InfoSecBulletin Cybersecurity for mankind
Microsoft released updates for 73 vulnerabilities, including two zero-day flaws being actively exploited, which makes for a busy February for system administrators.
In February’s Patch Tuesday update, there were fixes for five critical vulnerabilities and 30 remote code execution flaws. However, the two zero-day vulnerabilities were security feature bypass bugs.
“Forces Penpals” exposed US and UK Military Social Network’s 1 Million Records
CVE-2024-51503
Trend Micro released updates for Deep Security Agent RCE
Apple Releases Patch for two Actively Exploited Zero-Day
Maxar Space Data Leak, Company admit, Investigation ongoing!
GitHub CLI Vulnerability Could Allow RCE
“Sarcoma” ransomware group
Hacker to disclose “Popular Life Insurance” 36 GB of stolen data
BugHunt 2024: A Milestone Cyber security Competition held at Dhaka
TP-Link DHCP Vulnerability Allow Attackers Takeover Routers Remotely
WSJ reports
T-Mobile hacked in massive breach of telecom networks
Palo Alto Networks Confirms critical RCE zero-day actively exploited
The CVE-2024-21412 is related to Internet Shortcut Files and has a CVSS score of 8.1. It is rated as “important” because it requires user interaction to be successful, says Mike Walters, president of Action1.
“In the exploitation scenario, an attacker must send a specifically crafted file to a target user and persuade them to open it, since the attacker cannot compel the user to engage with the malicious content directly,” he explained.
Although the vulnerability was not publicly disclosed, it has been found to be exploitable. It is important for organizations to apply the official patches and updates from Microsoft to fix this vulnerability.
The CVE-2024-21351 zero-day vulnerability bypasses the SmartScreen security feature in Microsoft Defender. Its impact is rated as moderate with a CVSS score of 7.6. Although it’s being exploited, there’s currently no available proof-of-concept, according to Walters.
“For this vulnerability, an attacker must distribute a malicious file to a user and persuade them to open it, allowing them to circumvent the SmartScreen checks and potentially compromise the system’s security,” he added.
Time to Patch Two Critical RCE Bugs:
There are also two important vulnerabilities to be aware of this month, with CVSS scores of 9.8. CVE-2024-21410 allows attackers to act as the victim and perform operations on Microsoft Exchange Server.
“This flaw allows a remote, unauthenticated attacker to relay NTLM (Windows NT Lan Manager) credentials and impersonate other users on the Exchange server,” explained Qualys product manager, Saeed Abbasi.
“The exploitation process involves targeting an NTLM client, such as Outlook, to leak NTLM credentials through a vulnerability. These credentials can then be relayed back to the Exchange server, granting the attacker the same privileges as the victim.”
CVE-2024-21413 There is a serious vulnerability in Office that enables an attacker to make a file open in editing mode, as if the user had given permission to trust the file. The exploit can happen through the Outlook Preview Pane, without requiring any action from the user.
Administrators using Office 2016 should be aware that they need to install five separate patches to fix CVE-2024-21413, if they apply patches outside of Microsoft Update. This was warned by Adam Barnett, lead software engineer at Rapid7.
Individual KB articles indicate that partially patched Office installations will be blocked from starting until the correct patches have been installed.
