InfoSecBulletin Cybersecurity for mankind
Microsoft released updates for 73 vulnerabilities, including two zero-day flaws being actively exploited, which makes for a busy February for system administrators.
In February’s Patch Tuesday update, there were fixes for five critical vulnerabilities and 30 remote code execution flaws. However, the two zero-day vulnerabilities were security feature bypass bugs.
Cisco released security updates for two critical security flaws
OpenBAS: Cutting-edge breach and attack simulation platform
Critical Security Flaws Patched in Zyxel Networking Devices
CVE-2024-38811: CEV In VMware Fusion Unveiled
CERT-IN Warns Vulnerabilities in Palo Alto Networks applications
How Malaysia’s Data Centre Industry Poised for Growth
RansomHub exfiltrated data over 210 victims: US alert
Godzilla Fileless Backdoor Exploits Atlassian Confluence flaw
New Cicada ransomware targets VMware ESXi servers
Monday hits two UK bank apps causes outages
The CVE-2024-21412 is related to Internet Shortcut Files and has a CVSS score of 8.1. It is rated as “important” because it requires user interaction to be successful, says Mike Walters, president of Action1.
“In the exploitation scenario, an attacker must send a specifically crafted file to a target user and persuade them to open it, since the attacker cannot compel the user to engage with the malicious content directly,” he explained.
Although the vulnerability was not publicly disclosed, it has been found to be exploitable. It is important for organizations to apply the official patches and updates from Microsoft to fix this vulnerability.
The CVE-2024-21351 zero-day vulnerability bypasses the SmartScreen security feature in Microsoft Defender. Its impact is rated as moderate with a CVSS score of 7.6. Although it’s being exploited, there’s currently no available proof-of-concept, according to Walters.
“For this vulnerability, an attacker must distribute a malicious file to a user and persuade them to open it, allowing them to circumvent the SmartScreen checks and potentially compromise the system’s security,” he added.
Time to Patch Two Critical RCE Bugs:
There are also two important vulnerabilities to be aware of this month, with CVSS scores of 9.8. CVE-2024-21410 allows attackers to act as the victim and perform operations on Microsoft Exchange Server.
“This flaw allows a remote, unauthenticated attacker to relay NTLM (Windows NT Lan Manager) credentials and impersonate other users on the Exchange server,” explained Qualys product manager, Saeed Abbasi.
“The exploitation process involves targeting an NTLM client, such as Outlook, to leak NTLM credentials through a vulnerability. These credentials can then be relayed back to the Exchange server, granting the attacker the same privileges as the victim.”
CVE-2024-21413 There is a serious vulnerability in Office that enables an attacker to make a file open in editing mode, as if the user had given permission to trust the file. The exploit can happen through the Outlook Preview Pane, without requiring any action from the user.
Administrators using Office 2016 should be aware that they need to install five separate patches to fix CVE-2024-21413, if they apply patches outside of Microsoft Update. This was warned by Adam Barnett, lead software engineer at Rapid7.
Individual KB articles indicate that partially patched Office installations will be blocked from starting until the correct patches have been installed.
