InfoSecBulletin Cybersecurity for mankind
Microsoft released updates for 73 vulnerabilities, including two zero-day flaws being actively exploited, which makes for a busy February for system administrators.
In February’s Patch Tuesday update, there were fixes for five critical vulnerabilities and 30 remote code execution flaws. However, the two zero-day vulnerabilities were security feature bypass bugs.
CVSS 10.0 Flaw
Critical flaw in Siemens OZW Web Servers Enable Unauthenticated RCE
Microsoft Patch Tuesday May 2025: 72 flaws, 5 Actively Exploited Zero-Day
OTP glitch disrupted NID services across the country
Google to pay Texas $1.4 billion for location tracking practices
YouTube geo-blocks at least 4 Bangladeshi TV channels in India
Microsoft Patches Four Critical Azure and Power Apps Vulns
Qilin Ransomware topped April 2025 with 45+ data leak disclosures
SonicWall Patches 3 Flaws in SMA 100 Devices
Top Ransomware Actively Attacking Financial Sector: 406 Incidents Disclosed
Critical (CVSS 10) Flaw in Cisco IOS XE WLCs Allows RRA
The CVE-2024-21412 is related to Internet Shortcut Files and has a CVSS score of 8.1. It is rated as “important” because it requires user interaction to be successful, says Mike Walters, president of Action1.
“In the exploitation scenario, an attacker must send a specifically crafted file to a target user and persuade them to open it, since the attacker cannot compel the user to engage with the malicious content directly,” he explained.
Although the vulnerability was not publicly disclosed, it has been found to be exploitable. It is important for organizations to apply the official patches and updates from Microsoft to fix this vulnerability.
The CVE-2024-21351 zero-day vulnerability bypasses the SmartScreen security feature in Microsoft Defender. Its impact is rated as moderate with a CVSS score of 7.6. Although it’s being exploited, there’s currently no available proof-of-concept, according to Walters.
“For this vulnerability, an attacker must distribute a malicious file to a user and persuade them to open it, allowing them to circumvent the SmartScreen checks and potentially compromise the system’s security,” he added.
Time to Patch Two Critical RCE Bugs:
There are also two important vulnerabilities to be aware of this month, with CVSS scores of 9.8. CVE-2024-21410 allows attackers to act as the victim and perform operations on Microsoft Exchange Server.
“This flaw allows a remote, unauthenticated attacker to relay NTLM (Windows NT Lan Manager) credentials and impersonate other users on the Exchange server,” explained Qualys product manager, Saeed Abbasi.
“The exploitation process involves targeting an NTLM client, such as Outlook, to leak NTLM credentials through a vulnerability. These credentials can then be relayed back to the Exchange server, granting the attacker the same privileges as the victim.”
CVE-2024-21413 There is a serious vulnerability in Office that enables an attacker to make a file open in editing mode, as if the user had given permission to trust the file. The exploit can happen through the Outlook Preview Pane, without requiring any action from the user.
Administrators using Office 2016 should be aware that they need to install five separate patches to fix CVE-2024-21413, if they apply patches outside of Microsoft Update. This was warned by Adam Barnett, lead software engineer at Rapid7.
Individual KB articles indicate that partially patched Office installations will be blocked from starting until the correct patches have been installed.
