11.5 C
Tuesday, February 20, 2024

Microsoft Patch Tuesday For February Addressed Two Zero-Days

Heads up, Microsoft customers! It’s now time to replace your units as Microsoft rolled out its month-to-month Patch Tuesday updates for February 2024. This time, the tech big addressed over 70 completely different vulnerabilities, together with two zero-day flaws.

Microsoft February Patch Tuesday Updates Launched

An important safety fixes within the February 2024 Patch Tuesday replace bundle deal with two Microsoft zero-day vulnerabilities. The tech big described each vulnerabilities as safety function bypass. Particularly, these embody the next.

  • CVE-2024-21412 (CVSS 8.1): An necessary severity vulnerability affecting the Web Shortcut Recordsdata. An adversary may exploit the flaw by tricking the goal consumer into opening a maliciously crafted file designed to bypass displayed safety checks. Microsoft confirmed detecting exploitation makes an attempt for this flaw prior public disclosure.
  • CVE-2024-21351 (CVSS 7.6): A reasonable severity vulnerability affecting Home windows SmartScreen, compromising the Mark of the Net function. An adversary may exploit the flaw by tricking the goal consumer into opening a maliciously crafted file that might bypass Home windows SmartScreen. As soon as carried out, the attacker may achieve code execution on the goal system. The tech big confirmed detecting lively exploitation of this vulnerability as nicely.

Moreover these noteworthy safety fixes, Microsoft launched patches for 3 important severity vulnerabilities. These embody CVE-2024-21380 (CVSS 8.0) – an info disclosure flaw affecting the Microsoft Dynamics Enterprise Central/NAV, CVE-2024-21357 (CVSS 7.5) – a distant code execution vulnerability within the Home windows Pragmatic Normal Multicast (PGM), and CVE-2024-20684 (CVSS 6.5) – a Home windows Hyper-V denial of service vulnerability.

As well as, the February Patch Tuesday replace bundle addressed 66 different vulnerabilities, together with 59 necessary severity points and two reasonable severity flaws. Furthermore, the replace bundle additionally contains quite a few safety fixes from third events, facilitating customers to patch their units accordingly.

Whereas these updates would mechanically attain all eligible units, customers ought to nonetheless verify for any updates manually to obtain all bug fixes in time.

Tell us your ideas within the feedback.

Latest news
Related news


Please enter your comment!
Please enter your name here