Microsoft Security Bulletin Coverage for February 2024
Overview
Microsoft’s February 2024 Patch Tuesday has 72 vulnerabilities – 30 of which are Remote Code Execution. The vulnerabilities can be classified into the following categories:
- 30 Remote Code Execution Vulnerabilities
- 17 Elevation of Privilege Vulnerabilities
- 10 Spoofing Vulnerabilities
- 8 Denial of Service Vulnerabilities
- 4 Information Disclosure Vulnerabilities
- 3 Security Feature Bypass Vulnerabilities
Figure 1: Breakdown by category
SonicWall Capture Labs threat research team has analyzed and addressed Microsoft’s security advisories for the month of February 2024 and has produced coverage for 7 of the reported vulnerabilities.
Vulnerabilities with Detections
CVE-2024-21338 Windows Kernel Elevation of Privilege Vulnerability
- ASPY 530 Exploit-exe exe.MP_365
CVE-2024-21345 Windows Kernel Elevation of Privilege Vulnerability
- ASPY 534 Exploit-exe exe.MP_368
CVE-2024-21346 Win32k Elevation of Privilege Vulnerability
- ASPY 539 Exploit-exe exe.MP_369
CVE-2024-21357 Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability
- ASPY 532 Exploit-exe exe.MP_367
CVE-2024-21371 Windows Kernel Elevation of Privilege Vulnerability
- ASPY 531 Exploit-exe exe.MP_366
CVE-2024-21379 Microsoft Word Remote Code Execution Vulnerability
- ASPY 533 Malformed-pdf pdf.MP_219
CVE-2024-21412 Internet Shortcut Files Security Feature Bypass Vulnerability
- ASPY 540 Malformed-jpg jpg.MP_23
CVE-2024-21413 Microsoft Outlook Remote Code Execution Vulnerability
- IPS 4305 Microsoft Outlook MONIKERLINK Security Feature Bypass
- IPS 4307 Microsoft Outlook MONIKERLINK Security Feature Bypass 2
Adobe Coverage
CVE-2024-20748 Acrobat Reader Out-of-bounds Read
- ASPY 535 Malformed-pdf pdf.MP_220
CVE-2024-20736 Acrobat Reader Out-of-bounds Read
- ASPY 536 Malformed-pdf pdf.MP_221
CVE-2024-20726 Acrobat Reader Out-of-bounds Write
- ASPY 537 Malformed-pdf pdf.MP_222
CVE-2024-20747 Acrobat Reader Out-of-bounds Read
- ASPY 538 Malformed-pdf pdf.MP_223
Remote Code Execution Vulnerabilities
CVE-2024-20667 Azure DevOps Server Remote Code Execution Vulnerability
CVE-2024-20673 Microsoft Office Remote Code Execution Vulnerability
CVE-2024-21339 Windows USB Generic Parent Driver Remote Code Execution Vulnerability
CVE-2024-21341 Windows Kernel Remote Code Execution Vulnerability
CVE-2024-21347 Microsoft ODBC Driver Remote Code Execution Vulnerability
CVE-2024-21349 Microsoft ActiveX Data Objects Remote Code Execution Vulnerability
CVE-2024-21350 Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
CVE-2024-21352 Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
CVE-2024-21353 Microsoft WDAC ODBC Driver Remote Code Execution Vulnerability
CVE-2024-21357 Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability
CVE-2024-21358 Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
CVE-2024-21359 Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
CVE-2024-21360 Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
CVE-2024-21361 Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
CVE-2024-21363 Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability
CVE-2024-21365 Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
CVE-2024-21366 Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
CVE-2024-21367 Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
CVE-2024-21368 Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
CVE-2024-21369 Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
CVE-2024-21370 Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
CVE-2024-21372 Windows OLE Remote Code Execution Vulnerability
CVE-2024-21375 Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
CVE-2024-21376 Microsoft Azure Kubernetes Service Confidential Container Remote Code Execution Vulnerability
