CxoToday
CxoToday
HomePress ReleaseFebruary 2024 Patch Tuesday: Comment from Satnam Narang, Senior Staff Research Engineer, Tenable
Press Release

February 2024 Patch Tuesday: Comment from Satnam Narang, Senior Staff Research Engineer, Tenable

CXOtoday News DeskCXOtoday News Desk
“Microsoft patched 73 CVEs in its February 2024 Patch Tuesday release including two zero-day vulnerabilities exploited in the wild.

CVE-2024-21351 is a security feature bypass vulnerability in Windows SmartScreen. It was exploited in the wild as a zero-day, though we don’t have any specific insights into in-the-wild exploitation. What we know is that exploitation requires an attacker to use social engineering to convince a potential victim to open a malicious file. This is the fifth vulnerability in Windows SmartScreen patched since 2022 and all five have been exploited in the wild as zero-days. They include CVE-2022-44698 in December 2022, CVE-2023-24880 in March 2023, CVE-2023-32049 in July 2023 and CVE-2023-36025 in November 2023.

CVE-2024-21412 is a security feature bypass vulnerability in Internet Shortcut Files and it was also exploited in the wild as a zero-day. Like CVE-2024-21351, exploitation of this flaw requires an attacker to use social engineering to convince their intended target to open a malicious shortcut file. Specific details around this vulnerability weren’t available at the time Patch Tuesday was released, but it is credited to several researchers, so it’s possible details may emerge soon enough about the in-the-wild exploitation.

CVE-2024-21410 is an elevation of privilege vulnerability in Microsoft Exchange Server. This flaw is more likely to be exploited by attackers according to Microsoft. Exploiting this vulnerability could result in the disclosure of a targeted user’s Net-New Technology LAN Manager (NTLM) version 2 hash, which could be relayed back to a vulnerable Exchange Server in an NTLM relay or pass-the-hash attack, which would allow the attacker to authenticate as the targeted user.

We know that flaws that can disclose sensitive information like NTLM hashes are very valuable to attackers. A Russian-based threat actor leveraged a similar vulnerability to carry out attacks – CVE-2023-23397 is an Elevation of Privilege vulnerability in Microsoft Outlook patched in March 2023.

It is extremely important that organizations that use Microsoft Exchange Server apply the latest patches as they are a frequent target by attackers. Microsoft notes that prior to its Exchange Server 2019 Cumulative Update 14 (CU14), a security feature called Extended Protection for Authentication (EPA), which provides NTLM credential relay protections, was not enabled by default. Going forward, CU14 enables this by default on Exchange servers, which is why it is important to upgrade.” – Satnam Narang, Senior Staff Research Engineer, Tenable

Tags :Tenable
add a comment

You Might Also Like

CxoToday
CXOtoday is a premier resource on the world of IT, relevant to key business decision makers. We offer IT perspective & news to the C-suite audience. We also provide business and technology news to those who evaluate, invest, and manage the IT infrastructure of organizations. CXOtoday has a well-networked and strong community that encourages discussions on what’s happening in the world of IT and its impact on businesses.

Useful Links

Information

Connect

Facebook Twitter Linkedin

Copyright © 2024 Trivone. All Rights Reserved.

channeltimes
Techtree
SupportBiz
khelnama