Customers receive 72 patches on February’s Patch Tuesday.

After a light start to the year, February delivered 72 patches and 21 advisories to Microsoft customers. The CVEs addressed in this month’s Patch Tuesday release included 43 for Windows. Twelve other product groups or tools are also affected. Of the CVEs addressed, five are considered Critical in severity by Microsoft, these affect Windows, Office, Exchange, and Dynamics 365.

At patch time, two of the issues are known to be under exploit in the wild, and none has been publicly disclosed. ( However, one of the advisory items most certainly has, more on that in a minute. ) Eight of the addressed vulnerabilities in Windows, Office, and Exchange ( including a Critical- severity elevation- of- privilege issue with an attention- getting 9.8 CVSS base score ) are by the company’s estimation more likely to be exploited in the next 30 days. Six of the issues addressed are covered by Protections for Sophos, and we include information on those in a table below.

In addition to these patches the release included information on six Chromium/Edge- related CVEs, including an RCE that could lead to sandbox escapes, one MITRE- issued CVE concerning a DNS issue that could lead to denial of service, one Github- issued CVE addressing the recent CVE- 2024- 21626″ Leaky Vessel” issue affecting Mariner, disclosed in a lengthy public post by Snyk two weeks ago and patched by various other affected companies since then, and 13 Adobe advisories, all related to Acrobat Reader.

We do n’t include advisories in the CVE counts and graphics below, but we provide information on everything in an appendix at the end of the article. We are as usual including at the end of this post three other appendices listing all Microsoft’s patches, sorted by severity, by predicted exploitability, and by product family.

• Total Microsoft CVEs: 72
• Total Adobe advisories covered in update: 13
• Total Edge / Chromium issues covered in update: 6
• Total Mariner advisories covered in update: 1
• Total MITRE advisories covered in update: 1
• Publicly disclosed: 0
• Exploited: 2
• Severity
  • Critical: 5
  • Important: 65
  • Moderate: 2
• Impact
  • Execution of remote code: 30
  • Privilege Elevation: 16
  • 10 Spoofing
  • Service Denial: 8
  • Disclosure of Information: 5
  • Bypass for security features: 3

Figure 1: Following January’s significant month for information disclosure bugs, a plethora of OLE-related fixes restored remote code execution for February.

Products

• 43 Windows
• Azure 8.
• 8 Dynamics 365
• Office 5.
• NET: 1.
• ASPNET: 1. (shared with Visual Studio)
• 1 Defender
• Azure AD: 1 entra
• 1 exchange
• Outlook 1 365
• Skype: 1
• Android teams: 1
• ( Shared with ASP) Visual Studio: 1. ( NET )

Figure 2: Due in part to numerous fixes for Windows Defender Application Control ( WDAC ), this month has been very Windows-heavy.

Notable updates from February

A few specific things, in addition to the ones already covered, are important to note.

CVE: 2024: 21350, 21342, 21358, 2025: 21369, CAVE: 2248, 20-24: 21471, 22361, 2026: 20, 24, 21378, 2127, 21, and 21375 are all examples of Cves that are included in this list.

For SQL Server Remote Code Execution Vulnerability, Microsoft WDAC OLE DB provider

fifteen CVEs with a common name, severity ( Important ), impact (RCE), high CVSS base score ( 8.8 ), and finder non-identification ( Microsoft credits all 15 to” Anonymous” ) One more ( but related ) person is with them. Vulnerability of Microsoft WDAC ODBC Driver Remote Code Execution is the only difference between the number and name of the patch, which is CVE-2024-21353.

CVE-2024-21404
Increased Privilege Vulnerability in the Microsoft Entra Jira Single-Sign-OnPlugin

This extra-spicy EoP only receives an significant severity rating from Microsoft, but the Azure AD Jira SSO plugin is the target of its base CVSS, which is a critical level9.8. Importantly, the attacker can update the Entra ID SAML metadata and information for the plugin, changing the application’s authentication as they see fit, without even having to authenticate in order to cause trouble. All it takes is a script to access the targeted Jira server. The fix is a 1.1.2 update that can be downloaded from the Atlassian Marketplace or the Microsoft Download Center.

CVE-2024-21410
Privilege Vulnerability Increased on Microsoft Exchange Server

A NTLM relay ( pass-the-hash ) vulnerability is the other CVE this month with a 9.8CVSS. It might enable an attacker to authenticate as the user by relaying their leaked Net-NTLMv2 hash against a weak Exchange Server. It has an impact on several versions, including Exchange Server 2016 ( cumulative update 23 ), 2019, cumulative update 13, and 2019. Microsoft’s Exchange Team Blog has more information, but keep in mind that it thinks this one will be used more frequently in the coming 30 days.

CVE-2024-21378
Vulnerability of Microsoft Outlook Remote Code Execution

This significant-severity RCE uses Preview Pane as an attack vector, and according to Microsoft, exploitation is more likely to occur within the next 30 days. The competition has begun.

CVE-2024-21374
Android Information Disclosure Microsoft Teams

Google Play has a patch for this significant-severity information disclosure problem.

With only 120 patches so far, Figure 3: 2024’s totals are significantly behind those of previous years. ( 173 patches were released in the first two months of 2023, followed by 154, 139, 2021, and 150 in 2020. )

Protections for Sophos

You can manually download Microsoft updates from the Windows Update Catalog website each month if you do n’t want to wait for your computer to automatically remove them. The winver should be run. Download the Cumulative Update package for the architecture and build number of your particular system after using the exe tool to find out which version of Windows 10 or 11 you are using.

Impact and severity of vulnerability are discussed in Appendix A.

Here is a list of February patches, arranged in terms of severity and impact. CVE further organizes each list.

Execution of remote code ( 30 CVEs )

Privilege Elevation ( 16 CVEs )

Spoofing ( 10 CVEs )

Service Denial ( 8 CVEs )

Information disclosure ( 5 CVEs )

Bypass for security features ( 3 CVEs )

Exploitability in Appendix B

This is a list of the February CVEs that Microsoft believes are either already actively exploited in the wild or are more likely to be so within the first 30 days of release. CVE further organizes each list.

Products Affected by &nbsp, Appendix C

Here is a list of February’s patches, broken down by severity and product family. CVE further organizes each list. Each product family receives a separate listing of the patches that are shared among them.

( 43 CVEs ) Windows

( 8 CVEs ) Azure

8 CVEs of Dynamics 365

Office 5CVEs

Shared with Visual Studio is.NET ( 1 CVE ).

ASP. CVE ( 1 NET )

Defender ( CVE )

( CVE )Entra

( 1 CVE ) Exchange

CVE version of Outlook 365

CVE Skype

Android Teams ( 1 CVE )

Shared with ASP is Visual Studio ( 1 CVE ). ( NET )

Advisories and Other Products, Appendix D

Sorted by product, this is a list of advisories and details on additional pertinent CVEs from the February Microsoft release.

Relevant to Chromium/Edge ( 6 CVEs )

Relevant to Windows ( one CVE, non-Microsoft release )

Relevant to Adobe ( 13 CVEs )

VulnScan – Automated Triage and Root Cause Analysis of Memory Corruption Issues

Best practices for Azure

Microsoft distributes patches for 73 flaws, including two days of Windows Zero

Reducing hardware vulnerabilities

The first Patch Tuesday of 2024 takes small steps(Opens in a new browser tab)