CVE-2024-21378 Microsoft Outlook Remote Code Execution Vulnerability
CVE-2024-21379 Microsoft Word Remote Code Execution Vulnerability
CVE-2024-21384 Microsoft Office OneNote Remote Code Execution Vulnerability
CVE-2024-21391 Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
CVE-2024-21413 Microsoft Outlook Remote Code Execution Vulnerability
CVE-2024-21420 Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
Elevation of Privilege Vulnerabilities
CVE-2024-21304 Trusted Compute Base Elevation of Privilege Vulnerability
CVE-2024-21315 Microsoft Defender for Endpoint Protection Elevation of Privilege Vulnerability
CVE-2024-21329 Azure Connected Machine Agent Elevation of Privilege Vulnerability
CVE-2024-21338 Windows Kernel Elevation of Privilege Vulnerability
CVE-2024-21345 Windows Kernel Elevation of Privilege Vulnerability
CVE-2024-21346 Win32k Elevation of Privilege Vulnerability
CVE-2024-21354 Microsoft Message Queuing (MSMQ) Elevation of Privilege Vulnerability
CVE-2024-21355 Microsoft Message Queuing (MSMQ) Elevation of Privilege Vulnerability
CVE-2024-21364 Microsoft Azure Site Recovery Elevation of Privilege Vulnerability
CVE-2024-21371 Windows Kernel Elevation of Privilege Vulnerability
CVE-2024-21374 Microsoft Teams for Android Information Disclosure
CVE-2024-21397 Microsoft Azure File Sync Elevation of Privilege Vulnerability
CVE-2024-21401 Microsoft Entra Jira Single-Sign-On Plugin Elevation of Privilege Vulnerability
CVE-2024-21402 Microsoft Outlook Elevation of Privilege Vulnerability
CVE-2024-21403 Microsoft Azure Kubernetes Service Confidential Container Elevation of Privilege Vulnerability
CVE-2024-21405 Microsoft Message Queuing (MSMQ) Elevation of Privilege Vulnerability
CVE-2024-21410 Microsoft Exchange Server Elevation of Privilege Vulnerability
Denial of Service Vulnerabilities
CVE-2024-20684 Windows Hyper-V Denial of Service Vulnerability
CVE-2024-21342 Windows DNS Client Denial of Service Vulnerability
CVE-2024-21343 Windows Network Address Translation (NAT) Denial of Service Vulnerability
CVE-2024-21344 Windows Network Address Translation (NAT) Denial of Service Vulnerability
CVE-2024-21348 Internet Connection Sharing (ICS) Denial of Service Vulnerability
CVE-2024-21356 Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability
CVE-2024-21386 .NET Denial of Service Vulnerability
CVE-2024-21404 .NET Denial of Service Vulnerability
Information Disclosure Vulnerabilities
CVE-2024-20695 Skype for Business Information Disclosure Vulnerability
CVE-2024-21340 Windows Kernel Information Disclosure Vulnerability
CVE-2024-21377 Windows DNS Information Disclosure Vulnerability
CVE-2024-21380 Microsoft Dynamics Business Central/NAV Information Disclosure Vulnerability
Spoofing Vulnerabilities
CVE-2024-20679 Azure Stack Hub Spoofing Vulnerability
CVE-2024-21327 Microsoft Dynamics 365 Customer Engagement Cross-Site Scripting Vulnerability
CVE-2024-21328 Dynamics 365 Sales Spoofing Vulnerability
CVE-2024-21381 Microsoft Azure Active Directory B2C Spoofing Vulnerability
CVE-2024-21389 Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability
CVE-2024-21393 Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability
CVE-2024-21394 Dynamics 365 Field Service Spoofing Vulnerability
CVE-2024-21395 Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability
CVE-2024-21396 Dynamics 365 Sales Spoofing Vulnerability
CVE-2024-21406 Windows Printing Service Spoofing Vulnerability
Security Feature Bypass Vulnerabilities
CVE-2024-21351 Windows SmartScreen Security Feature Bypass Vulnerability
CVE-2024-21362 Windows Kernel Security Feature Bypass Vulnerability
CVE-2024-21412 Internet Shortcut Files Security Feature Bypass Vulnerability
