cybersecurity.

The wider security landscape

The update also addresses vulnerabilities across a wide range of software and vendors, reflecting the interconnected nature of cybersecurity. Companies such as Adobe, Google and Cisco among others have also released security updates, highlighting the ongoing battle against cyber threats.

Call to action: Increase your cyber security

In light of these updates

companies and individuals are encouraged to quickly apply the latest patches to protect against zero-days and other vulnerabilities. Strengthening your cybersecurity posture is critical in today’s digital era, where threats are constantly evolving. Stay informed, protected and ensure your systems are up to date.

Related articles

Contact us

Cooperate with us to get comprehensive IT security

We will be happy to answer all your questions and help you find the services that best suit your needs.

My advantages:

What happens next?

1

We’ll arrange a call when it’s convenient for you

2

We conduct a discovery and advisory survey

3

We are preparing a proposal

Book a free consultation

Contact EN
First
Last